Cybercrime is a vast realm of numbers. In 2022, the Microsoft Digital Crimes Unit removed 531,000 unique phishing URLs and blocked 70 billion email and identity threats. Google reported a 38% increase in global cyberattacks that year, with a projected cost of $10.5 trillion by 2025. Cybercriminals enjoy the advantage of choosing when, how, and where to strike. They only need to exploit one vulnerability or deceive one person with a phishing email to succeed. This can make it seem like a losing battle for organizations, according to Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 AFRICA.
However, Collard asserts that it’s not a lost cause. While attackers can employ automation, artificial intelligence (AI), and sophisticated tactics, these tools are also available to defenders. Organizations can leverage AI and automation to filter attacks, prioritize responses, and maintain overall security. It’s a constant game of cat and mouse, where victories can swing either way.
According to Collard, the biggest challenge in the field of security is not the actual battle against cyber threats, but rather the lack of skilled professionals. The role of a security professional is often thankless, challenging, and stressful. When there are no breaches or issues, the security team goes unnoticed, but as soon as something happens, all eyes are on them.
Collard emphasizes that many security professionals experience anxiety and health problems due to the demotivating, stressful, and demanding nature of their career. It is crucial to recognize the complexity of the cybersecurity role and implement interventions that can reduce high staff turnover and the associated risks. Additionally, efforts should be made to attract more skilled individuals to join the profession.
The gap between talent and retention is growing wider, primarily because security used to revolve around understanding networking, firewalls, and anti-virus. However, it has now become a complex dance that requires insight and understanding across various environments, stakeholders, service providers, and solutions. This complexity is further exacerbated by the rise of hybrid and remote working frameworks and human error.
According to Collard, “People often have poor passwords, weak security on their home devices, click on phishing links, accidentally share passwords, and much more. Yet, businesses still expect security or IT personnel to handle all IT problems in the company, along with security responsibilities. This is an impossible demand.”
To win the cybersecurity battle, it’s crucial to invest strategically in security systems, employee training, and security personnel. This investment should align the people factor with the security factor, ensuring that those defending against cyberattacks are engaged, supported, and equipped to mitigate risks and manage threats.