Professional Documents
Culture Documents
More than 50% of the world’s population is now online1. Approximately one million people join
the internet2 each day, while two-thirds of humanity own a mobile device3. What is known as
the Fourth Industrial Revolution (4IR), is already bringing tremendous economic and societal
benefits.
Smart technologies have enormous potential to improve both human life and the health of
the planet. For example, satellite-based applications can aid rural farmers to irrigate their
crops efficiently4. Prosthetics can be 3D printed. Autonomous vehicles can be employed by
the elderly to support better mobility. The Internet of Things (IoT) can even help to lower CO2
emissions5 by optimizing energy consumption and reducing traffic congestion.
However, many new challenges and risks have also surfaced. Cyberattacks have become a
common hazard for individuals and businesses. The World Economic Forum Global Risks
Report 20206 ranks them as the seventh most likely and eighth most impactful risk, and the
second most concerning risk for doing business globally over the next 10 years.
2
Why It Is Important to Have Qualified Cybersecurity Professionals On Your Team
At the same time, personal data is getting Cloud Security is a Major Concern
swiped more often than in previous years.
Moving corporate data to the cloud is part
Personal data was involved in 58% of
of the digital transformation businesses
breaches in 2019, nearly twice the 30%
undergo. As companies move to the cloud,
in 201810. This includes email addresses,
so do the criminals. Cloud assets were
names, phone numbers, physical addresses,
involved in about 24% of breaches in 2019
and other types of data that one might
and involved an email or web application
find hiding in an email or stored in a
server 73% of the time. Additionally, 77%
misconfigured database. Once they get
of those cloud breaches also involved
hold of this precious data, criminals either
breached credentials15. This is not so much
sell it on the dark web, where their stock
an indictment of cloud security as it is an
market value is very high, or use it to launch
illustration of the trend of cybercriminals
other attacks, such as phishing.
finding the quickest and easiest route to
their victims.
Phishing Attacks Are The First
Step for Attackers to Gain a These statistics contribute to a sentiment
Presence In Corporate Networks of declined confidence about the security
posture of cloud-based assets16. In fact,
Most security reports agree that phishing
86% of the 8.5 million compromised data
the first initial infection vector seen in
records were the result of a misconfigured
security breaches11. Phishing is the favorite
server, either a publicly facing cloud
course of action for social engineering
asset or unencrypted data in the cloud17.
attacks, arriving via email in 96% of the
occasions. While credentials are by far the Organizations fail to understand the shared
most common attribute compromised in responsibility model of the cloud providers,
phishing breaches, personal data are also where security of the data in the cloud is the
sought after12. absolute responsibility of the owner.
Phishing has always been and still is a Industrial Attacks are Increasing
fruitful method for attackers. That is why Attackers are not only focusing on
it is the highest cyberthreat concern for businesses for financial purposes. They are
businesses13. This concern is fueled by the also eager to wreak havoc by disrupting
worrying fact that more and more attackers the availability and reliability of national
are employing phishing tactics for what is critical infrastructure. Events in which threat
known as CEO fraud through business email actors targeted Industrial Control Systems
compromise (BEC). These kind of attacks are (ICS) and similar Operational Technology
financially motivated and have proven to be (OT) assets increased over 2000% in 2019
very effective: affected companies lose as compared to 201818. Most of the observed
much as $44,000 per compromise14. attacks were centered around using a
combination of known vulnerabilities within
SCADA and ICS hardware components.
3
Why It Is Important to Have Qualified Cybersecurity Professionals On Your Team
There were also many cases where their systems. Finally, a strong cybersecurity
the attackers took advantage of the strategy provides the foundation required to
convergence of IT and OT infrastructure. take advantage of the benefits of migrating
This overlap allows IT breaches to target OT data and applications to the cloud, offering
devices controlling physical assets, which managed services, and expanding into a
can greatly increase the cost to recover. The global, omnipresent business.
explosive use of IoT devices by industries
has expanded the attack surface, with threat However, companies are still struggling
actors taking advantage of it. Compromised to make cybersecurity an integrated and
devices with network access can be used proactive part of their strategy, operations,
by attackers as a pivoting point in potential and culture. Even though cybersecurity
attempts to establish a foothold in the professionals are responsible for securing
organization. businesses, when companies make big,
strategic decisions cybersecurity is often an
Cybersecurity Can Drive afterthought, resulting in increased security
Business Growth and business risk. That means companies
are losing out on the added value that the
Organizations should not view cybersecurity cybersecurity function can provide.
