October has been a busy month for the C8 team. With many of our clients operating in the cybersecurity space, Cybersecurity Awareness Month (CSAM) was always going to be jam-packed with forward features, thought leadership pieces, speaker opportunities and rapid response commentary.
We re-grouped as a team to discuss what we have learnt from this year’s campaign. From reflecting on insight shared by our clients’ own industry experts and the latest news stories on the increase in ransomware threats, to webinars on cybersecurity career skills shortages, here we share our thoughts…
Paula Elliott, Managing Director
Cybersecurity Awareness Month highlighted to me how important it is that we encourage the next generation of workers into this industry, as we are facing an acute skills shortage. However, I think many are not aware that this is a career choice to pursue because there are very few specific university degrees in cybersecurity.
I was therefore heartened to see that the NCSC has just started to offer degree apprenticeships in cybersecurity, but it is the only certified degree apprenticeship in England and Wales: Bursary and Degree Apprenticeship – NCSC.GOV.UK.
The NCSC CyberFirst programme is designed to help young people explore their passion for tech by introducing them to cybersecurity. CyberFirst covers a broad range of activities and offers a bursary to financially support undergraduates through university in a subject of their choice, in addition to the cybersecurity degree apprenticeship scheme. It is fantastic that the NCSC is offering this apprenticeship to young people as it is a very exciting and dynamic industry to work in with an abundance of opportunities. Let’s hope that we start to see more of these types of apprenticeship and degree schemes in 2022 as the industry badly needs it.
Michael Bartley, Deputy Managing Director
CSAM brought its usual learnings this year. Most notable of these was that unfortunately the world is an even scarier place than I had previously perceived. Stats pointed to increases in ransomware attacks; phishing, vishing and a multitude of other attack vectors abound and, regrettably, many organisations still see security as an afterthought. I fear things will get worse before they get better.
But aside from the norm, one thing which really piqued my interest was all the talk about the metaverse. Think of the metaverse as a shared virtual space where people are represented by digital avatars and where the virtual world grows and evolves based on the decisions and actions of the society within it. Many organisations, such as the recently rebranded Facebook, believe it will offer boundless possibilities in augmented and virtual reality technologies – in fact, they staked their name on it. If you’re interested, I recently wrote a piece on this for PRWeek. But I digress, the most interesting thing about this is that this ‘new world’ will afford adversaries access to a whole new attack surface. I’ll be interested to see how cybersecurity laws and protocols will be reconsidered, amended, and perhaps even invented in a bid to combat what will be a whole new area of relative weakness for individuals and businesses alike.
Jim Pople, PR Director
I was surprised to read an article in Fortune magazine in October – at the start of CSAM – which claimed that the total number of publicly reported data breaches had already surpassed the full-year total from 2020. Whilst hackers’ methods have become increasingly sophisticated, this really puts the onus on individuals, and organisations, to ensure they adhere to the best practices shared by thought leaders every October.
With the month’s focus normally pivoted towards how individuals can protect their own credentials – for example in using different passwords for different websites – this should serve as a huge wake-up call. We shouldn’t assume that fraudsters using compromised credentials to inflict serious reputational and financial damage upon individuals and organisations is something that ‘always happens to someone else’; vigilance around data and how it can be used should be top of mind.
Kiri O’Leary, PR Manager
We are constantly reminded of the skills shortage within the industry. This year’s CSAM’s week-long campaign, “Cybersecurity Career Awareness Week”, aimed to inspire and promote the exploration of cybersecurity careers. What I’ve come to realise is that the problem is extremely complex, and it isn’t going to go away overnight without fundamental changes within the government and private sector. While changes should be made within the education system to arm a new generation of cyber-savvy workers, it’s important to recognise that the pool of talent would be widened if those from underrepresented communities, such as ethnic minorities and women, were empowered to embark upon a career in the industry. According to the Aspen Digital Tech Policy hub, gender diversity is poor within the US, with women representing just 24% of the cybersecurity workforce. As BlueVoyant’s Chairman, Robert Hannigan, highlights companies should also be more inclusive to those from non-technical backgrounds, “Organisations should be open-minded and not have tunnel-vision for a candidate with a computer science degree; they should be much more open to experience and aptitude.” It’s also important for businesses to be open to hiring candidates with little experience in cyber, as it’s never too late to re-train and learn new skills. As Robert says, “You don’t have to be 20 years old to do this.”
Jessica Kelliher, PR Executive
Jessica Kelliher, PR ExecutiveI think there is quite a stigma behind working in cybersecurity. Most think that the industry is only for men who sit at a desk coding all day. But working in cybersecurity is so much more than that, it is a dynamic industry for everyone with a lot of possibilities, not to mention a great career path. There is currently a shortage of 350,000+ cybersecurity specialists in Europe alone, and a reason for this may be the lack of direct university courses on cybersecurity. If UK universities were to introduce new topics and start to steer away from generic IT courses, they would be the initiator to solving a huge skills gap, whilst also developing new and evolving technology. That being said, if IT is not necessarily your forte that does not mean the industry is not for you. Marketing, HR, and finance roles are also all needed within the industry and people can often forget this. CSAM has taught me that working in this industry – you are valued. It is hard to recruit for, but those who do join the industry are truly appreciated.
Megan Mackintosh, Junior PR Executive
This CSAM has felt particularly prescient to me as I start my career in tech PR. We live in an era that means no one is isolated from the impact of a data breach or cyberattack – even as a consumer, my personal information and even bank details are scattered across the internet in the databases of countless organisations. It is hard to miss the regular news stories of large corporate data breaches, and each one – on top of bringing financial and reputational damage to the victim organisation – ripples out to affect customers, causing stress and sometimes exposing them to scammers. But it is only in working for cybersecurity clients that I have come to understand the extent of the issue. What has surprised me most to learn is just how large a role human error plays in organisational data breaches. HelpSystems, an IT software solutions client, offers a range of solutions designed to prevent this risk, including email security software and data classification solutions designed to limit access to the most sensitive information. From recognising social engineering and phishing attacks, to protecting access privileges when document sharing, it is clear that a cybersecurity strategy must be upheld at the individual employee level – in every task they complete. This is just as essential as the wider organisational strategies that a company implements. Zero Trust implementation, including a rigorous data classification strategy, helps to mitigate the very real risk of human error whilst also instilling a culture in which cybersecurity is at the forefront of every employee’s mind.
Polly Pye, Junior PR Executive
I knew virtually nothing about cybersecurity prior to joining C8 in June, which I think is reflective of how most consumers feel. CSAM has made me realise how much of a pressing issue cybersecurity has really become. We see daily news stories delineating the upsurge in ransomware and other cyber-attacks, now frequently aimed at critical national infrastructure including hospitals, positioning cybersecurity threats as stark reality in the world today. Cybersecurity is an industry that faces misconceptions; it is clearly experiencing exponential growth and I think it’s particularly admirable seeing women in high-level positions in the field.
To find out more on how C8 can help your business thrive in the cybersecurity space, contact us now!