Unfortunately there was no blogs that matched your keyword search criteria. Please try again or try searching for blogs by Category, Tag or Type instead
by Freddie Fulk
As companies compete for specialised professionals, discussions on the future of work are increasingly focusing on the advantages of blended...
As companies compete for specialised professionals, discussions on the future of work are increasingly focusing on the advantages of blended workforces. While many businesses have typically preferred permanent employees over contract labour, this is changing. More executives and hiring managers have discovered they need to explore beyond standard resourcing strategies in a tight employment market caused in large part by the pandemic.
The scarcity of available computer specialists is one of the most urgent challenges for companies. The demand for technological products and services is increasing in the digital age. However, according to IT Nation's People and Skills Report, IT job prospects have reached a 10-year high and now account for approximately 14 percent of the overall UK workforce. According to the Office for National Statistics, job opportunities in the UK will outnumber unemployment for the first time in 2022.
If you're having trouble hiring qualified permanent employees, is it time to consider how contractors can help your company? These choices may appear expensive on paper, but there is a wider picture to examine.
It is challenging to optimise the amount of employees in your workforce. It is about balancing the amount of employees so that they do not exceed the budget while also not becoming understaffed. Using contractors gives your company the flexibility to avoid these extremes.
Contractors will quickly assist you in meeting your needs. In the tech industry, you may be given enormous assignments or unique projects that require your organisation to rapidly expand up. Contractors provide your organisation with a one-of-a-kind opportunity to be flexible, which is critical in the tech era.
Some businesses are hesitant to engage with contractors because they believe it would prevent great talent, but this is not the case. Because of how quickly in-demand talents can change in the computer business, many highly talented individuals choose to work as contractors.
Furthermore, the tech industry often requires a fairly specific set of talents. These specialised skills are usually only necessary for a brief period of time. Using contractors to address these skill gaps within your company for certain projects and business goals is an easy option.
New Ideas and Abilities
Contractors generally have a lot more exposure to diverse firms and working settings because of their expertise working with multiple clients. As a result, they frequently add new perspectives and insights to the initiatives in which they are involved.
Their lack of ties to the company also provides them with the advantage of being able to examine an issue objectively and propose effective ideas that go beyond the status quo. A contractor's independence from a company also allows them to facilitate decision-making and adopt new methods without fear of internal bias.
Hiring a new permanent team member is a significant investment. In the fast-paced world of technology, finding and acquiring the appropriate talent can cost your company a lot of money. Even so, you can't be confident that they'll be a good fit. Utilise tech contractors to reduce the use of those resources.
A trial run will be important in determining whether or not that person is a good fit. It will also help you determine whether the position is something you will require in the long run. With the current increase in IT employment, how can you be certain that your firm has the correct tech position? Using contractors is a great way to test new positions you are considering acquiring for the long run.
Contractors are cost-effective resources for meeting project-driven demands as well as unforeseen upticks in internal operations and systems. Working with a contractor can help you save money on initial hiring costs if your budget is a barrier to employing fresh talent.
When compared to hiring permanent employees, outsourcing is an excellent way to save money. Take a look at the following:
- No holiday, sick, or overtime pay
- Only compensated for the exact set of hours you require them to work
- Reduced overhead costs
- Insurance covered by the agency
- Tax and pension dealt with by the contractor
- Controlled staffing budget
Many businesses have begun to reconsider their employment practises in the present economy, particularly in the fast-paced area of technology. Using contractors allows your firm to be more flexible, save money, gain access to a broader range of capabilities, and test the waters with tech jobs and people.
Has your organisation considered maximising on the trend by utilising contractors? Or do you require further assistance in navigating the world of contracting? Our team of recruiting professionals is ready to talk about the opportunities that contractors can bring to your firm. Contact us right away to learn more about how we can help you.
by Dominik Bart
Operations in cybersecurity are a simple concept. Operations in business refers to everything a company does to carry out its objective. Yet, in...
Operations in cybersecurity are a simple concept. Operations in business refers to everything a company does to carry out its objective. Yet, in order to do that, the business must also safeguard the assets required to achieve its objectives, and that's where cybersecurity comes into play.
Cybersecurity operations are the organisational activities required to secure the total company — and, in particular, its information assets — against cybersecurity threats. Internet information and resources need to be protected.
Protecting the organization's information, websites, databases, business processes, and communications is the primary objective of cybersecurity operations. In order to achieve this, they keep an eye on both internal and external activities on the network in order to spot any potential dangers or malicious conduct.
As a result of new technologies and shifting consumer needs, numerous networks grew, leaving cybersecurity without a centralised blueprint to follow. The disruption caused by the internet made it imperative for businesses to strengthen their security operations and assemble them under one roof. Companies were forced to examine their security architecture more closely as a result of the volume of alarms produced by intrusion detection/prevention systems, firewalls, and other systems.
