Posted: 28 Apr 2021
For many companies who transitioned at speed to remote working last year, the experience has highlighted the need to strengthen IT security resources.
Overall awareness of cybercrime is increasing and more companies need help to manage the additional risks that working from home has introduced.
It is certainly the case that working from home has introduced more risk. Companies are highly aware that data breaches and cybercrime incidents can be hugely damaging if they are not correctly managed. We’re seeing larger companies carrying out cybersecurity risk assessments, vulnerability audits, testing exercises and so on. But even the biggest organisations can find monitoring remote work from a cybersecurity perspective difficult, particularly where there is a risk of employees using personal mobile phones or laptops, firewalls that haven’t been properly configured, vulnerable WiFi setups or unpatched systems or software versions. A lot of companies are looking to strengthen IT capability at the moment either by recruiting or by bringing in IT contractors to work on specific projects.
2. Weak/shared passwords
3. Unsecured WiFi networks
4. Outdated firewall software
5. Configuration errors
6. Personal devices
7. Unencrypted file sharing
8. Lack of cybersecurity training
9. Device and/or data loss/theft
10. Video conferencing vulnerabilities
11. Supply chain vulnerabilities e.g. security weaknesses of business partners/suppliers
12. Opportunistic crime eg where employees use company devices in public places
At national level, a 2020 Department of Justice cybercrime report identifies the most significant current cybercrime threats as:
• ransomware and other malware threats,
• data breaches and network attacks,
• spear phishing (targeting specific individuals for the purposes of distributing malware or extracting sensitive information, and
• attacks against critical infrastructure.
In terms of risks to business, PwC’s 2020 Irish Economic Crime Survey highlights that when asked whether their organisation has experienced any form of fraud, corruption, cybercrime or other economic crime within the past 24 months, 51% of Irish respondents said, ‘yes’.
“We have identified criminal and state-sponsored campaigns exploiting the COVID-19 crisis. We also expect that cyber criminals will use VPN and video conferencing software lures to take advantage of users’ unfamiliarity with remote working,” PwC says.
Elsewhere, Deloitte recently highlighted that, “cyber criminals attempting to access corporate data, customer information and intellectual property are not the only threat to businesses—employees can also be a weak link in corporate IT security systems.”
Upgrading hardware and systems and raising employee awareness through regular training and communication are key tools in the fight against cybercrime but require investment and can put pressure on already stretched IT teams. Companies also need to be aware of potential weaknesses in their supply chain. Managing all of this is difficult at the best of times and even more challenging when people are working from home.
From a cybersecurity point of view, some of the most common risks associated with remote working include insecure Wi/Fi and firewalls, phishing and spear phishing.
A related trend contributing to the current demand for IT professionals is that advanced technologies like artificial intelligence, machine learning and robotic process automation—which can enhance operational efficiency when successfully implemented—are also enabling cyber attackers to collaborate and carry out more attacks in a shorter space of time. Previously on this website, we looked at how ransomware attacks and developments in artificial intelligence and machine learning require resources in terms of technology as well as people
“Companies need to build in cybersecurity measures from the outset when designing systems and embed a security culture to protect against cybercrime,” says Eolas Recruitment Technical Manager Peter Kirby.
“That often requires additional resources because IT teams find it hard to balance ongoing maintenance, supporting users and meeting day-to-day business demands with the need to keep up with and defend against emerging cybercrime threats.”
Experience and skills
Asked about the type of experience that employers are looking for when hiring for cybersecurity roles, Peter says that senior roles typically require experienced candidates with deep knowledge of emerging threats who can review security, identify gaps and recommend changes.
“This means having highly advanced knowledge in areas like technical IT domains, operating systems, networks, databases, mobile and cloud.”
In terms of educational qualifications, degrees in information technology, cyber or cloud security or software engineering are an advantage while sought after technical skills include knowledge of web development and application security, Azure, AWS and certifications like CISSP, CISM or SANS, adds Peter.
A strong commitment to personal development is also important, says Eolas Recruitment Principal Consultant Stephen Daly who advises that candidates should keep their skills up to date and make sure that their CV includes any post-qualification certifications they have acquired.
“Good interpersonal and communication skills is also important as most senior roles involve managing relationships with senior management and business partners as well as with the company’s internal teams. Leadership and presentation skills, for example, are among the most highly sought-after non-technical skills,” adds Stephen.
Ireland is not unusual in experiencing strong demand for cybersecurity workers. CSO Online recently reported that 40% of IT leaders say cybersecurity jobs are the most difficult to fill, making cybersecurity “a lucrative job field” for IT workers with relevant skills. We are always happy to chat and our website eolas.ie is always the best place to start your search, its constantly updated with super opportunities.Previous Page Search IT JobsContact Us
The chances are if you applied for a job online in the last few years, you may have encountered artificial intelligence tools. Typically, these tools aim to do things like speed up the process of reviewing applications, particularly where there are...Read more
What exactly is Web3? It was Ethereum co-founder Gavin Wood who came up with the term ‘Web3’ in 2014, using it to describe a decentralised digital economy where peer-to-peer interactions are verified via blockchain technology. Enthusiasts...Read more
Our experience is that while some individuals have a definite preference for the security and benefits afforded by good permanent roles, others value the flexibility and independence that contracting can provide. This short article summarises...Read more