NP Group Blog

Cyber Security Threat

Posted by Nik Patel on Sep 21, 2017 4:29:07 PM
Nik Patel

Historically antivirus, firewalls and password security was sufficient to protect an organisation from the threat of a security breach.

However as technology has evolved and cyber criminals gain additional intelligence and expertise, these simple measures can be overcome. Business now has a requirement to improve defensive technologies, and to do so with an ever quicker response time. There are a significant number of security products have subsequently been developed; but as quick as they are developed,  cyber criminals seek to exploit the weaknesses that may still exist.


Increasing cyber-attacks on the critical infrastructure has rendered worldwide security at risk. The prime motive behind these attacks is to gain access to financial information and / or retrieve sensitive information related to organisations’ operational strategies, government defence moves. Further, banking & financial institutions, stock exchanges are also becoming highly vulnerable to the cyber-attacks.

New and complex protection solutions are being created every day but with the Internet of Things becoming increasingly and inextricably intertwined (24 billion devices by 2020) more and more weaknesses will be available to exploit and for a cybercriminal, this presents a tempting opportunity. 

The Cyber Security market remains a candidate driven market where demand for specialist skills completely outstrips the provision of available skills - something which my colleague Therese has written about, assessing the cyber security talent shortage. This is because there just isn't enough talent to serve the demand - put simply, not enough people have chosen information security careers. This means cyber security skills are at a premium. Cyber security has become a far more recognized and valuable skill in the recent years. This recognition has become more pronounced in a relatively short period of time.  The level of high profile breaches and changing regulations have vastly increased the demand for professionals that possess security expertise.  

Consequently, there is a marked increase in the number of students pursuing related degrees, and information security careers. However, it will take a while for the university system to be able to add enough supply to meet the demand - something which my colleague James has written more about in another blog you can read here. The situation is exacerbated as many organisations prefer to hire experienced staff and such hires often may conflict with available budgets, and pay expectations within organisations. Businesses are then pushed to recruit less experienced staff, and provide the relevant training. The up-skilled individuals lead to their market value outpacing their annual remuneration rises. It remains a real challenge in such a market and this may further contribute to short tenure, rising salaries, and a lack of sufficient ongoing training and development. To mitigate this, the number of cyber security contract jobs rises significantly - again pushing up pay packets, and putting further pressure on the shortage of permanant information security professionals. 

It is clear that business requires Cyber Security expertise, and to ensure they offer a strong EVP (Employer Value Proposition) to attract the right candidates - something which NCC Group recognised when they partnered with NP Group. There is therefore a real need to demonstrate to candidates and employees a strong career support and flexibility. In such a market companies must particularly recognise that the candidate interviews the client as much as the other way round for these particular roles. That's why many organisation turn to security recruitment agencies like NP Group's Information and Cyber Security Practice. Successful candidates have the real advantage in what roles they select, and are able to push for higher remuneration levels given the demand for their skillsets.

Typically such information security professionals will be able to travel and work in various global geographies both onsite and / or remotely. The ability to travel and operate in such a space remains an attraction for employees seeking such opportunity.  Employees reflect back to us that the satisfaction of knowing that you are a major part of securing a business or indeed a country's assets, is a great motivator and something they are proud to be a part of. Typical feedback from candidates and clients alike are that a key challenge they face, and enjoy, is keeping abreast of the constantly changing vulnerabilities and how to effectively remediate them, as well as keeping up-to-date with the latest security requirements

Interestingly there have been some rather notable acquisitions recently with big companies buying up smaller entities in the race to disband the cybercriminals. For example Cisco has snapped up Portcullis’s UK, USA, Spanish and French divisions to create one of the largest security assurance teams. BSI, the business standards company have announced the acquisition of Espion Ltd and Espion UK, experts at managing and securing corporate information, headquartered in Dublin. Security is paramount for every business and every individual so it is encouraging and reassuring that the business world is taking great strides to ensure this.

In the future we expect to see a massive increase in the market. For example: In 2004, the global cybersecurity market was valued at $3.5 billion (£2.43bn). In 2011 it was $64 billion; in 2015 it was $78 billion; and it's projected to be worth $120 billion by 2017. I expect the market size of the cyber industry to increase even faster, reaching $175 billion by the end of 2017. [Source Wired 2016]

In conclusion, it is more apparent than ever that this space presents an ongoing challenge for business, individuals and governments. In addition, the pace of change continues to be ever faster and with ever increasing risk in a world that moves towards greater reliance on technology. Where cybercriminals will next concentrate their efforts is unknown. They have the initiative. It is only after new attack techniques are causing damage that security solutions tailored to thwart them can be created; the vicious cycle of act and react continues. 

Topics: cyber security