Connect with us

Cyber Security

Skills Gap Exposes Organisations to Risks

Published

on

Written by Rob Rashotte, Vice President, Global Training & Technical Field Enablement at Fortinet

With nearly 4 million professionals needed to fill critical cybersecurity roles, organizations around the globe are feeling the impact of the ongoing skills gap. Breaches can rarely be attributed to a single cause, yet 58% of leaders indicate that a lack of IT and cybersecurity skills and training within their organization contributes to security incidents.

Rob Rashotte, Vice President, Global Training & Technical Field Enablement at Fortinet

It only takes a single cyber incident to open any organization to new threats and vulnerabilities. For example, following a breach, threat actors now have valuable insights about an enterprise’s environment that they can use to craft a new attack. Others may attempt to capitalize off a previous breach, viewing a recently compromised organization as low-hanging fruit.

While understanding and taking steps to mitigate these risks is crucial, what is often even more concerning, especially to those in C-level positions and on the board of directors, is the potential impact these incidents can have on business operations. That’s why closing risk management strategy gaps, including addressing critical resources like staffing, is vital to protect any organization effectively.

The Skills Shortage Increases Cyber Risks, Leading to New Threats and Vulnerabilities
Cybercriminals continue to advance their operations, refining well-known attack methods and using generative AI to speed their efforts. Therefore, it’s not surprising that cybersecurity incidents are rising worldwide. According to Fortinet’s 2024 Cybersecurity Skills Gap Report, almost 90% of businesses experienced one or more security breaches last year, up from 84% in 2024 and 80% in 2021. The dire need for skilled cybersecurity professionals puts businesses at a disadvantage: Nearly three-quarters of leaders agree that the cybersecurity skills gap creates additional risks for their enterprise.

Breaches are equally common across all regions, with the average number of breaches per organization in Asia Pacific being the highest (3.18) and Latin America being the lowest (2.79). And the percentage of organizations that report suffering no breaches at all continues to shrink—just 13% of businesses had zero breaches in 2023 compared to 15% the year before and 20% in 2021.

As Breaches Rise, the Threat Landscape Remains Familiar
While organizations increasingly fall victim to cybercriminals, the attacks used to compromise networks are familiar to defenders. Malware, phishing, and web attacks combined accounted for 80% of all attacks organizations experienced yearly. Password attacks were more common in North America, and leaders in APAC experienced a higher percentage of phishing and web attacks than in other regions.

Cyber Incidents Have Far-Reaching Impacts
Cybersecurity incidents have increasingly significant impacts on organizations, ranging from financial to reputational challenges. More than half (53%) of leaders say breaches cost their organizations over $1 million in 2023, with North America and APAC reporting the most financially damaging attacks. Regarding recovery time, 63% said it took more than one month to bounce back from a cyberattack, with the average time being nearly three months.

In addition to monetary ramifications and lengthy recovery times, corporate leaders are held accountable when breaches occur: 51% of IT and security leaders say that board members or executives have faced fines, jail time, loss of their position, and loss of employment following a cyberattack.

A Robust Cybersecurity Program Requires Technology, Training, and Awareness
The stakes are high for organizations when it comes to cybersecurity. Breaches continue to take a financial toll, and senior leaders are sometimes penalized when they happen. With the growing skills gap creating additional risks for organizations, many businesses are embracing new, creative approaches to recruiting, hiring, and retaining skilled professionals. It’s encouraging that leaders pursue unique initiatives and collaborate across the public and private sectors to address this challenge, as this is a crucial piece of the puzzle for strengthening an organization’s overall defences.

Given these complexities, organizations should focus on a three-pronged approach to cybersecurity that blends technology, training, and awareness. Fortinet offers the most extensive integrated portfolio of over 50 enterprise-grade products through our Fortinet Security Fabric platform. Additionally, the award-winning Fortinet Training Institute, one of the industry’s broadest training and certification programs, is dedicated to making cybersecurity certification and new career opportunities available to everyone and offering current professionals the chance to advance their skill sets.

The institute offers a variety of free and low-cost education and certification programs, unique initiatives to upskill and reskill individuals from diverse backgrounds, and more. The Fortinet Training Institute also has a Security Awareness Training offering designed to help organizations cultivate a more cyber-aware workforce.

Cybercriminals aren’t slowing down anytime soon, making cybersecurity an “all hands on deck” effort for every organization. Highly skilled professionals with access to the right cybersecurity technologies are essential to protecting businesses from breaches, as is having cyber-aware employees who can serve as a solid first line of defence. By refreshing and strengthening distinct aspects of a risk management strategy, an enterprise will be better positioned to defend against the speed and volume of today’s attacks.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Cyber Security

AmiViz Champions Cybersecurity Innovation at Leading MENA Events

Published

on

AmiViz has announced its successful participation in two key regional cybersecurity conferences: MENA ISC 2024 in Saudi Arabia, and CYSEC UAE 2024 in the UAE. These events have served as a platform for AmiViz to collaborate with its top vendors, including Bitsight, Cequence Security, Picus Security, AlgoSec, BlackBerry, Check Point, Tenable, Asimily, and Threatcop, to showcase cutting-edge cybersecurity technologies and solutions.