Companies concerned not just that alerts weren't being examined due to a lack of educated personnel, but also that the volume of alerts was simply too high for prompt diagnosis. Organizations were frightened of what they didn't understand in terms of threat monitoring.
Outsourcing or internal development are the two options available to these firms for building security operations centre (SOC) capabilities. Monitoring network alarms is an acceptable technique to outsource cybersecurity tasks. Outsourcing cybersecurity operations essentially entails signing a contract with a managed security service provider to have them examine network alarms for any harmful activity. Those that are not malicious are discarded by the MSSP, while those that might actually be damaging are reported.
Trained personnel: Having experienced personnel immediately available, saves an organisation time and expense of hiring and training the dedicated people needed to do the analysis
Infrastructure: The MSSP (managed security service provider) already has the facilities and tools required to do the job, saving more time and the upfront expense of building out an Internal SOC
Continuous threat monitoring: MSSPs should provide SIEM capabilities that filter false alerts so forensics are only conducted on legitimate threats. This is proactive and continuous threat hunting and monitoring may be difficult for a company’s cybersecurity team to conduct on its own.
Planning ahead: Outsourcing cybersecurity operations can provide security analysis capabilities while an organisation builds its own in-house SOC.
How much analysis is the MSSP going to provide?: Outsourcing cybersecurity operation functions does not usually provide features such as multi-tier analysis of alerts or an incident response service. Instead, many outsourced cybersecurity operations only provide the equivalent of a Level 1 cybersecurity operations analysis.
What happens to alerts that the MSSP cannot clear? : The MSSP may only be able to analyse a subset of alert logs generated by an organisation. Alerts from certain applications such as databases and web applications may be outside of its area of expertise. If the MSSP is also a tools or hardware vendor, it may only be able to analyse logs from its own products.
Detailed analysis of potential threats: An organisation still needs some internal analysis capabilities to deal with the smaller number of alerts that cannot be easily cleared by the MSSP and thus returned to the client.
Compliance management: the SOC must operate in compliance with regulations and standards that the company must conform with. The MSSP should provide templates for required recommended compliance processes and consider regulatory standards when developing vulnerability assessments for the company.
In-House SOC Pros:
Tailors the operation to meet demand : design the security operations and monitoring capabilities that best meet the organisations requirements.
On-site storage: Storing event log data internally lessens the risks that come with the external data transfer required to report security incidents.
Improves communication: Breach transparency and coordinating incident response are typically much easier and faster when the processes are conducted in-house
Builds a unified security strategy: An in-house cybersecurity operations centre can be the foundation for a comprehensive security, threat and incident response capability
In- House Cons:
Planning and implementation: The time required to get an in-house cybersecurity operations centre up and running can easily be a year and is likely longer. CISOs and other security personnel will face a significant time investment in planning and implementing the SOC.
Costs: Establishing an in-house SOC requires a significant budget, with upfront IT and personnel investment
Finding good personnel: Hiring people who have the right skills, training and experience or developing and training existing in-house staff can be time-consuming and expensive
Acquiring multiple security technologies: Continuous threat detection and compliance monitoring across several departments likely will require purchasing several AI-driven security tools. This may be out of reach for security departments budget-wise, especially in smaller organisations.
The best course of action for many firms, as with many cybersecurity decisions, is to strike the perfect balance between managing the cybersecurity operations function internally and outsourcing it to an MSSP.
Using the speed that outsourcing offers while the company develops its own cybersecurity operations is a fair alternative, especially for businesses that want to construct an internal cybersecurity operations unit. The company can benefit from the qualified, experienced people that an MSSP has available while building the services that it wishes to offer on its own by outsourcing at least some of the cybersecurity services that are now required.
At Franklin Fitch, we are aware that information security is becoming increasingly mainstream and we've got it covered. We routinely monitor this ever-changing environment of InfoSec and it's no surprise that the demand for talent in this area is at an all-time high. Contact one of team members today if you're looking to hire into your security team, as we cover the main areas of focus in terms of our technical expertise and experience.
by Gareth Streefland
We have experienced remarkably high volatility over the past three years, including supply chain disruptions, historically high inflation,...
We have experienced remarkably high volatility over the past three years, including supply chain disruptions, historically high inflation, geopolitical unrest, and of course an unprecedented worldwide pandemic and the ensuing lockdowns.
It has never been more difficult for many business leaders and entrepreneurs to navigate this environment. Fortunately, new technological solutions are being developed in concert with these issues to support forward-thinking executives in positioning their firms to succeed in the tumultuous years to come.
