Historians would not be exaggerating if they refer to this era as the “Age of Never Ending Crises.” Combine a global pandemic, the war in Ukraine (with perhaps other wars on the horizon), plus the never-ending threat of ransomware and data breaches, and security professionals are operating in a complex threat landscape as they secure their businesses.
Most recently, The U.S. Cybersecurity and Infrastructure Security Agency (CISA) as well as the U.K.’s National Cyber Security Centre (NCSC) have released imminent warnings of the cyber risks companies face as they anticipate cyberattacks on critical infrastructure and potential backdoors in Russian software.
These elements lay the groundwork for the current threat landscape, with extra attention rightly being paid to security professionals and what they need to do to protect companies against cyberattacks. This being the case, how can cybersecurity leaders best support their companies during this time of crisis?
It all starts with skills and applied techniques, ensuring that everyone in the industry can do their part to best protect their companies from vulnerabilities. For those who aren’t exactly sure how or where to start, here are a few basic skills that anyone can apply to help protect their companies from vulnerabilities.
1. Learn the basics, but don’t lose sight of current trends.
As the nation becomes increasingly aware of cybersecurity threats, there will always be a serious need for cybersecurity professionals to know the basics of writing code, which can lead to a basic understanding of how developers think. Information security experts will always need to be proficient in data protection and storage, incident response, and business continuity. Yet, security cannot overlook the current major areas of growth in the industry requiring a completely new way of thinking and examining everything, from supply chain risk to ransomware to protection programs and code organization and origination.
2. Understand the specific risks of the company.
A great way to be prepared for any risk is through an incident response tabletop exercise that gets an organization up to speed on real risks and solutions. For example, auditing a company’s vendors, code, security certifications, relationship managers, data use, data breaches and so on.
3. Find a trusted community of industry peers and a mentor in the field.
Knowledge is key, and security professionals can never get enough of it. Whether it be inside or outside of the company, many experienced cybersecurity professionals are more than willing to take younger professionals under their wing. The talent shortage in cybersecurity is real, with more than 77,523 U.S. cybersecurity postings in February, up 31% from December 2021. This can be a blessing for those who are curious about the world we live in and are eager to ignite change. Those who continuously learn are the ones who move up in this field, versus those who learn just enough to get the job done.
4. Be critical.
The best cybersecurity professionals never stop asking questions and keeping an eye out for potential risks. That keen eye will catch vulnerabilities others may miss and could be the differentiator between stopping an attack and becoming another headline. For example, unauthorized access to code repositories could allow malicious code to infiltrate a company’s technology stack without a trace — unless an organization has the right folks performing automated and periodic, manual code reviews. It only takes one bad actor to exploit the tiniest crack in an otherwise robust cybersecurity program for an entire company to fall victim to a data breach, so cybersecurity teams should all adopt the mindset of leaving no stone unturned.
These are just a few easy skills and techniques anyone can learn and eventually leverage to help protect themselves and their companies from cyberattacks. While they’re not bulletproof by any means, cybersecurity professionals can always find more ways to equip themselves with additional knowledge and enhancement of their skills.