How would you quantify the impact of your business being taken offline for an entire week? What would be the fallout on clients? Where would your reputation stand? What would be the cost of recovery? That is precisely what trading group Ion will be considering
right now as they emerge from a week-long ransomware nightmare that took down their derivatives platform, causing major disruption to customers, including some of the world’s biggest banks.
Financial leaders know the threat of cyberattack is ever-present and ever-growing. As the Bank of England reported late last year, cybersecurity is the number one risk for financial institutions. The impact of remote working has led to a rise in ransomware
hacks, while a surge of DDoS attacks linked to the Russian war on Ukraine has all contributed to an increasingly threatening cyber landscape.
However, as cyber complexity rises, we also see a trend of “brutal” job cuts across the sector, threatening vital roles in already-stretched cybersecurity teams. Cost-cutting is being cited as the driver behind a growing number of security leaders and engineers
being cut from headcounts.
This is a stark turnaround from previous years’ trends which saw organisations struggling to hire the required cybersecurity skills, leading to a vast leap in cyber salaries. In our turbulent economic climate, it might be tempting, therefore, to see cybersecurity
as an area ripe for trimming. As Joseph Thomssen, a senior cybersecurity recruiter at NinjaJobs, recently told SecurityWeek, “Many of these layoffs in cybersecurity seem to be short-term attempts to save money.”
This is a very dangerous tactic. Firstly, firing staff in the short term will make re-hiring much harder. Reputation as an employer is damaged easily, especially within cybersecurity which is a close community. In the UK, where there is a severe cyber skills
gap, fire and rehire is not a viable option and this has been compounded by news of the closure of programs such as the Tech Nation visa scheme, which supported overseas talent to bolster the UK’s cybersecurity workforce. Fire now, regret later.
More with less is a recipe for disaster
Cyber teams are already struggling, and as cuts are made, the remaining team is left to pick up the slack - doing even more with even less. As uncovered by the Information Systems Security Association (ISSA), over half of organisations are being impacted
by a lack of cybersecurity skills, with the result being an excessive workload for existing talent. Nearly four in ten cybersecurity professionals say they have experienced burnout due to the pressures of increasing risks and lack of support. When teams are
understaffed and burnt out, cyber risk only increases, which can have devastating consequences for individuals and organisations alike.
In the face of expanding threats, rather than shrinking cyber teams, financial organisations should consider investment in strategies and tools to support them. For example, working with managed security partners can remove the burden of identifying and
mitigating risk and reduce the attack surface, securing data, applications, systems, and devices at all times. With real-time threat intelligence utilising AI and ML, such partners free in-house cybersecurity teams to focus on supporting broader, strategic
initiatives. As such, an MSP provides scalable security options based on organisational requirements and the cyber teams' size, skillset and important strategic drivers.
For example, while cyber risk is rising, financial organisations are also undertaking rapid digital transformation, from online trading to mobile banking, digital currencies and app proliferation. Increasing cloud adoption and integration of SaaS offerings
moves critical business assets outside of the traditional network perimeter. According to ISSA, those making this shift to the cloud find it even more challenging; 39% of organisations struggle to fill cloud computing security roles. While digital transformation
has countless benefits for businesses, we must remain conscious of the cyber risks associated with cloud adoption.
With financial institutions a prime target for malicious actors, cybersecurity is now a core driver for financial institutions, but beyond that, it is also fundamental to supporting innovation.
With increasing regulatory requirements and soaring customer expectations, the need for transformation and innovation to be built on a secure base is fundamental.
As Candy Alexander, board president of ISSA International, warns, “Cybersecurity is seen as a cost centre to the business -- something you have to do, but only to a minimal degree, like paying the light bill. We need to shift the conversation to aligning
our security programs with the business."
Short-term cost-cutting in cybersecurity will only result in short and long-term risk. Rather than making regretful decisions, financial services leaders should consider what smart investments they can make in strengthening cybersecurity postures. This does
not necessarily mean paying over the odds for more talent but could mean investigating how to better support existing teams to perform at their peak. Asking them to do more with less is a risk simply not worth taking.