By Tushar Haralkar, Security Software Technical Sales Leader, IBM Technology Sales, India/South Asia
India is among the most targeted countries in the world, with our industries being particularly vulnerable to server access attacks, ransomware attacks, and data thefts over recent years. The recent IBM ‘Cost of data breach’ report 2022, highlights that India’s data breach costs increase to 176 million in 2022, nearly 25% over the past 2 years. This points to an accelerated need for a constant supply of rightly skilled talent to counter
and pre-empt such cyberattacks.
There is no doubt that cyber literacy and awareness continue to play a key role in the ongoing battle against bad actors and ransomware—but what about preventing and/or fixing these problems? Finding the security professionals to tackle these roles is essential, but given the way, ransomware has flourished, it’s clear that these needs be made a bigger priority. Professional expertise is needed to combat malicious cyber intent. It is imperative that companies make cybersecurity awareness, prevention, and practices a crucial part of their culture for the cyber battle to be won. For aspiring professionals who are keen to pursue a career in cybersecurity, here are a few most sought-after skills.
Understanding of Malware
The ability to use advanced threat protection software that is designed to detect, identify, and prevent Advanced Persistent Threats (APTs) is a highly valued skill. Detecting threats that have successfully circumvented traditional security features such as anti-virus and firewalls, is extremely challenging. It requires extensive knowledge of all forms of malware, which might be lurking in the form of viruses, trojans, or rootlets. Today, there are advanced solutions that leverage AI/ML technologies to identify malware successfully.
Familiarity with these tools is essential.
Coding Skills: Today, most jobs in the technology domain require extensive coding and programming skills, and security professionals are no exception. Being well-versed in popular programming languages, especially Python, is much needed.
Knowledge of Networks: Given that the network is at the core of any IT system, vulnerabilities in the network are often targeted by cybercriminals to breach security. Therefore, cybersecurity professionals must intimately understand the network that their organization uses and be familiar with its functioning.
Encryption skills: Encryption or the process of encoding information by converting it from its original form to an alternate form known as ciphertext is an important part of cyber security processes. Therefore, a thorough understanding of data encryption methods that can protect data and prevent unauthorised access is an important skill in the repertoire of cybersecurity professionals.
Threat Modelling: Threat modelling essentially refers to the process of securing applications, systems, and processes within the organization. The first step is to identify intent and vulnerabilities before putting in place countermeasures that can prevent or mitigate the effects of threats to the system. This forms the basis to identify security requirements and develop security policies, making it a key skill.
Risk Assessment: Given the nature of the job, being accountable and having a knack to identify potential threats and assess their severity and potential impact can be helpful. In fact, a new IBM study found that a sense of duty to protect others was cited among the top reasons 77% of respondents entered the field of Incident Response (IR).
Collaboration: Beyond technical skills, cracking vulnerabilities and identifying threats requires cybersecurity professionals to work closely with larger teams. The job also requires collaboration with other business functions such as legal, IT, PR etc, when it comes to handling breaches and incident response.
Threat knowledge: It is important to keep up-to-date on the threat landscape and different attack vectors like phishing, smishing, vishing, ransomware, SQL Injection, Denial-of-Service, Man-in-the-Middle, etc. You can also get started with the Open Web Application Security Project (OWASP) Top 10 a document that outlines the top 10 web application security risks.
Controls and frameworks: A cybersecurity framework provides a collection of best practices, policies, tools, and security protocols designed to help secure an organization’s data and business operations.
Need to know some of the most common cybersecurity frameworks, including:
o National Institute of Standards and Technology (NIST)
o International Organization for Standardisation (ISO)
o Center for Information Security (CIS)
o System and Organization Controls 2 (SOC 2)
Cloud Security: As more and more businesses move to cloud environments, having cloud security skills is a must to have. The need for cloud security skills is expected to grow by 115 percent over the next four years, making it the most lucrative skill in the industry.
To help create a strong foundation of digital awareness across society, increasing public awareness through targeted education about cybersecurity continues to be important. Cyber literacy is a necessary ingredient in the building of cyber resilience and a timely opportunity for greater engagement and partnership between the public and private sectors.