Part 6 of Cybera’s Introduction to Cybersecurity series
What are some of the top cybersecurity challenges?
Cybersecurity is continually challenged by hackers, data loss, privacy demands, and increased surface attack risks, coupled with the need to constantly evolve security strategies. These strategies must address these external threats, as well as internal pressures from any workforce shortages / skills gap, as well as supply chain and third-party risks.
In this post, we’ll outline the most common risks facing organizations, and what must be done to address them.
One of the more problematic elements of cybersecurity is the evolving nature of security risks. As new technologies emerge, or older technologies are used in new or different ways, new attack avenues are developed. Keeping up with these frequent changes in attacks, as well as updating practices to protect against them, is a necessity.
With more user data being collected online than ever before, the opportunities for cybercriminals to steal personally identifiable information (PII) is also growing. For example, an organization that stores PII in the cloud may be subject to a ransomware attack. It must therefore take extra steps to prevent a cloud breach.
Employees may accidentally bring threats and vulnerabilities into the workplace via their personal laptops or mobile devices. Likewise, they may act insecurely — for example, clicking on links or downloading attachments from phishing emails. Regular security awareness training with all employees will help them do their part in keeping the company safe from cyber threats.
Workforce shortage and skills gap
As the amount of data collected and used by businesses grows, the need for cybersecurity staff to analyze, manage and respond to incidents and threats against that data also increases. The International Information System Security Certification Consortium estimates the workplace gap between needed cybersecurity jobs and security professionals is 3.4 million. More companies are turning to creative solutions to fill this gap, such as training staff in-house, or sharing cybersecurity expertise between organizations (for example, Cybera’s Security Nexus program Cybera has a place for Alberta public institutions).
Supply chain attacks and third-party risks
Organizations can do their best to maintain security, but if the partners, suppliers and third-party vendors accessing their networks don’t act securely, all that effort is for naught. Software- and hardware-based supply chain attacks are increasing in scope and complexity. Organizations must address third-party risk in the supply chain and reduce software supply issues, for example, by using software bills of materials.
In the final article in our cybersecurity introductory series, we’ll circle back to the CIA Triad, and discuss how it can be used to address your identified cybersecurity risks.
Previous posts in Cybera’s Introduction to Cybersecurity series
- What is cybersecurity?
- Step one of building cybersecurity: What do you know?
- Step two of building cybersecurity: What threats do you face?
- Step three of building cybersecurity: Threat vs Attacks
Engage with us in cybersecurity discussions
Are there particular cybersecurity topics you’d like to chat with us about, or have us organize a community discussion about? Let us know via firstname.lastname@example.org.