Knowing the top tech trends expected for 2023 is probably the most important step you can take to make sure your company is prepared for near-term success. After all, if you don't start preparing your business for the newest technological advancements as soon as the year starts, you'll already be behind!
In light of this, let's examine some of the major technological trends for 2023 as identified by Gartner Research, and consider how you may use them to prepare your company for a better, more prosperous future.
1. Digital Immune System
The past few years have seen an unparalleled focus on risk, both in the physical and digital world. Cybersecurity concerns are increasingly acute, as data breaches and other cybersecurity concerns are becoming increasingly sophisticated.
Fortunately, methods for protecting against online criminals, spammers and other unwanted online pests are improving in sophistication as well. Through observation, automation and the latest developments in design, a robust digital immune system can significantly mitigate operational and security risks.
As the utility of these tools becomes more established, expect to hear many more questions about the health of your organization’s digital immune system in the year to come, and what you’re doing to strengthen and protect it.
2. Applied Observability
The 2010s saw an abundance of tools and methods of capturing more data than anyone knew what to do with. Thus, with seemingly endless quantities of client data now available, it’s likely that the next step will be toward creating new uses for data that’s been collected.
Applied Observability uses Artificial Intelligence to analyze and make recommendations for greater efficiency and accuracy based on an organization’s compiled data. It optimizes data implementation by placing more value on use of the right data at the right time for rapid response based on confirmed stakeholder actions, rather than intentions. This can lead to real-time operational improvement, and a tangible competitive advantage for your business.
3. AI Trust, Risk and Security Management (AI TRiSM)
We’ve all heard a lot about AI over the past several years, but believe it or not, many industries are still in the early stages of AI implementation.
With the focus on risk throughout every industry post-pandemic, it’s no surprise that AI Trust, Risk and Security Management (AI TRiSM) will be a major focal point in the tech space next year. AI TRiSM combines methods for explaining AI results, new models for active management of AI security, and controls for privacy and ethics issues, all in support of an organization’s governance, reliability, security, and overall health.
4. Industry Cloud Platforms
Cloud adoption has been a major component of digital transformation for over a decade, and 2023 will almost certainly prove to be another year for more sophisticated, industry and organization-specific cloud adoption strategies. By combining SaaS, PaaS and IaaS with customized functionality, Industry Cloud Platforms may prove to be the most consequential step toward cloud adoption to date.
5. Platform Engineering
As adoption grows and digital platforms mature, expect to see an increased emphasis on customization. That’s what platform engineering offers: a set of tools and capabilities that are developed and packed for ease-of-use. For development teams and end-users alike, this could mean increased productivity and simplified processes.
6. Wireless-Value Realization
We’re still only beginning to scratch the surface of the value gained by the integration of wireless technology through a broad, interconnected ecosystem.
In the coming years, we’ll see wireless endpoints that are able to sense, e-charge, locate and track people and things far behind traditional endpoint communication capabilities. Another step towards optimization of collected data, wireless-value realization networks provide real-time analytics and insights, as well as allowing systems to directly harvest network energy.
Combining the features of an app, a platform and a digital ecosystem within a single application, superapps offer a platform from which third parties can develop and publish their own miniapps. An end user can activate micro or minapps within the superapp, allowing for a more personalized app experience.
8. Adaptive AI
Using real-time feedback to new data and goals, adaptive AI allows for quick adaptation to the constantly evolving needs of the real-world business landscape. The value provided by adaptive AI is apparent, but implementing these systems requires automated decision-making systems to be fully reengineered, which will have a dramatic impact on process architecture for many companies.
As noted above, you’re likely familiar with the term “metaverse” by now thanks to Mark Zuckerberg. However, if the lackluster performance of Meta’s stock is any indication, you’re one of the many who has yet to be sold on the benefits of the metaverse.
Regardless, metaverse technologies that allow for digital replication or enhancement of activities traditionally done in the physical world should certainly not be dismissed. There is far too much at stake, and the possibilities are far too intriguing for too many people to write off metaverse technologies quite yet, even if the pilot versions fail to impress.
10. Sustainable Technology
Until recently, the tech world has been single-mindedly fixated on boosting the power of new technologies. But as tech becomes increasingly integrated into every facet of our lives, we’re seeing new investments in energy efficient tech and tech that promotes sustainable practices.
Emissions management software and AI, traceability and analytics for energy efficiency are all allowing both developers to build sustainability-focused tech, and allowing business leaders to explore new markets and opportunities for sustainable growth.
by Heather Wilkins
Even though the split between women and men in the tech industry has become a lot more diverse, there is still an obvious divide. The main cause of...