as just another IT expense for protecting
against imminent external and internal What businesses need right now are
cybersecurity threats. The fact is that talented, experienced, and knowledgeable
cybersecurity can play a vital role in driving employees that understand both the
business growth19. Organizations with a potential and the risks associated with
robust cybersecurity strategy have a strong emerging technology. As technology
competitive advantage over those that becomes more fabricated into business
do not. With cyber-attacks and security processes, these experts can lead the
breaches making the news headlines challenge of making cybersecurity
daily, consumers are becoming savvier awareness and safety an enabler of business
about the security and privacy of digital success.
services and products, whether they are
offered by a large enterprise or a small
business. According to a recent research by What the HR Manager Can Do to
Vodafone20, 89% of executives are confident Foster Cybersecurity Success
that improving their corporate cybersecurity
It is time for boards and C-suite executives
would enhance customer loyalty and trust.
to reset their expectations of how
cybersecurity is positioned within their
Your business partners and investors also
organization, and the HR Manager can play
want to make sure you have proper security
an important role in this.
measures in place before they establish and
expand their relationships with you, as they
do not want your vulnerabilities to cripple
4
Why It Is Important to Have Qualified Cybersecurity Professionals On Your Team
5
Why It Is Important to Have Qualified Cybersecurity Professionals On Your Team
The HR Manager can promote security team possess these technical capabilities, the
training since employee attitudes toward experts themselves need to be something
training are generally positive. According to different: an influential voice in business
a recent report, among those who have had strategy, technology decisions, and
training, 80% agreed with the statement enterprise risk management.
“classroom and/or online IT security
training has helped me better protect my What are the Essential
organization and/or my customers’ assets.21”
Qualifications of a Cybersecurity
Leader?
Promote Professional Certifications
Future cybersecurity leaders need a broad
in Security set of skills that job experience alone does
While we are on the topic of training to fill
not provide. They need to have invested
the gaps in advanced IT security skills, the
in training to acquire those skills that build
HR Manager can consider and promote
self-confident experts with a strong security
the earning of professional certifications
foundation to make an impact in your
in security. A recent study has highlighted
organization.
that earning these certifications comes with
many advantages. The benefit cited most
often was expanded knowledge, followed Technical Skill Sets
by increased credibility and respect and Deep Knowledge of Emerging Technologies
improved job satisfaction21. Emerging technologies change the ways
businesses work and will also create new
Hire the Right roles in the future. IoT, AI, Machine Learning
(ML), cloud computing and automation
Cybersecurity Leader
are all seen as important investments to
The “who” matters for critical leadership
support digital transformation initiatives.
positions, so it is worth dissecting which
New security positions will demand
characteristics to look for. HR Managers
professionals who are knowledgeable about
should prioritize mindset over technical skills
these emerging technologies as well as
when they are considering and evaluating
their inherent security challenges.
cyber leaders. Looking at what successful
cyber leaders do, mindset characteristics
Savvy security professionals should
stand out, such as having a wide business
acquire this knowledge today as these
view, being eager to grow others, and
emerging technologies will force change
having an appetite for learning.
in the workplace tomorrow. Without an
understanding of how this technology is
While organizations require key skills such
impacting IT infrastructure and business,
as network security, threat intelligence,
some may find they are left behind as roles
and incident response, these should not
evolve to include skills related to emerging
matter the most when assessing future
technology.
cybersecurity leaders. Although they must
6
Why It Is Important to Have Qualified Cybersecurity Professionals On Your Team
Strong Knowledge of Security budget, they will also harm the level of trust
Best Practices people place on the affected organization.
Cybersecurity has become a top priority
in business today. Security professionals Being compliant is a continuous process
are in demand and the skills gap has made and not a one-off exercise. Cybersecurity
it difficult to find the help required to professionals need to be knowledgeable of
mitigate risk. A cybersecurity leader must the security requirements described in these
be able to demonstrate sound knowledge regulations and exercise the proper security
of security best practices to include: controls with due diligence. Compliance to
• Incident detection and response, to these regulations provides a competitive
handle any imminent threat of an advantage and is an added value for every
organization’s violation of security organization.
policies or standard security practices.
• SIEM management, to take the real- Soft Skills
time analysis produced from alerts and Leadership and Communication
translate into incident response plans. Security experts demonstrate leadership
• Analytics and threat intelligence, to through their credibility, responsiveness,
aggregate network and application and ethics. Further, communication skills
data to prevent attacks from occurring can help a security expert earn trust
in the future. from senior management, peers, and
• Identity and access management, subordinates. Security leaders should
to ensure that the security policy be able to provide to their leadership
demonstrates an acceptable use for actionable insights, linked to business
various roles and responsibilities within needs and the risk environment and help
the organization. the executives make informed decisions.
