Posted: 24 Mar 2021
With ransomware and other cyber crime costing businesses millions of euro every year, competition to attract IT professionals with strong security skills is growing, says Eolas Recruitment.
This time last year, a Microsoft blog (5 March 2020) explained how auto-spreading malware is not the only ransomware threat that organisations and their IT teams need to worry about. Preventable human-operated campaigns that take advantage of network configuration weaknesses and vulnerable services are also on the increase.
Exploiting software vulnerabilities and targeting supply chain weaknesses are among the ways cyber criminals attack organisations. The Solar Winds incident, widely reported earlier this year, highlighted that such incidents can go unnoticed for a period of time, making it more difficult to implement effective remedies.
Elsewhere, personalised attacks, spear phishing and using advanced technologies to target businesses and remote workers are also on the increase.
Financial reward is usually the motivation for these attacks, whether through ransom or by obtaining and selling data. Globally, there are numerous reports of ransomware attacks on hospitals where patient records can be valuable to cyber criminals. Attacks on businesses are also on the increase and state-sponsored actors are targeting weaknesses in government bodies and national infrastructure.
According to Arcserve, who specialise in helping organisations protect digital assets, “an ounce of ransomware prevention is worth a pound of cure—especially when the ‘cure’ includes paying for forensics, legal fees, fines and penalties, data recovery, and more.”
Cloud based solutions, effective backups, a security-aware culture, applying patches promptly, restricting access privileges, developing and testing business continuity and disaster recovery plans, and having integrated cybersecurity and ransomware protection in place are among the steps Arcserve says organisations can take to protect themselves.
While solution providers recommend adopting an integrated or holistic approach to protect organisations against ransomware and other forms of cyber crime, others suggest that legislation will be needed to tackle the problem.
Ransomware is “close to getting out of control” the former head of the UK National Cyber Security Centre told Dan Sabbagh, the defence and security editor of The Guardian recently (24 Jan 2021) arguing that changes to the law are needed to prevent companies paying ransoms and claiming back on insurance.
In September 2020, the European Commission announced a new Digital Finance Package and highlighted that technology companies are becoming more important in the area of finance, both as IT providers for financial firms, as well as providers of financial services themselves.
The EU’s proposed ‘Digital Operational Resilience Act’ (DORA) “aims to ensure that all participants in the financial system have the necessary safeguards in place to mitigate cyber-attacks and other risks”.
The proposed legislation will require all firms to ensure that they can withstand all types of Information and Communication Technology (ICT) – related disruptions and threats. It also introduces an oversight framework for ICT providers, such as cloud computing service providers.
If the worst happens and you are the victim of a ransomware attack, Europol guidance available on the Garda website, says that you should not pay the ransom.
“Paying does not guarantee that your problem will be solved and that you will be able to access your files again. In addition, you will be supporting the cybercriminals’ business and the financing of their illegal activities,” the guidance says.
Whether you pay or not, there is a risk that data breached in an attack will be published online with potentially serious consequences for your organisation and customers.
“Reports about ransomware attacks targeting businesses, public bodies and even high profile individuals are making people more aware than ever of the need to implement integrated, holistic defences across their IT infrastructure and systems. This is feeding the demand for security related skills in areas like applications development, infrastructure, networks and telecoms,” says Eolas Recruitment Technical Lead Peter Kirby.
Peter says Covid-19 has also had an impact on the risk environment for businesses.
“In Ireland, working practices changed rapidly last year due to people having to work from home. While this helped a lot of businesses to keep trading, it also highlighted weaknesses in systems. We are now seeing companies very focused on sourcing candidates with proven integration skills who are capable of developing a holistic approach to managing security related issues,” Peter adds.
Peter’s comments echo findings in the latest Threat Landscape report from Enisa, the European Union Agency for Cybersecurity, which says that existing cybersecurity measures have weakened due to the changes in working and infrastructure patterns caused by the COVID-19 pandemic.
Asked about the type of work that IT security professionals are doing, Eolas Recruitment’s Principal Consultant Stephen Daly says there are opportunities for both permanent and contract IT workers in the current market.
“In terms of the actual work that roles involve, this varies depending on the level of the role. For IT engineers and architects it can be anything from developing cyber security policies to reviewing architectures, recommending changes and enhancements, defining requirements and managing risk.
“Companies are looking for experienced candidates with a good working knowledge of network and web related protocols who understand how to model threats and are comfortable working at every level across discovery, analysis, design, build, test and deployment of solutions. As well as knowledge of various platforms and strong technical skills, it helps if candidates are good communicators and can demonstrate problem-solving ability, forensic skills and evidence of commitment to ongoing learning and development,” adds Stephen.
If you are interested in finding out about current opportunities or are seeking to attract candidates with IT security skills, it is worth touching base with Eolas Recruitment. Contact a member of the team for information and/or advice. Current opportunities for candidates are listed on this website’s Job Search page while you can find out more about how Eolas Recruitment works with companies and candidates in these informational videos and online reviews.Previous Page Search IT JobsContact Us