Logo

Logo

Understanding vulnerabilities

One of the most widespread and read news that flood the information technology world is the repeated incidents of cyber…

Understanding vulnerabilities

(Photo: Getty Images)

One of the most widespread and read news that flood the information technology world is the repeated incidents of cyber threats that are rocking companies across the world. What organisations can do is to reduce risks by arming themselves with the right security skills.

The Ponemon Institute that conducts independent research on privacy, data protection, and information security, recently reported that the average global cost of a data breach is as high as $3.62 million. Not surprisingly, then data security is one of the fastest growing specialisations in information technology.

This is becoming the top priority for companies, as the recent history with new technology models and the reliance on data has brought focus to the need for tight privacy. Accordingly, the market is growing, with Gartner projecting overall spending on enterprise security to reach $100.3 billion globally by 2019.

Advertisement

Data security decisions can create sustainable impact on business operations. As a matter of fact, only companies with protected knowledge and resources can enhance their businesses efficiently. Training young professionals to work in this domain is the need of the hour. As India gets increasingly digitalised, we need more reliable communication and information security systems.

According to estimates by Nasscom Cyber security Task Force, India will need 1 million trained cyber security professionals by the year 2025. Apex educational bodies like the University Grant Commission and All India Council for Technical Education have proposed that academic institutions introduce cyber information security as a subject at undergraduate and postgraduate levels. Computer science/ engineering graduates may opt for full-time or short-term courses, degrees and diplomas in cyber information security and network administration.

Also, cyber security job roles are exceedingly traversing industry sectors. Since data safety is a key priority for all businesses, professionals with the right cyber security skills can find employment across sectors, especially in retail, healthcare, lifestyle and others. Today, we are observing a clear skill gap among IT professionals due to the rapidly changing threat ecosystem.

The traditional “secured” perimeter is dissolving leading to firewalls and anti-viruses virtually ineffective in thwarting threats. In the current situation, “security analytics” is the need of the hour to monitor network traffic and devices in order to identify and kill bad behaviour. Therefore the skill requirements from the modern day security professionals should include security analytics, mitigation, identification of threats, vulnerability analysis, and penetration testing.

In response to these changing dynamics and skill requirements, organisations are working overtime to augment the data security workforce. Many academic institutions are basing their IT courses on globally reputed certifications. To begin with an entry level professional one needs to be aware of fundamentals of cyber security.

They should be trained and certified on technology areas such as understanding threats, attacks and vulnerabilities, security architecture and design, risk management, cryptography and public key infrastructure. However, to embark in this path information technology pros should have a workable knowledge on network technologies.

Students who want to join a career in cyber security right after college should take up a basic certification on network technology. The second career transformation for a professional is moving to a more analytical role in which one is required to work on defensive security strategies by using toolsets. Arming yourself with the right certifications has never been as important in the IT industry as it is today.

This provides employees and organisation the competitive advantage and helps professionals stay relevant. It helps not just individuals, but the industry at large as it provides employers with a pool of qualified staff to take care of the security. A group of certified professionals can guide others in the company and share invaluable technical expertise with each other.

In this context, vendor-neutral certifications are especially useful. They validate a candidate’s unbiased knowledge of the technology principles. A lot more needs to be done by authorities, enterprises, individuals and other stakeholders in upgrading cyber security skills to match the global standards.

Setting up of a national cyber security architecture in consultation with internationally recognised players can be of good help in monitoring and fortifying network systems in the country. Organisations, private or public need to safeguard their digital assets, be aware of newer threats and keep pace with technology, adopting multi-prolonged approach.

(The writer is regional director, Comptia India)

Advertisement