Even though the split between women and men in the tech industry has become a lot more diverse, there is still an obvious divide. The main cause of this is a lack of diversity, awareness, and unconscious biases. The awareness of the IT profession among students and unconscious biases are just the start of a deep-rooted issue. This issue must be overcome before women's representation in software development teams can improve.
Discussions about diversity in the IT industry, include the challenges to greater gender diversity, and how having role models, and support systems, and building both competence and confidence is vital for women to succeed in the tech industry.
The lack of role models is a key challenge that has to be focused on to increase the number of women in Tech. There are many successful and respected male software developers and men in IT. Seeing the lack of women makes one think, are there even actual career paths for women that will last 20 or 30 years? Especially when you look at company hierarchy, and how the amount of women in positions decreases drastically when moving higher up the cooperate ladder, it is shocking how few women you find. Archana Manjunatha, executive director and head of platform transformation and DBS Bank, explains that it gets lonelier at the top because there are even fewer women as you climb the corporate ladder. Having more role models means that other females won't feel so lonely and don’t feel that they can’t do it. To some extent, it is hard to become what you cannot see. Because that is how people choose careers and paths – when they see somebody, then it's easier for them to say “I want to become like this person”.
At the moment, when you think of an engineer or a similar role, most of the time you will think of a male in such positions. This mindset needs to be replaced with more female images so that women entering the industry are not deterred at all. However, even though this backward mindset is still very much present, there are a lot more movements and initiatives today to highlight female role models and encourage women to enter the IT industry.
Another challenge is an unconscious bias that sets in early, where even primary school children view math and science-related fields as being more suited for men. Through changing education by families and schools, this mindset could be changed. A lot of people also identify the path to a tech career as exciting and sudden. This is because most people don’t think of this field from an early age. If it is implemented properly, it can become an extremely rewarding field for several women.
Have support systems
Another challenge for women is to thrive in their careers through the different life stages, where they have to juggle bringing up children and work, or even taking some time off for family before re-entering the workforce. Support systems in these instances will help women through these difficult stages. Most of the time, people are also very open to giving you the help and support that you need. Just have the courage to ask for it and you’d be surprised how much help you will be given. This will help you be able to not drop off entirely, but give you the opportunity to make a comeback at a certain point in time.
Key elements to succeed
Regardless of gender, it all comes down to competence and confidence. Building competence is extremely important, and with that competence comes confidence. When someone is an expert in a subject matter, the agenda is almost invisible at the table because people are listening to you for your expert opinions, and your knowledge in the area. In return, respect will be gained. This means that women still are encouraged to upskill themselves. Technology is constantly evolving. What may have gotten you into technology, will not be there the next day. So one always has to keep themselves up to date. The growth mindset and the ability to want to keep learning are very important in the IT industry.
To show skills and benchmarks, certification can be completed which will help not only secure a position but also required to show your acquired skills.
Through the further integration of women into the tech industry, it is noted that there will not only be a more balanced gender representation in tech teams, but there will also be better delivery of code, products, and technology. We are definitely living in much better times, but there is still a long way to go. If there are only 20% of women are trying to solve the problem, it won't be solved or will take longer. The remaining 80% must become part of the solution. Otherwise, it's just women talking about needing equality and not taking any action.
While challenges exist, many opportunities exist for women in the tech industry. It is understandable that a lot of women feel unsure about getting into the industry due to self-doubt. But instead of asking if you are smart enough, put in the hours, be willing to learn, really try, and give it a go!
by Lauren Greene
When you, as an IT leader, are able to foster innovation, it not only benefits IT itself, but the business it serves and you personally. It...
When you, as an IT leader, are able to foster innovation, it not only benefits IT itself, but the business it serves and you personally. It shows that you are an internal agent of change and a valuable asset. Companies that recognize this build their culture and processes in a way that encourages innovation. You have realized that waiting for prompting is not the right way to move forward.
Put simply, innovation is what your business needs to bridge the gap between where it is now and the future you envision in which it will thrive. So how can you encourage this innovation and drive it forward in the workplace? Below we give you some tips on how to do just that and increase the success of your teams and your company in the innovation process.
1. Define your definition of IT innovation and recognize the opportunities
First, you need to determine if there is a culture of innovation in your company. Whether your employees can come to you with new ideas or whether suggestions are perceived as annoying. When employees have the opportunity to innovate and contribute to your organization's mission and goals, their engagement increases. They feel part of a whole and see how their work advances the company. That's a great motivator.
But you can't just go to your employees with a vague idea to innovate. That's too broad a spectrum to give to anyone. You will not feel motivated or encouraged. Asking a team to innovate is like asking an athlete to play better. So if you want your employees to innovate and encourage that culture, you first need to define what IT innovation means for your business. It can be anything: the successful development, implementation, extension, or improvement of a technical process, a business process, or a software or hardware product. It can even revolve around cultural factors that reduce costs, increase productivity, increase the company's competitiveness or bring any other business benefit. As you may be able to tell, the range of IT innovations is very wide. So we encourage you to expand your goal and pitch this idea to your IT teams.
