Businesses Take Cybersecurity Seriously

Cyberattacks spur the need for more research and security professionals

15 May 2013

The New York Times, Facebook, Saudi Aramco, and Bank Muscat are just some of the organizations that have been victims of recent cyberattacks. These incidents include malware and virus attacks, phishing, misuse of social networks, and financial fraud.

Findings from the Study of the Impact of Cyber Crime on Businesses in Canada, conducted by the International Cyber Security Protection Alliances, released on 8 May showed that over a one-year period, nearly 70 percent of the country’s businesses said they experienced some type of cyberattack. About a quarter of those interviewed said that attacks had a considerable impact on their businesses, both in terms of financial loss and damage to its reputation, with financial fraud being the biggest threat.

Although organizations are using more secure software and defensive measures to protect their information systems, users, and data, cybercriminals have become more sophisticated. To try to stay one step ahead of them, researchers are working on innovative solutions. The IEEE Computer Society’s Computer magazine featured the work of several in its April special issue on cybersecurity. Articles include “Wide-Area Situational Awareness for Critical Infrastructure Protection,” “Cyberentity Security in the Internet of Things,” and “Who Am I? Analyzing Digital Personas in Cybercrime Investigations.”

While these new applications will take time to reach the marketplace, businesses still need to protect themselves against attacks. According to the Canadian study, 44 percent of the businesses surveyed said they contacted an external agency for help. But help might be hard to find because information technology security experts are in short supply—at least in the United States, according to a report from Burning Glass Technologies that was detailed in a recent Computerworld magazine article. Burning Glass based its study on job postings for cybersecurity professionals placed by U.S. businesses and government agencies over the past five years.

The report showed that demand for cybersecurity professionals over that time period grew 3 times faster than demand for other IT jobs and about 12 times faster than for all other jobs. The two most sought-after jobs were information security engineers and security analysts. The recent shortage has also meant better salaries for information security professionals compared with other IT jobs. For example, the advertised salary for cybersecurity jobs in 2012 was on average US $100 730 versus US $89 200 for other jobs in the field.

More security professionals will be needed, according to the 2013 (ISC)2 Global Information Security Workforce study. Several of the more than 12 000 information security professionals polled said they were understaffed. Some of the reasons given were business conditions, company executives not fully understanding security needs, and an inability to locate qualified information security professionals.

What skills are in demand? A broad understanding of the security field, communication skills, technical knowledge, and an awareness and understanding of the latest security threats, according to the respondents. More than 45 percent indicated that their organizations require certification. Nearly 85 percent of defense contractors and 74 percent of private sector employers said certification was their top job requirement.

Has your company reported that it had been hacked? If you work as a cybersecurity professional or are someone who hires them, what skills do you look for?

Photo: Henrik Jonsson/iStockphoto

IEEE membership offers a wide range of benefits and opportunities for those who share a common interest in technology. If you are not already a member, consider joining IEEE and becoming part of a worldwide network of more than 400,000 students and professionals.

Learn More