In a fast paced and solution-oriented presentation, Lucy Kerner, senior principal global cybersecurity evangelist and strategist, Red Hat, outlined a clear set of goals financial institutions can and should work toward in order to address cyber security weaknesses for ‘The cyber resource problem – is it totally unsolvable?’ on day 2 of Sibos 2020.
Jonathan Allen, director of entreprise strategy, Amazon Web Services and Tanuj Kapilashrami, group head, human resources, Standard Chartered Bank set the tone for the discussion, illustrating the myriad challenges faced by an industry plagued by lack of skilled talent to meet cyber security needs in an increasingly digitised landscape.
Elaborating on this “seemingly intractable problem”, Allen leant on the quintessentially ‘AWS’ mantra that in order to solve these shortcomings, “we need to innovate out of a corner.”
Kapilashrami was keen to draw on the work being carried out by Standard Chartered in the space, namely education programs that target early careers with potential in the space and the importance of encouraging greater representation of females across cyber security. Calling on a report Kapilashrami explains that women represent just 24% of the cyber workforce globally, and while they are typically more qualified than their male counterparts this is not reflected in their salary.
“By challenging ourselves to build new talent pools, to go after female talent and women in the tech, we’ve been able to broaden the supply of talent in the space.”
Broadening the talent pool is vital, argues Kerner, who underscored a troubling figure that the global cyber security workforce gap currently sits at 4.07 million people. She states that research conducted by (ISC)2 last year estimates that the global cyber security workforce needs to grow by 145% and that 51% of cyber security professionals say that their organisation is at moderate to extreme risk due to this cyber security staffing shortage.
The sudden onset of Covid-19 forced companies to allow for remote access and therefore much greater cyber exposures, and this appears to have exacerbated this already existent cyber security risk into a full-blown problem. The fact that these companies are allocating resources to simply keeping businesses afloat during the pandemic has led to funds being directed away from these security projects.
Rather than lingering further on the well-documented trials Covid-19 has wreaked across financial services, Kerner goes on to outline a smattering of practical advice for firms seeking to improve their cyber security strategy.
First, Kerner recommends that financial institutions stop blindly throwing bodies at the problem.
“Look at ways to grow your existing resources internally and hire strategically. You need to make sure your organisation is both an appealing place to join and a rewarding place to stay. Identify the gaps in your organisational processes and technologies and whether these are contributing to the issue at hand.”
“By further developing your existing IT professionals, you have the opportunity to establish cross collaboration and training up.”
As most security tools and ways of thinking about security vary widely and operate in unique environments, Kerner suggest a handful of example exercises or activities to prompt and nurture diverse ways to solve novel problems.
“Cross organisational teams could do things like orderly mock breaches or tabletop exercises together, and even going to escape rooms designed to successfully escape the room by solving security puzzles together. Be creative with how you establish this culture of cross collaboration cross pollination and cross training across the organization.”
Kerner also advises that firms take a hard look at security tooling and the resources needed to know where cyber security skills exist across the organisation itself, and not to underestimate a consistent automation strategy across the entire organisation.
“While the global cyber security workforce gap is daunting, it is not insurmountable.
“It starts with having a strategy to deal with Covid-19, tackling cyber security by building a resilient team with your organisation, developing a culture of cross collaboration, being strategic with hiring, taking a hard look at security tools and resources and implementing a consistent automation strategy.”