7
Why It Is Important to Have Qualified Cybersecurity Professionals On Your Team
8
Why It Is Important to Have Qualified Cybersecurity Professionals On Your Team
9
Why It Is Important to Have Qualified Cybersecurity Professionals On Your Team
The CISSP is recognized as a gold standard for cybersecurity professionals. The CISSP is
ideal for experienced security practitioners, managers and executives interested in proving
their knowledge across a wide array of security practices and principles, including those in
the positions of Chief Information Security Officer (CISO), Chief Information Officer (CIO),
Director of Security, Security Systems Engineer, Security Analyst, Security Manager, and
Security Consultant.
About (ISC)2
(ISC)² is an international nonprofit membership association focused on inspiring a safe and
secure cyber world. Best known for the acclaimed Certified Information Systems Security
Professional (CISSP®) certification, (ISC)2 offers a portfolio of credentials that are part of a
holistic, programmatic approach to security. Our membership, more than150,000 strong, is
made up of certified cyber, information, software and infrastructure security professionals
who are making a difference and helping to advance the industry. Our vision is supported by
our commitment to educate and reach the public through our charitable foundation – The
Center for Cyber Safety and EducationTM. For more information about (ISC)2 visit our website,
follow us on Twitter or connect with us on Facebook and LinkedIn.
10
Why It Is Important to Have Qualified Cybersecurity Professionals On Your Team
References
1
International Telecommunication Union (ITU), “Measuring Digital Development, Facts and figures 2019”,
available at https://www.itu.int/en/ITU-D/Statistics/Documents/facts/FactsFigures2019.pdf
2
Datareportal, “Digital 2019: Global Digital Overview”, available at https://datareportal.com/reports/
digital-2019-global-digital-overview
3
Bank My Cell, “How Many Smartphones Are In The World?”, available at https://www.bankmycell.com/blog/
how-many-phones-are-in-the-world
4
NASA Earth Observatory, Smart Phones Bring Smart Irrigation, available at https://earthobservatory.nasa.gov/
images/92903/smart-phones-bring-smart-irrigation
5
Forbes, Smarter Cities Will Be More Efficient Cities, available at https://www.forbes.com/sites/
forbestechcouncil/2019/11/22/smarter-cities-will-be-more-efficient-cities/#3bd950332128
6
World Economic Forum, “The Global Risks Report 2020”, available at https://www.weforum.org/reports/the-
global-risks-report-2020
7
CyberEdge 2020 Cyberthreat Defense Report, available at https://cyber-edge.com/cdr/
8
IBM, Cost of a Data Breach Report 2019, available at https://www.ibm.com/security/data-breach
9
CyberEdge 2020 Cyberthreat Defense Report
10
Verizon Data Breach Investigations Report (DBIR) 2020, available at https://enterprise.verizon.com/resources
reports/dbir/
11
IBM X-Force Threat Intelligence Index 2020, available at https://www.ibm.com/security/data-breach/threat-
intelligence
12
Verizon Data Breach Investigations Report (DBIR) 2020
13
CyberEdge 2020 Cyberthreat Defense Report
14
Verizon Data Breach Investigations Report (DBIR) 2020
15
Verizon Data Breach Investigations Report (DBIR) 2020
16
CyberEdge 2020 Cyberthreat Defense Report
17
IBM X-Force Threat Intelligence Index 2020
18
IBM X-Force Threat Intelligence Index 2020
19
Netwrix, “How Can Cybersecurity Help in Business Growth?”, available at https://blog.netwrix.
com/2019/10/22/how-can-cybersecurity-help-in-business-growth/
20
Vodafone, “Cyber Security: The Innovation Accelerator”, available at https://www.vodafone.com/business/
white-paper/cyber-security-research-the-innovation-accelerator
21
Netwrix, “How Can Cybersecurity Help in Business Growth?”, available at https://blog.netwrix.
com/2019/10/22/how-can-cybersecurity-help-in-business-growth/
22
Vodafone, “Cyber Security: The Innovation Accelerator”, available at https://www.vodafone.com/business/
white-paper/cyber-security-research-the-innovation-accelerator
© 2020, (ISC)2 Inc., (ISC)2, CAP, CCFP, CCSP, CISSP, CSSLP, HCISPP, SSCP and CBK are registered marks of (ISC)2, Inc.
11