Preparing your cyber workforce for 2024
Experts have predicted a global recession in 2024, paired with record figures of inflation creates an environment that accelerates financially motivated cyber attacks. During the pandemic, ransomware attacks reached record figures, with cybercrime forming the third largest “economy” after China and USA. As cyber security professionals, we cannot stop cyber attacks but rather slow down attacks and improve our ability to receive from such attacks.
The candidate market for attracting cyber security talent is challenging, the global skills gap for cyber security is set to further widen by 18% within the next 5 years. Whilst this is happening, the market for cybercrime has become more and more lucrative with services such as Ransomware as a Service (RaaS) easily accessible, with little to no technical skills.
In an era of job hopping and quiet quitting, how do we as cyber security managers build resilience in such conditions?
Nurture your existing workforce
In business and in cyber resilience, you are only as good as your workforce. People represent your first line of defence against cyber attacks; whether evading social engineering attempts like phishing or raising alarm on suspicious findings. They possess an invaluable amount of knowledge of your organisation and they must be nurtured to retain them in the long run.
When it comes to high churn rate, occurs for a number of reasons in my experience it is typically due to leadership. People do not leave because they do not like the organisation, they leave because of poor managers, crappy pay and feeling overlooked. You need to be honest with yourself as a manager and get to the root cause of why people are leaving. If you don’t, history will repeat itself over and over. For example, when enacting change it is crucial to ensure that employees feel included and are brought along for the entire journey, to maintain morale and to benefit from diversity in thought. If your organisation has a bad reputation for implementing change, consider starting with any initiative that is relatively low effort and yields high rewards across the organisation. To support this, if budget permits ensure you’re investing in upskilling your existing workforce and seek to promote internally in the first instance.
Prepare for drastic changes in your workforce
Sometimes, despite your best efforts your workforce leaves the organisation. How do you minimise the impact of this? Document everything. Very early on in my career, I learned that many processes within an organisation exist in the brains of the workforce. This is fine whilst they are happy employees, but more times than not I find that it creates a bottleneck and can cause issues if the individual possessing the knowledge leaves, becomes disgruntled or is away from the organisation. The solution to this I hear you ask? Create process documents for every area of your cyber processes from AD onboarding to cloud configuration, request that existing processes are documented and moving forward new processes are also formally documented. Ensure this includes assets inventory also, it is not uncommon to use open source code libraries when building applications but you need to ensure traceability to make investigating breaches easier (*cough cough* log4j). Also, note that open source is becoming a common attack vector, there is always a hidden cost of ‘free’ things.
The benefits of documenting all your processes are well summarised in The E-Myth Revisited, but to summarise:
Improved accountability and standardisation of how processes should be executed
Ease of onboarding new joiners to the organisation
Increased retention of knowledge throughout the organisation
Changes in the workforce are inevitable, however taking the steps listed above to document your procedures should help you continue in the long run.
Look out for Insider Threat
Insider Threat is not going anywhere, disgruntled employees accounted for 75% of insider cyber attacks which will only worsen as the global economy approaches recession and people become more susceptible to being turned. Insider Threat is a malicious threat that originates from inside the organisation from current and former employees, contractors and business associates who are privy to information not available in the public domain. There are various types of insider threats, some with malicious intent i.e. disgruntled employees and business partners but also, unintentionally due to interacting with phishing emails, lack of training and error.
The most concerning thing about insider threat is that it is typically the individuals with privileged access to systems and information that can do the most damage. What can we do about this? There are a number of proactive steps you can take such as background checks for new joiners and existing employees (every few years), monitoring of system usage to detect exfiltration of data via a Data Loss Prevention solution and specific training for staff to ensure they know what to do if approached by a cyber-criminal.
Ultimately, your workforce is both your strongest and weakest link with respect to cyber resilience. Make ongoing efforts to nurture your workforce in 2024 and beyond.
