The cyber security skills your business needs

An abstract image showing a digital padlock on a blue and black futuristic platform
(Image credit: Getty Images)

Cyber security has become a vital part of any business plan. Even the smallest business needs to have the appropriate policies and methodologies in place for protecting their data as best they can.

To achieve this, every business needs access to a variety of cyber security skills, whether that's through hired staff or trusted partners.

Minimizing the threat surface only goes so far. As businesses grow, through opening new offices and new staff joining, so too does the potential threat surface, especially with expanding network coverage and new cloud systems being incorporated.

Given the multitude of online threats facing modern businesses, it can be easy to be overwhelmed by the many different types of security required. Cyber attacks are inevitable; but, with the appropriate skillsets in place, it is possible to take advantage of the opportunities offered online whilst protecting data and mitigating the risk of attack.

The cyber security skills every business needs

Ethical hacking

A businessman looking at a tablet in front of an abstract background of blue lines and dots

(Image credit: Getty)

One of the most effective ways to gain a granular understanding of a business' threat posture is to use ethical hacking. An ethical hacker’s job is to assume the role of an offensive hacker and probe a business’ IT estate for vulnerabilities and attack paths so these can be fixed or otherwise mitigated.

The skill set of an ethical hacker can prove invaluable to organisations. The value to be had is not just in spotting security issues; the deep understanding of computer systems required to do the job can help when building new products like apps, for example, and they can be built securely from the outset.

It's important to note that ethical hacking is more than just penetration testing. While penetration testing assesses the technical elements of a system, and is a central component of many cyber security strategies, ethical hacking considers all parts of a business, including soft-skills and the security culture.

Ethical hacking essentially acts as a live-fire training exercise of what could happen during a targeted attack, giving valuable experience to IT teams and identifying potential vulnerabilities in the threat posture. This can involve conducting genuine phishing attempts against staff to see if the organisation’s access management rules are robust enough. It can also involve testing the physical security of the office itself.

RELATED RESOURCE

The business leader’s guide to digital worker technology for improving productivity whitepaper

(Image credit: IBM)

Turn your workforce into a talent force

DOWNLOAD NOW

Ethical hacking can be performed in-house by your own Red Team – a group of employees tasked with pretending to be adversaries – but for an optimum understanding of the response to a breach, an external testing team can be covertly contracted.

How far you go with ethical hacking will largely be a question of resources, as there really is no limit to what you can learn about your own systems. That said, ethical hacking does involve misleading employees, and so each business will need to assess what is reasonable.

Network security

A digital purple cloud connected to cubes by lines to symbolise a business network

(Image credit: Getty Images)

Modern businesses rely on their networks, and so strong network security is fundamental. With the types of available network tools increasing and more devices being connected to networks, it's imperative that the appropriate security technologies are in place to protect the flow of data.

Administrating access controls is an essential part of network security. Access rights ensure each user and device has the appropriate level of access and that data are protected against potential threats, both malicious and accidental. The concept that governs this the information security principle of 'Least Privilege' – the idea that employees should only be given access to the data they need to perform their jobs effectively. Anyone who works outside of HR, for example, shouldn’t be able to access HR files, while those who work in the finance department are the only ones who should be able to access payroll data.

Administrators will be pleased to know that there are plenty of tools to choose from to help them adopt these policies. This includes firewalls, VPNs (virtual private networks), or even the fancy new machine learning algorithms which can identify when a device or user is acting strangely and automatically cut it off from the network. Machine learning is also being deployed in firewalls to make web application firewall (WAF) tools. WAFs help to create an extra barrier to prevent hackers from targeting your apps, although they aren’t intelligent enough yet to determine whether users are humans or machines.

Cloud security

Five cloud symbols on a blue background signifying multi-cloud approach

(Image credit: Getty Images)

The Cloud has become a ubiquitous part of the modern enterprise environment, whether it is online storage or leasing additional processing power through cloud computing. That said, while IaaS providers take steps to maintain data integrity, looking after your own data is your responsibility, not the cloud storage provider's.

Not all cloud providers are the same. Although the core services they offer are broadly the same, they offer different functionalities and levels of protection, based upon the service subscription. Part of the cloud security skill is being able to curate the different cloud services, choosing which is the most appropriate for the business and its objectives.

However, cloud security is a highly technical skill that requires an in-depth understanding of how the cloud operates and remains one of the hardest skillsets to find.

Among the cloud security threats is poor identity management, as hackers may mask themselves as legitimate users in order to access, modify and delete data.

Another is poorly-secured cloud apps. Most apps and cloud services use APIs to communicate and transfer data. This means the security of the API directly affects a cloud service's security. The chance of a data breach increases when third parties are granted access to APIs.

Institutions such as SANS and CSA offer cloud security certifications for professionals to increase their skill sets in this area.

Risk management

A man in a modern office pointing to a board covered in multi-coloured sticky notes

(Image credit: Getty Images)

Risk management is a necessary part of cyber security. Risk is a combination of the likelihood of something happening and the impact it would have.

Having the appropriate strategies and planned response for cyber incidents forms the foundation of any strong risk strategy, which should incorporate prevention (reducing risk), resolution (response during an incident) and restitution (post-incident actions).

