Dr. Narayana Darapaneni, Professor AI/ML, Great Learning
As we mark Cybersecurity Awareness Month, it’s important to recognise that as organisations’ work practices evolve, data threats will continue to adapt and grow more complex. These threats are adapting in both intelligence and quantity—there are increasing opportunities for potential attacks with more machines connected online. The numbers clearly reflect the growing complexity organisations face today. As per recent industry numbers, Statista reported about 1.9 million unique global threats as of last year. Similarly, according to IBM’s latest Cost of a Data Breach Report 2023, the global average cost of a data breach in 2023 stood at USD 4.45 million, a significant increase over previous years. In further similar studies, IBM again noted the prominence of data theft and leak incidents, with a 71% year-over-year increase in the volume of attacks using valid credentials. Attackers are choosing to acquire identities over finding vulnerabilities, marking a shift in tactics. Other trends indicate a rise in valid accounts alongside phishing, besides a related increase in infostealer malware. Meanwhile, the rush to incorporate artificial intelligence (AI) in workspaces is giving attackers new options that organisations are still not fully equipped to handle.
The shift in cybercriminal tactics
Given the volume of threats and the constant shift in cybercriminals’ strategies, traditional cybersecurity might not suffice. This changing threat environment calls for an adaptive cybersecurity workforce that is knowledgeable and ready. Therefore, upskilling professionals will be critical to realising this vision. Skilled professionals will be needed to help organisations adjust to these new conditions and also anticipate future developments. Attackers today have ways of bypassing security measures, armed with intuitive tools capable of evolved reactions, and this could only get more potent in the days to come. For example, trojans like QakBot have found ways to become more efficient in their evasion and transmission. And criminals are using advanced methods to not merely steal data but infiltrate systems and manipulate data while even utilising AI for personalised phishing scams. The shift to cloud environments and the rise of the Internet of Things provide more opportunities for cybercriminals to exploit sensitive data in various manners down the line.
Modern tools modernise threats
This threat progression isn’t just about new types of attacks. Modern tools are assisting attackers in rethinking age-old practices. Case in point: The prevalence of ransomware-as-a-service platforms is making ransomware campaigns easy to launch. In the face of this complex threat ecosystem, cybersecurity professionals cannot afford a static skillset. Individuals in the field should upskill and be aware of real-world threats to know how to respond. Having a grasp of emerging digital topics will prove invaluable in helping organisations scale up their cybersecurity efforts and thwart potential attempts at data theft/manipulation.
The growing importance of adaptive skills
Upskilling measures could involve various choices, from mentorships to specialised programmes to certifications. A mentor’s perspective carries a lot of weight and can break down seemingly impenetrable areas of learning, while programmes tailored specifically towards cybersecurity issues like new-age network threats, AI/ML-assisted attacks, and ethical hacking deepen an individual’s knowledge and exposes them to practical simulations. And cybersecurity certifications such as the CISSP and those from ISACA and CompTIA validate professionals’ competencies and make them stand out. Skilling up can help individuals move up in an organisation and could fast-track people to positions such as cybersecurity analysts, cybersecurity managers, and even chief information security officers.
These specialised roles are on the rise as there is a demand for qualified IT professionals to deal with issues arising from botnets, malware, backdoor entry, and other regions. Some trending areas/skills professionals must look into to fulfil their requirements are:
- Understanding AI and its implications: AI could have a massive influence on the cybersecurity domain on both ends of the spectrum. Keeping up with AI-assisted threat detection could automate tasks and be a plus on resumes.
- Securing remote working environments: With remote work being embraced, endpoint security solutions, multi-factor authentication protocols, and best practices for managing remote access are essential elements to level up in.
- Cloud expertise: Understanding cloud security architectures and ways to secure vulnerabilities remains critical. Being proficient in data encryption, access controls, and incident response procedures specific to cloud platforms will appeal to organisations.
Upskilling is a continuous journey, especially in the cybersecurity domain. Attackers are posing questions that can be answered through only training and real-world exposure. A growth mindset will be invaluable to professionals here, whether attending workshops and conferences, taking online classes, or participating in professional certification programmes. Staying abreast of the latest trends in AI, machine learning, cloud computing, and other digital areas is necessary to understand how to respond to specific attack scenarios. Upskilling at the intersection of these domains and cybersecurity allows professionals to become effective at mitigating disruptive attacks and equips them with the expertise to combat threats in 2024 and beyond.