2. Know the difference between project management and research and development
IT projects are inherently very project management oriented. This means they are clearly defined by deadlines, specific cost estimates, deliverables, and calculated/expected returns on investment. However, with research and development, you cannot plan into your plan that the big discovery and breakthrough will happen on a specific day. Instead, the big breakthrough will come when it does, or possibly not at all. Therefore, it is difficult to calculate the return on investment for this type of project. As an IT executive, you must decide whether the project is worth investing in or whether you want to use project management techniques instead.
3. Building an innovative/productive pipeline
Building an innovative culture is not only people-oriented but also process-oriented. You need to develop a formalized process that identifies, collects, evaluates, and implements innovative ideas. Without this process, great ideas and potential innovations die in the bud. It must also be recognized and understood that innovative ideas can come from many directions, e.g. B. from your employees, internal business partners, customers, suppliers, competitors, or through accidental discoveries. The reason it is important to define the most likely sources of innovative ideas is that you can develop idea-collection processes for each source.
4. Accept the unfair expectations of others of IT
Any software or service you develop will be compared to purchased software and services. It's not fair, but people do it anyway. Consequently, the evaluation of new processes and software must be done in this unfair sense and expectations must be set accordingly. Incorrect or excessive expectations can damage the IT team's overall reputation and make it difficult for the business to agree to fund the team's innovative ideas.
5. Note form and content
This doctrine states that all outcomes, no matter how large or small, must have both form and content. The shape means how it looks. The content is what it says or how it works. This applies to documents, systems, processes, and everything else that is shared with others. A form with no content is a new system that looks perfect but doesn't do what people want it to do. Content without form shows that the person or group delivering it offers too little and doesn't take pride in their work to make it look good. From the point of view of promoting innovation, all implemented ideas must follow this doctrine, otherwise, the new innovations will not be well received by your department and thus jeopardize your entire innovation goal.
6. Create a safe environment when innovation fails
When you are presented with an innovative idea, good or bad, commend the person's effort, interest, and initiative. When good ideas are presented, they are included in the aforementioned innovation pipeline. Less attractive ideas can become lessons in which you explain to the employee why they won't work and give them hints about which ideas are more likely to win. And should you approve an idea and allow the employee to spend time implementing it, and it fails, praise the effort and don't blame the employee, or they may never propose an innovative idea again.
But how do you get your employees to be creative, innovative, and risk-taking? And what exactly does it mean to be creative or innovative? These terms are thrown around so often that it can be difficult to keep track. As a result, many leaders don't know how best to encourage their employees to look at problems and processes differently. Here are some tricks to motivate your employees throughout the innovation process.
- Be clear about what you want
- Show employees that it's worth taking the risk
- Celebrate successes and learn from failures
- Provide mentoring and training
- Create a culture where people care about each other.
If you have experience in the IT industry or are new to this field and want to explore possible ideas, you can get in touch with us and have a confidential interview with one of our recruiters! If you are looking for new vacancies, follow the link to the current vacancies page.
by Gareth Streefland
Today, cyberattacks are attempted every 40 seconds, and the number of ransomware attacks is increasing by 400% annually. That's why it's...
Today, cyberattacks are attempted every 40 seconds, and the number of ransomware attacks is increasing by 400% annually. That's why it's imperative that companies and businesses take cybersecurity very seriously. But have you checked off all the boxes on the checklist to make sure you are truly secure? Do you know which data assets/systems are most vulnerable, and do you know the potential financial cost of a security breach? These are questions that need to be asked in a business of any size. That's why every company should conduct an IT risk assessment.
What is an IT risk assessment?
A risk assessment is about identifying the threats to which your information systems, networks and data are exposed. By assessing the potential consequences a company could face, it is able to prepare in advance in the event of a security breach. These assessments should be conducted on a regular basis, such as annually or when the company experiences a major change.
Cyber or IT risk can be defined as any risk of financial loss, disruption, or damage to an organization's reputation due to a failure of its information technology systems. Examples include theft of confidential information, hardware damage and resulting data loss, malware and viruses, compromised credentials, corporate website failure, and natural disasters that can damage servers.
Why do you need to conduct an IT risk assessment?
Smaller businesses in particular may think that conducting an IT risk assessment would be too big a task. But in reality, it is something that should not be missed. In order to ensure the well-being of a business, it is always good to take extra measures and make sure that it is protected. Some reasons to conduct a risk assessment are:
- It gives you a detailed list of vulnerabilities that need more attention and resources.
