Let’s talk a bit about the human side of security.
Sophos with some new research that looks at the human side of the story.
By an almost 3-to-1 measure, IT managers at organizations that had been afflicted by ransomware were more likely to say they felt “significantly behind” on their understanding of cyber threats compared to organizations unaffected by ransomware.
Ransomware inspires an even more urgent need for skilled IT security professionals: 35% of those who were ransomware victims named recruiting and retaining those employees as their #1 cybersecurity challenge (just 19% of organizations who hadn’t been hit by ransomware felt the same way).
Paradoxically, victimized organizations are likelier to spend more time on after-the-fact response measures (27% vs. 22%) and less time on threat prevention (42.6% vs. 49%). Those impacted are putting more resources into cleanup than prevention.
How about the young professionals in the space? Exabeam has their 2020 Cybersecurity Professionals Salary, Skills, and Stress Report.
53% of respondents under age 45 said AI and ML threaten their job security. 25% of those over age 45 believe the same.
89% of respondents under 45 years old believed emerging technology will improve their jobs. 47% are threatened by its use.
More than eight in 10 (83%) have been in the profession for 10 years or less and more than one-third (34%) have been in the cybersecurity industry for five years or less. In addition, 33% do not have formal cybersecurity degrees. This is younger than the previous year
Why do we care?
Bit disheartening at first glance to find out that those hit by ransomware seemingly pull back. You’d hope they would be a lot more about prevention after. I’ll postulate that the cleanup is so expensive it’s disproportionate.
There’s some real conflicting data here too – we need more security professionals, we want to retain them, but they worry about automation taking away their jobs, especially if they’re younger.
Human capital is the most expensive and valuable – smart employers will be thinking about how to retain top talent and reassure them that they have a place – or help them transition to the next place in their organization.