Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants.

The other kind of virus in 2020: cybercrime

Cybercrime attacks against businesses increased globally during 2020, and a quarter of victims were hit multiple times. More than two out of five businesses (43 per cent) were targeted, up from 38 per cent the year before. More worryingly, one in six victims (17 per cent) said the attack was severe enough to have potentially put the firm out of business. The findings come from The Hiscox Cyber Readiness Report 2021. 

As the risk has increased, so has security investment, as Infosecurity Magazine reported. Its take on the report focused on firms allocating 21 per cent of their total IT budgets to security. This is 63 per cent higher than in 2019. The Irish Examiner led with the finding that Irish businesses are the least prepared for an attack. The report survey polled more than 6,000 organisations the US, UK, Belgium, France, Germany, Spain, the Netherlands and Ireland. Of the 320 companies in Ireland, 124 of them (39 per cent) suffered an incident during 2020. 

You had three jobs

CISOs or risk professionals starting in a new post should focus on the people, not the technology. It might sound counterintuitive for a technical role, but that’s the conclusion from dozens of interviews with security executives by Forrester Research. The ‘CISO’s first 100 days’ asserts that making human connections is more likely to be successful than understanding technology or processes.

The report lays out three tasks for the first 100 days in the role: gain situational awareness, cultivate relationships, and establish the guiding principles of the security culture they want. SC Magazine describes it “as much a test of his or her political acumen and relationship-building skills as they are about technical skills or digital transformation plans.” Coincidentally but with superb timing, longtime security industry executive Phil Venables has published an excellent guide to managing stress for security leaders. 

A path into security

Instead of hiring star performers who can do it all, organisations staffing up security teams need to change approach. That’s the key takeaway from a new Cybersecurity Career Pursuers Study study by (ISC)2, the non-profit group of cybersecurity professionals. 
 
It’s often said that security skills are scarce – but by what definition? (ISC)2 says many organisations keep making the same mistake of chasing ‘all stars’. Instead, they should build a balanced and diverse cybersecurity team with a broad range of skills. This leads to a more sustainable and long-term approach to hiring. “The smart bet is to hire and invest in people with an ability to learn, who fit your culture and who can be a catalyst for robust, resilient teams for years to come,” said Clar Rosso, CEO of (ISC)2. The report is available to download here.

Links we liked

How to find a cloud provider with the right level of security and privacy for your needs. MORE

McAfee’s library of security research papers details useful tools and techniques. MORE

The ninth version of the MITRE ATT&CK knowledge base is available now. MORE

An in-depth look at the SilverFish cybercriminal group and its methods. MORE

Trend Micro looks at how traditional scams mutated during Covid-19. MORE

Europol’s in-depth annual study of organised crime is a must-read. MORE

The cost of a cyber incident, as measured by the US CISA agency. MORE

A long read on the SolarWinds hack, courtesy of NPR. MORE 

A security leader’s guide to managing stress. MORE

I’m loving this headline: ice cream machines hacked? Here’s the scoop. MORE

Have you signed up to our monthly newsletter? Every month we send out the latest cybersecurity and data protection news, trends and advice from around the globe. Sign up here