- It increases productivity because your security team can respond directly to problems, rather than just reacting to random issues that arise. Risk assessments also show you which areas your team should focus more on and which can be completed at a later date.
- It improves communication across the organization because the security team has to interact more with other employees in different areas. Not only does this foster collaboration, but it also creates an understanding among other employees of the importance of cybersecurity and how they can contribute to security and compliance goals.
How to conduct an IT risk assessment: a comprehensive overview
To start, you can conduct either a quantitative or qualitative risk assessment. However, it is most effective if you use both to achieve the best results.
1. Identify and prioritise assets
First, create a comprehensive list of all the company's information assets. This includes servers, customer data, sensitive documents, trade secrets, etc. As a technician, you must communicate effectively with upper management to determine which assets are important and which are not. After creating a list, gather all the necessary information about software, hardware, data and other relevant information for each asset. This will create a detailed list of all the items to focus on.
2. Identify threats and vulnerabilities
A threat is something that can cause harm to your organization. There are 3 types of threats:
- Natural disasters.
Some natural disasters can destroy data, servers and devices. Pay attention to whether any of these risks apply to your assets and whether they need to be changed to ensure security.
- Hardware failure
No matter how large or small your business is, hardware failure should be considered. Make sure all assets are up to date and not at risk of crashing.
- Malicious behavior
Disruption, interception and impersonation can target your data and servers. Determine which areas are most at risk from outside malicious behavior.
3. Analysis of technical and non-technical controls and determination of the probability of an incident.
Technical controls include encryption, intrusion detection mechanisms, and identification/authentication solutions. Security policies, administrative measures, and physical/environmental mechanisms must also be analyzed and fall under non-technical controls. These controls must be used to assess the possibility that a vulnerability can be exploited. This can be assessed using simple categories that rank the potential occurrence from high, medium, and low.
Assessing the impact the threat could have also helps prioritize your security risks across teams. You are now able to delegate which issues require immediate action and which can wait until they are resolved.
4. Design controls
Once you have prioritized and detailed all of the potential risks, you can begin to create a plan to mitigate the most pressing risks. Senior management and IT should be heavily involved in this part of the assessment to ensure that the controls address the risks and align with the overall plan and goals of the organization. You may also need to engage professional services to develop a new set of controls. Don't be afraid to enlist the help of IT and security experts!
5. Document the results
Risk assessment reports can be very detailed and complex, or they can be a simple overview of risks and recommended controls. Ultimately, your report will reflect both your audience and your organization's information security posture. Documenting all findings and their analysis is intended for senior management to communicate the issues and methods to address them in a clear and concise manner.
It should also be noted that a risk assessment as such should not be a one-time exercise, but an ongoing process. As your system environment changes, so do the chances for potential security breaches, data loss, etc.
by Martin Rennison
Ransomware is one of the biggest cybersecurity issues on the Internet and one of the biggest forms of cybercrime facing businesses today. It involves...
Ransomware is one of the biggest cybersecurity issues on the Internet and one of the biggest forms of cybercrime facing businesses today. It involves the creation of malicious software that encrypts files and documents on a PC up to an entire network and its servers. Those affected are left with few options: They can either pay a ransom to get their encrypted files back, restore the data from their backups, or hope that they can decrypt them themselves.
Ransomware attacks start very quickly, sometimes even with someone in an organization clicking on a seemingly innocuous attachment and then encrypting the system's files. Much larger ransomware campaigns, however, use software exploits and vulnerabilities in software to access files. The attackers secretly scan the network until they can control as much as possible before encrypting all the data they can.
Some attackers also publicly announce that they are holding corporate data hostage. They even publish the data on the Internet until the company pays the ransom to get it back. Because of the simplicity and multitude of these incidents, ransomware is now considered the most immediate cybersecurity threat to businesses and a problem that needs to be taken more seriously.
How did ransomware evolve?
Early ransomware was a relatively simple construct, using a simple code that mainly changed the names of files, making it easy to defeat. However, this evolved into a new form of cybercrime that slowly developed into advanced code that targeted corporate networks and ordinary Internet users. One of the most successful types of ransomware at the time was police ransomware, which attempted to extort victims by claiming that the PC had been encrypted by law enforcement. This way, victims were supposed to be tricked into paying the ransom, thinking that it was the police who demanded the ransom. Meanwhile, they were actually criminals who took advantage of innocent people. However, at that time, their systems were not that good, and users could simply restart their computers, after which the message disappeared. However, criminals have learned from this approach, and most ransomware programs now use advanced cryptography to truly lock down a PC or network and the files on it.
How much will a ransomware attack cost you?
