In recent years, however, because of the massive expansion of data repositories, the types of data being stored, and the advent of the Internet, it has become much more profitable to steal data and much easier to get it than ever before. To make matters worse, recent highly publicised data breaches at various major corporations have cost these firms tens of millions of dollars in corrective action, reputational damage and, in some cases, major internal organisational realignments.
With the ongoing battle to protect corporate digital assets, company security budgets will continue to rise and, as a result, the demand for qualified IT security professionals will continue to outstrip supply. Cultivating essential skill sets for IT security has become a vital topic. Some firms, based on the nature of their business and financial strength, will be willing to pay top dollar for the best possible talent and surround them with the best tools possible.
Other firms, due to either their business model or financial position, will take a less dramatic approach, thus doing the best they can with the available resources, prioritising funds toward a combination of general perimeter and detection activities, and place extra emphasis on protecting their most valuable and potentially damage digital assets.
Still other firms will outsource the majority of their security efforts, having decided they don’t have the technical ability, financial resources, or interest, based on the perceived risk and/or probability of a significant data breach. The International Data Corporation (IDC) recommends that organisations continually assess and reassess potential risks, risk tolerance, and changes in the organisations’ activities that may warrant a higher or lower level of desired security.
As the security cloud/outsourcing industry matures, companies need to continually assess whether security activities should be performed in-house or outsourced. Given the difficulty in finding and retaining security-knowledgeable professionals, companies should cultivate internal job candidates for IT security roles.
While internal candidates must be taught the security-based concepts, processes, and best practices, their current skills and experience provide a great platform from which to expand their knowledge and skills. There are various types of jobs required under the general data security umbrella, including non-technical roles, such as risk analyst/manager and data security officer/administrator, as well as technology-based roles, such as security research analyst and network security engineer.
With respect to data security and cyber crime in general, the technical arms race will continue to accelerate. Also, cyber crime activities will expand in type, complexity, and frequency as the cyber crime industry matures. Currently, security breaches have primarily been in the areas of acquisition of personal/credit data, intellectual property theft and, more recently, corporate humiliation.
The types, tactics, and reasons for cyber crime will continue to expand, putting even greater pressure on organisations to expand their data security budgets and more vigorously protect their digital infrastructure. Now and in the future, the demand for data security professionals will continue to outnumber supply. This shortage will, in turn, force IT organisations to devise creative ways to protect their computing environment.
Security will be one of the focus areas of the upcoming IDC South Africa CIO Summit, taking place at Emperors Palace in Johannesburg on 20 and 21 April. The cyber security session will look at a borderless ecosystem and how organisations and governments will need to relook their cyber security strategies and build actionable strategies to secure their environment.
