Class B: Discussion 1
Class B: Discussion 1
Security professionals face numerous challenges, some of which are discussed in detail. One of the primary challenges they face today is the augmentation of sophistication and volumes of cyber-attacks. Perpetrators of cyber-attacks today have refined their tactics to increase the sophistication of these attacks that become manifest in the form of ransomware attacks, growing phishing volumes, and new methods of propagating malware development. Holt, Bossler, and Seigfried-Spellar (2017) attest to this challenge by acknowledging that between 2014 and 2015 only, ransomware or scareware attacks increased by a whopping 35%, targeting mobile devices, some operating systems, and web servers. Ransomware attacks are a challenge to security professionals because technological advances continue to trigger massive transformations in cybersecurity breaches. These breaches shift the cybersecurity goalposts, making it exceedingly difficult for these professionals to stay operationally ahead of such threats.
Another challenge for security professionals the broadening skill gap. Today, finding, training, and sustaining qualified employees, along with retaining the exceptional talent needed in dealing with new cybersecurity threats continue to be a big challenge. Cybersecurity requires specialized scientific and technical skills, knowledge, and experience. However, statistics provided by De Zan (2019) reveal that currently, there are about 3 million cybersecurity job posts that have not been filled globally because there are not enough security professionals to fill these posts. The same source estimates that the skill gap will become worse because it will widen to 3.5 million by 2021. What this means is that teams of security professionals will face a growing skill challenge because they simply cannot find additional and new next-generation security workforce with the experience, expertise, and talent needed to fulfill fundamental security functions.
The third challenge for security professionals is the problem of overwhelming priorities. According to Knapp and Langill (2014), reducing and mitigating the risks, vulnerabilities, and threats in cybersecurity require high-level prioritization. However, these priorities may become overwhelming to security professionals when juggling them. This is because these professionals end up being pulled in different directions as they work hard to meet the needs of their respective departments. Apart from having many priorities, security professionals have to deal with large volumes of security alerts of different complexities. As they compete with these alerts, it becomes had to cope with their volumes and complexities, and they become overwhelmed developing what is termed alert fatigue (Miliard, 2019). Other challenges include increasing complexities of business security environments, development of stricter global security regulations, issues associated with data interoperability, and budgetary restraints in implementing and managing security infrastructure.
I have been responsible for the security and protection of a physical asset, specifically manufacturing equipment. What I wished I had known going into this assignment are the industry-specific security solutions for protecting that equipment from theft, misuse, and hazards that are beyond human control. If I had not known these, the one issue that might cause me to stay up at night if given this assignment would include how to acquire and get acquainted with industrial controls in manufacturing processes. Another issue would include equipment insurance and related data integrity.
De Zan, T. (2019). Mind the gap: the cyber security skills shortage and public policy interventions. Oxford University.
Holt, T. J., Bossler, A. M., & Seigfried-Spellar, K. C. (2017). Cybercrime and digital forensics: An introduction. Routledge.
Knapp, E. D., & Langill, J. T. (2014). Industrial network security: Securing critical infrastructure networks for smart grid, SCADA, and other Industrial Control Systems, 2 Ed. Syngress.
Miliard, M. (August 30, 2019). Alert fatigue a big problem for cybersecurity professionals too. Healthcare IT News. Retrieved January 14, 2020, from https://www.healthcareitnews.com/news/alert-fatigue-big-problem-cybersecurity-professionals-too.