The immediate costs associated with ransomware depend on the hackers themselves. But after those initial costs, which can run into the millions, money is also lost if the company can't do business. Every day, perhaps even every hour, revenue can be lost if the network is unavailable. If the company decides not to pay a ransom, hiring a security company would also incur additional costs. In some cases, these costs may be even higher than the ransom demand, but companies would rather give their money to security companies than to criminals. There is also a risk that customers will lose trust in the company due to poor cybersecurity and look elsewhere.
Why are small businesses targeted by ransomware?
Smaller businesses are more likely to be targeted because they tend to have poorer cybersecurity practices than larger organizations. Many people believe that because they are so small, they are less likely to be targeted. However, for cybercriminals, any money they can capture is good money.
What do Bitcoin and other cryptocurrencies have to do with the rise of ransomware?
The rise of cryptocurrencies like Bitcoin has increased the activity of cybercriminals, as they can use this type of malware to receive payments secretly. This way, there is no risk of authorities identifying the perpetrators. Many cybercriminal ransomware groups even offer "customer services" to teach victims how to use cryptocurrencies. This is because many victims do not know how to transfer the ransom to the perpetrator. Some companies even hoard some cryptocurrencies in case they get infected and need to pay quickly in Bitcoin to get their files back.
How can you prevent a ransomware attack?
Most hackers start by exploiting insecure Internet ports and remote desktop protocols. Therefore, one of the most important measures an organization can take to prevent this is to ensure that ports are not opened to the Internet if they are not necessary. However, if they are necessary, the company should ensure that they are protected with complex credentials. Applying multifactor authentication to these accounts can also serve as a barrier against attacks. Ensuring that the network is updated with the latest security updates should also be done, as hackers will attack commonly known vulnerabilities. Employees should also be trained on how to recognize attacks via email, as many attacks target employees who don't know any better. Antivirus software can also be downloaded to the PC to avoid potentially malicious files.
Ransomware and the Internet of Things
As much as the Internet of things improves connectivity, they have a bad reputation when it comes to security. As more and more of this type of technology comes to market, it also creates more attack opportunities for cybercriminals. This can lead to hackers taking your connected home or even your connected car hostage. The shocking thing is that even medical devices can be hacked, putting human lives at direct risk. There are also constant warnings that the growth of smart cities could be tempting for cyber attackers.
Because ransomware is constantly evolving, it's vital that your employees understand the threat it poses and that organizations do everything they can to avoid infection. This is because ransomware can be crippling and decryption is not always possible.
In the ever-changing world of InfoSec, Franklin Fitch ensure that we have the main areas of focus covered in terms of our technical expertise and experience, please click here to find out more information about the current vacancies available.
by Jamie Fitzgerald
Looking for a career in cybersecurity? Well, you’re in demand - provided you get in there before the robots do.
According to Jamie...
Looking for a career in cybersecurity? Well, you’re in demand - provided you get in there before the robots do.
According to Jamie Fitzgerald, Cybersecurity Business Manager at Franklin Fitch, the majority of small and medium-sized businesses are wholly underprepared for the threat of a cyberattack, exposing themselves to billions of pounds/euros in financial damage. Whether it’s a lack of funding or ignorance that it won’t happen to them, the need for skilled cybersecurity specialists has never been greater. Between 2013 and 2021, the number of unfilled cybersecurity jobs increased by 350%, from 1 million to 3.5 million.
"There is a distinct lack of awareness of cybersecurity in SMEs," Jamie says, adding that even if awareness existed, finding people with the necessary skills would be difficult. The cost of a data breach in the United Kingdom has increased by 8.1%, and total costs have reached a seven-year high in 2022, with the average cost to business from a cybersecurity breach being around $3.6 million. Despite these increased security threats, many businesses are not taking cybersecurity seriously enough, and their cybersecurity budgets are still being cut as we move through 2023. It's a candidate-short market right now, particularly in cybersecurity, making it difficult to find the right people."
The potential damage from an attack is huge
Failure to implement appropriate cybersecurity measures can have a devastating financial and reputational impact on a company that is the victim of an attack. According to IBM, 68 percent of businesses are not prepared for cyber-attacks, leaving themselves vulnerable due to ignorance, a lack of funds, or an unwillingness to rock the boat by acknowledging a threat.
While allocating funds for appropriate security at a time when many businesses are cutting spending is not ideal - the average mid-sized company spends tens or even hundreds of thousands on cybersecurity - the outlay is minor in comparison to the potential damage.
Why is it so hard to fill cybersecurity roles?
So, what cybersecurity-related skills are in high demand, and how can potential specialists land the job they want while also assisting these companies in mitigating an attack?
