Promon founder and CTO Tom Lysemose Hansen, who has extensive experience in IT security and risk analysis and founded the company more than 10 years ago, analyses how companies tackle the growing threat of cyber-attacks, from the pros and cons of raising awareness among their customers, to the in-house cybersecurity talent shortage…
Mobile phones have become indispensable elements of our daily lives, from booking an Uber to checking the bank account, from online shopping to storing addresses and names. It even goes beyond that: with the steady rise of the Internet of Things (IoT), smartphones can now unlock your front door or start your car’s engine. While many laud the convenience and simplicity of modern mobile technology, cybercriminals are waiting for mobile users to make one single mistake to compromise their personal data.
Because mobile phones are an everyday item, human error, when it comes to safe usage, is unavoidable. Let your guard down for one second, and an innocent-looking email turns out to be a phishing one; one wrong click, and malware is up and running on your device. But it gets worse. They say identifying the problem is the first step towards solving it. The problem is that, according to a recent study by Promon, an overwhelming 89 per cent of users wouldn’t know if their smartphone has been infected. This leaves potential for an enormous amount of data to be exposed to hacking attacks.
Educating users about the threats of cybersecurity and how to protect their own data is one solution. But beyond individual users there are SMEs, multinational corporations, and banks, all of whom are storing and handling sensitive data. Should companies rely on the best judgement of their customers and employees when it comes to protecting enterprise apps? Users’ lack of awareness of the risks can lead to a disaster, not only at a personal level, but also for businesses across every sector.
Consumers need to be better educated about the threat of cyberattacks, that much is clear. But the ultimate responsibility lies within companies holding the know-how, financial support and immense decision-making power. The same study conducted by Promon shows that 43 per cent of users rely on passwords as the most popular security measure. This comes after numerous data breaches involving high-profile companies, such as Dropbox, Last.FM, Netflix and Yahoo. Clearly, businesses can no longer rely on the password and those who use them.
Despite repeated calls by industry experts, the problem is amplified by a shortage of cybersecurity professionals, as a consequence of insufficient education and lack of support from governments. It leaves organisations vulnerable, and while in-house talent shortage presents a challenge across every industry sector, companies need to take their fate in their own hands to ensure all employees are trained accordingly.
UK businesses are not the only ones fighting to gain their customers’ trust and keep their data safe, with US officials announcing that cyber attacks have quadrupled since last year and are increasingly targeting businesses, and companies in Australia and New Zealand being targeted by a ransomware campaign. The scale of the problem is a global one, and our response needs to be equally wide-ranging.
Another study conducted across as many as eight countries, including the UK, shows that four out of five respondents believe there is a shortage of cyber security skills, and 71% feel that this leads, subsequently, to direct and measurable damage.
The pressure that companies are under to tackle security threats is undeniable, but there is certainly cause for optimism. A growing awareness of cybersecurity among young people, topped up with alternative, hands-on leaning methods widely available on the market – such as Raspberry Pi – mean there are computer science enthusiasts than ever before, and it is the employers’ responsibility to guide and train these people, or at least loosen up entry requirements for jobs in cybersecurity.
Alternative, non-traditional options of training should be accepted for entry-level jobs; cybersecurity skills are not always gained through formal higher education and companies need to take a dynamic approach towards protecting their data and safeguarding their online presence. Mobile cybersecurity is still a relatively new discipline compared to traditional cybersecurity, so dynamism in building skills is even more important here.
It is important that businesses exploit the full potential of the cybersecurity environment. Companies need to act quickly to overcome the skills shortage, while governments need to implement long-term plans to make cybersecurity awareness the norm for all. This is no simple task, but tapping into the talent businesses already have at their disposal is a good place to start.