According to HP's Chief Information Security Officer, three approaches are needed to better manage the cybersecurity threats facing employers today.
Those approaches are to:
· develop overall resilience against multiple threats
· share useful information with other cyberattack victims to better protect the business community as a whole, and
· seek workers with nontraditional skill sets to fill open cyber defense jobs.
The first approach is to recognize the need for resilience to counter the shift from the traditional paradigm of a one-on-one attacker-and-victim relationship to address the current trend of "one-to-many" attacks. Cybercriminals are realizing that they no longer need to expend resources on a single victim if they can find a common nexus between many victims, such as a supply chain vendor that services hundreds or even thousands of potential victims. For the same effort, cybercriminals could break into dozens or scores of systems. Thus, the need arises for employers to shift their cyber defense mindset from data protection to overall resilience from multiple sources of infection.
Next, collaboration among public and private sector organizations to understand how attackers are operating will be crucial. Thinking about what is and is not helpful to disclose around breaches is required. Indicators of compromise are often out of date as soon as they are published. The current conversation can be too centered around whether an organization was breached or not.
If, as many believe, breaches are close to inevitable, businesses should focus more on sharing breach findings and post-mortem results that will help others. After all, as HP's global head of security for personal systems explained, cybercriminal organizations are run like businesses now. They have become masters at sharing intelligence, information, and tools to further their objectives. Legitimate businesses should be doing the same.
Finally, the IT industry is short of more than two million cybersecurity professionals globally. Looking beyond the degreed applicants to seeking nontraditionally educated people could bring in workers mid-to-late in their careers who have a rich set of skills in areas such as risk management or communication. "3 Ways We Can Improve Cybersecurity" www.darkreading.com (Apr. 22, 2022).