But what protects against the dangers? Unfortunately, there is - as yet - no patent recipe. Cybercrime is comparable to a flu virus. If you have the right defence, your health is (quite) safe, but if the immune system has a leak, your health protection cannot function effectively. The situation is similar on this issue. Every company wonders whether and to what extent defence needs to be strengthened. In general, it is essential for every company to protect itself against cyber-attacks and not to wait and see whether something will happen at some point. But one should also not 'over-vaccinate' and ultimately protect oneself from potential customers through too many preventive measures.
In the course of digitalization, the fields of attack have shifted significantly, and the volume has increased. Sabotage, data theft - statistically every second company has become a victim of industrial espionage in the past two years. In order to ward off cyber-attacks or at least limit the damage, companies need integrated solutions that recognize the real threats in principle in real time and take specific measures to ward them off.
Resilience as an increasingly important key factor
However, as with flu infections, attack scenarios and opportunities have changed. Many attacks are executed via Ransomware, data scan, etc. from the inside, directly from the company. The attackers no longer try to penetrate through the protection mechanisms in order to attack a system from the outside or infiltrate viruses, but rather to find an internal way to act quasi undisturbed. The identification of these attacks requires a very sensitive and agile security.
Many IT decision-makers are increasingly focusing their security measures on adapting the security architecture and less on setting up new IT security strategies. Instead, they are busy implementing new security tools. In many cases, management is trying to anchor the issue of cyber security more firmly in the corporate strategy. This often fails because they do not have sufficient insight into the actual IT processes to set up a far-reaching reorientation on their own.
In its current report on IT security, the German Federal Office for Information Security (BSI) has pointed out an important point: The increasingly important key factor of resilience. Incident training is an important factor here, and both corporations and large companies as well as SMEs should put this on their agenda when planning their IT security measures.
Cyber-resilience means the ability to adapt to and counteract malicious cyber incidents. Regardless of whether incidents were intentional or unintentional, or triggered by employees or third parties. Cyber-resilience is primarily about securing operations and business processes during an attack.
Where is the needle in the haystack of recruitment?
Recruiting the right experts for these issues is often difficult. It takes people with broad skills, extensive knowledge of business processes and forensics. In addition, they must also be technically fit and not just look through the possible 'damage glasses', but also keep an eye on the economic extent of potential attack scenarios.
In addition to the knowledge in the field of encryption with a mathematical focus and a technical degree, a sound professional experience in IT security (Threat Response/Analysis and Intelligence), CERT, conception of intrusion detection and prevention systems is required. Equally important prerequisites are solid knowledge in the fields of infrastructure, system architecture, IT security and forensics as well as business and process analysis. By anticipating and reacting at short notice to unwanted incidents - both internal and external attacks - the reaction time is to be shortened and the impact on the company is to be reduced in order to ensure business continuity.
There is no ideal way to recruit experts in the field of cyber security and cyber resilience. So far, companies have made only limited compromises in the recruitment of suitable employees in the IT security sector. It is highly advisable for employers to make concessions and not insist on a 100% fit.
Conclusion: Resquest of a fine spirit and agility
Based on our experience as a personnel consultancy that works regularly with various clients in the cyber-security environment, it is advisable not only to focus on candidates with experience in IT and forensics when placing suitable employees in the security sector. Industry knowledge is very important, especially with regard to cyber-resilience, in order to also have an understanding of internal procedures and processes. Atypical actions or irregularities are only noticed if a normal process is known. Here, no pure IT or forensic skills are used; in the end, a pronounced fine spirit and agility are required in order to react adequately.
Author:
Martin Krill has been working for Hager Unternehmensberatung for nearly 20 years and was appointed Managing Director in 2004. He fills senior sales and management positions in the technology industry and in other selected industries.