Throughout these events, AmiViz engaged deeply with partners and customers, gaining invaluable insights into the unique cybersecurity challenges faced in the region. The focus was on promoting new technologies that address these challenges and enhance security protocols for businesses operating in the dynamic Middle Eastern market.

“Our presence at the MENA ISC 2024, and CYSEC UAE 2024 has been a remarkable opportunity for us to not only present our innovative solutions but also to understand firsthand the needs and pain points of our clients,” stated Ilyas Mohammed, COO at AmiViz. “Collaboration with our key vendors has allowed us to offer a comprehensive suite of cybersecurity products and services that cater specifically to the complexities of this region.”

AmiViz’s participation in these events underscores its commitment to advancing cybersecurity readiness and resilience across the Middle East. By leveraging strategic partnerships with leading global vendors, AmiViz continues to bring state-of-the-art cybersecurity solutions to the forefront, helping businesses protect their critical assets against increasingly sophisticated cyber threats.

AmiViz, along with its key vendors, will continue participating in major tech events, with plans for a strong presence at GITEX next month. Following GITEX, the company is gearing up for Black Hat in Saudi Arabia this November, showcasing its cutting-edge cybersecurity solutions to the region.

Continue Reading

Cyber Security

UAE and Saudi Arabia Face Unprecedented 70% Rise in Threats: Positive Technologies

Published

on

Positive Technologies experts have unveiled comprehensive research on the shadow market of cybercriminal services targeting the Gulf countries. The UAE and Saudi Arabian organizations remain in the crosshairs of cybercriminals, and over half of all posts on darknet forums are about selling data and access to local companies’ infrastructures. Researchers have highlighted a sharp increase in the free distribution of such data on the dark web, along with a surge in reports of DDoS attacks targeting the public sector and other industries. One in five ads analyzed was related to buying or selling access, with two-thirds available for under $1,000.

According to the research, cybercriminals remain focused on the two largest economies in the region—the UAE (40% of all posts) and Saudi Arabia (26%). The spotlight on darknet forums is on the public sector, which accounted for 21% of all analyzed posts. Most of the data (63%) related to regional government institutions was published for free as part of hacktivist attacks. Next in line for most popular on the dark web are commerce (16% of all ads), the service sector (15%), and financial institutions (13%).

Amid geopolitical tensions, hacker groups have ramped up calls for DDoS attacks and breaches to disrupt government institutions in the region. In the first half of 2024, the number of reports on the results of DDoS attacks on the dark web surged by 70% compared to the same period in 2023. Beyond the public sector, hacktivists also targeted the financial and transportation sectors.

According to the research, 33% of all the analyzed ads were linked to data breaches. One-third of these messages were about selling information. In these ads, criminals primarily offered databases stolen from major commerce companies, with an average cost of $2,300.

Positive Technologies analyst Anastasiya Chursina commented, “When compared to our previous research over a similar period, the share of freely distributed data almost doubled (up to 59%). This allows criminals to broaden the profiles of potential victims for targeted attacks. If the victim refuses to pay the ransom, both ransomware groups, as well as hacktivists (whose goal is to draw public attention to a political stance rather than just receive financial gain), can distribute data for free.”

Accessing company information resources is the second most common type of dark web ads, making up 21% of all listings. According to the research, in 70% of all cases, access can be bought for less than $1,000. The vast amount of access-for-sale ads on the darknet and their low cost make it easier for cybercriminals to gain initial access and launch attacks on organizations in the region.

Positive Technologies recommends that companies build their defences based on result-driven cybersecurity, using modern tools such as application-level firewalls, including cloud versions, network traffic analysis systems, solutions for monitoring information security events and managing incidents, as well as metaproducts.

Continue Reading

Cyber Security

BotGuard OÜ to Offer Live Demos at GITEX GLOBAL 2024

Published

on

BotGuard OÜ will present its intuitive, user-friendly cybersecurity solution at GITEX GLOBAL 2024, focusing on effective bot protection. Live demonstrations in Hall 25 stand H25-21 will showcase the ease and efficiency of the technology in securing websites against malicious attacks. “Our participation in GITEX GLOBAL 2024 underscores our commitment to addressing the escalating malicious bot attacks faced by organizations worldwide,” said Bertil Brendeke, Chief Revenue Officer (CRO) of BotGuard OÜ. “At GITEX, we aim to engage with industry leaders and stakeholders, sharing our expertise and practical technologies that can help fortify their defences.”

In 2023, 17% of API attacks involved bad bots exploiting business logic vulnerabilities. For hosting companies, such vulnerabilities can lead to unauthorised access to sensitive customer data or control over hosting resources, further emphasizing the need for reliable security protocols and regular audits of their systems. “BotGuard OÜ’s solutions are designed to address these exact challenges, enabling businesses to safeguard their digital assets. The technology is incredibly easy to use, making it accessible for businesses of all sizes,” the company said.

By participating in GITEX GLOBAL 2024, BotGuard OÜ aims to expand its reach in the Middle East, providing local businesses with the tools they need to combat cyber threats effectively. During the event, live demonstrations in Hall 25 stand H25-21 will showcase how their website protection can be set up within a minute. These demonstrations will highlight the efficiency and effectiveness of BotGuard’s solutions.

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.