With limited resources, escalating threats and a plethora of security technologies being marketed, businesses need to carefully consider the most effective investments for their IT budget. This requires an innate understanding of the risks facing the core functionality of the business.

A background in risk management offers the capacity for in-depth risk analysis for the threats a business is facing and their potential vulnerabilities. This skillset enables businesses to carefully balance the needs of maintaining operations against potential risks within the IT budget.

Patching and software management

A close up of a button labelled 'update' on a blue computer screen

(Image credit: Getty Images)

Ensuring software is up to date and secure is vital for maintaining a robust security posture, as known vulnerabilities are quickly exploited by threat actors. It can often be seen as an ever-escalating arms race between hackers and patchers.

The instinctive response when a new patch is released might be to immediately deploy it, but this can negatively impact the business by overloading the network or losing functionality. New products and services that can be used to maintain competitiveness need to be deployed, but without disrupting ongoing business operations.

Lines of blue computer code next to a blue digital render of a human face

(Image credit: Getty Images)

How AI is changing patch management

For networks that incorporate modified, specialist or bespoke systems, it can be prudent to test an update in advance by virtually deploying it in a sandbox environment. Doing so enables administrators to test whether the patch will adversely impact any systems within the network.

Patching and software deployment need to be considered in association with maintaining business operations, usually by scheduling them during out of normal business hours. However, this can be complicated when there are multiple sites in different time zones. Thus, software management is just a much a collaboration between security and business operations as it is a skill in coordinating updates.

Big data analysis

A CGI image of cubes rippling at slightly varying heights, each marked with a '1', a '0', or the image of an orange padlock to represent data security. It is lit in blue and purple light.

(Image credit: Getty Images)

IT teams are bombarded with information generated by a multitude of security systems, which can quickly become overwhelming and potentially lead to valuable insights being missed.

Being able to curate the diverse information streams and prioritize critical information is therefore a key skill. A single incident on its own may be negligible, but when the same incident keeps repeating, then action may need to be taken. It's important security teams are able to effectively analyze the data and provide a rapid response to escalating threats.

Big data analysis is particularly effective at identifying advanced persistent threats (APTs), as there are often massive amounts of data to analyze for abnormalities. With big data analysis, APTs will be spotted sooner, allowing the mitigation of the potential damage they may cause.

Non-technical skills

Due to the highly technical nature of IT, there can be a rift between IT departments and the rest of the business. The weakest link within a business’s security posture is often the people, most commonly through unsecure devices and phishing attacks.

However, robust security posture is not just dependent upon technical skills, but also upon communication and collaboration. There needs to be clear exchange between all stakeholders to ensure an understanding of security needs.

Being able to communicate the need for IT security in an easy-to-understand format is a crucial skill for encouraging a culture of security awareness. This could be through presenting seminars on pro-active security skills or orchestrating security exercises to educate staff and identify those who may need further training.

Networking with others within the security sphere is also useful for being forewarned of emerging trends and potential threats.

Governance & compliance

The past few years have witnessed a swathe of security legislation around the world, especially in regard to data security. Although the EU’s General Data Protection Regulation has become the default standard for data protection, there are variations between different legislations, which can cause lengthy data sharing issues for unprepared businesses.

Export control regulations need to be followed, especially for third-party providers that offer services to both sensitive and non-sensitive business sectors.

Knowledge of IT governance enables businesses to have an innate understanding of the legislative requirements that applies to them, thereby ensuring that they can seamlessly exchange information between all the regions they operate in.

The proliferation of regulations being applied not only protects consumer privacy, but also protects business data and IT infrastructure. Compliance benefits both the organisation and any customers and partners it comes into contact with. Though, it is important to not be so focused on simply compliance that actual cyber risks are forgotten.

Automation

A hand reaching out to a screen which displays automation options

One solution being proposed to cover the problem of the cyber security skills gap, while also improving security in businesses overall, is the increased use of automation.

With threats increasing and budgets not necessarily keeping pace with inflation, businesses are turning to automation to cut the cost out of simple tasks, enabling staff to prioritize their attention on difficult ones. The increasing functionality of machine learning enables some of the simpler and repetitive tasks to be automated.

This needs to be done with care; solely relying on automation could be detrimental, as automation is not always 100% effective. Instead, automation is best used for everday tasks, such as flagging potential abnormal network behavior, with a human in the loop for decision-making. This means that anything flagged as a potential issue is less likely to be a waste of human time.

AI and machine learning can identify threats by type, such as ransomware or phishing attempts, whether it's a known malware strain or not. They can also identify errant behaviour by users, for example, if a person who works 9-5 becomes active at 3am, or starts trying to access systems and data they don't normally or don't have the appropriate privileges for. This could be indicative of a successful hack or an insider threat and can be investigated by the appropriate members of the IT team.

The most modern enterprise security software offers AI and machine learning capabilities, although what you choose to adopt will depend on the skills already present in your business, and how able you are to balance existing skills.

For example, if there's no one in your business who knows how to investigate and remedy potential and actual hacks, you will need to train someone up in this area in order to use the software effectively.

With contributions from