"Candidates must be able to communicate, gain the support of stakeholders, be hungry for knowledge, and have strong technical skills," Jamie says. "A highly motivated individual is teachable: They can improve their soft and technical skills under your supervision. If you hire someone with the right mindset and foundational knowledge, they may be a better fit than a seasoned candidate with a fixed mindset and unwillingness to change."
Companies need to innovate to attract skilled workers
Jamie, who is currently hiring for a variety of cybersecurity positions in the UK, believes that companies must be willing to be more flexible in order to attract the best talent.
"The market for cybersecurity talent will likely remain tight and candidate-driven. "So, you have to make the role and company appealing," Jamie believes. You can be confident that if you do this and welcome them into a healthy culture, these new employees will deliver value and be valued for their efforts."
How can AI help?
Jamie believes that Artificial Intelligence will relieve some of the pressure on the sector in the future (AI). "AI not only removes the human element, which is prone to risk and error, but it can also help to identify data and pinpoint potential threats," he says.
Some cybersecurity companies are already teaching AI systems to detect viruses and malware using complex algorithms, so that AI can then run pattern recognition software. AI systems can also be used to provide access to their users in situations requiring multi-factor authentication. While AI is great for processing large amounts of data and replacing autonomous manual tasks, it will never be able to replace a security analyst's insight or understanding of a problem.
In reality, jobs will change, and while some of us may end up working alongside an automated colleague, we will still be needed, albeit for different functions.
If you're looking for a job in cybersecurity space or want to protect your business from increased cyber-attacks, please contact one of our recruiters for more information and advice.
by Ben White
The Chancellor of the Exchequer, Jeremy Hunt, has chosen to scrap the plans to repeal the Off-payroll IR35 Reforms, which Kwasi Kwarteng previously...
The Chancellor of the Exchequer, Jeremy Hunt, has chosen to scrap the plans to repeal the Off-payroll IR35 Reforms, which Kwasi Kwarteng previously announced in his mini-budget on 23 September 2022.
The Growth Plan had set out steps to take the complexity out of the tax system and identified the necessity of repealing the 2017 and 2021 off-payroll working rules (IR35 Reforms).
The Conservatives Growth plan indicated that repeal would "free up time and money for businesses that engage contractors, that could be put towards other priorities." And that it "also minimises the risk that genuinely self-employed workers are impacted by the underlying off-payroll rules."
The Chancellor of the Exchequer, Jeremy Hunt, has chosen to scrap the plans to repeal the Off-payroll IR35 Reforms, which Kwasi Kwarteng previously announced in his mini-budget on 23 September 2022.
The Growth Plan had set out steps to take the complexity out of the tax system and identified the necessity of repealing the 2017 and 2021 off-payroll working rules (IR35 Reforms).
The Conservatives Growth plan indicated that repeal would "free up time and money for businesses that engage contractors, that could be put towards other priorities." And that it "also minimises the risk that genuinely self-employed workers are impacted by the underlying off-payroll rules."
Hunt, who took up the role of chancellor on Friday, said this morning that the IR35 reforms would be going ahead. “The government has today decided to make further changes to the mini-Budget,” the Chancellor said. “We will reverse almost all the tax measures announced in the growth plan three weeks ago that have not started the Parliamentary process.
“We will no longer be proceeding with the reversal of off-payroll working reforms [IR35] introduced in 2017 and 2021.”
In moves announced via a pre-recorded video instead of parliament in a bid to calm markets, the newly installed chancellor announced that most of its financial plans had been dropped. This includes the planned lowering of the basic rate of income tax from 20 to 19 per cent, set for introduction in April. Hunt said this will now not be introduced until “economic conditions allow”.
It had already been announced that planned increases to the rate of corporation tax and abolishing the highest rate of income tax would be dropped.
Hunt said today that a Treasury-led review will be carried out into the government’s support package for household and business energy bills beyond April next year.
Reforms to IR35, introduced in April 2021, require operatives routinely working with the same contractors to be counted as PAYE staff, or face action from HMRC.
The changes were introduced as a crackdown on tax avoidance, but critics claimed they would force many out of self-employment and reduce incomes.
They were also linked to a Whitehall drive to increase the number of direct employees in the construction sector, driven by the government and the Construction Leadership Council.
However, they were criticised for hitting the income of the self-employed and adding to the burden on employers.
Reversing the reform was one of the leadership campaign promises made by prime minister Liz Truss. The 2021 reforms will now remain in place.
Hunt said the government changed its tax plans “to ensure the UK's economic stability and to provide confidence in the government's commitment to fiscal discipline”.
He added: “Instability affects the prices of things in shops, the cost of mortgages and the values of pensions. There will be more difficult decisions, I’m afraid, on both tax and spending as we deliver our commitment to get debt falling as a share of the economy over the medium term.”
Departmental spending will be cut, he added, in order to “protect the most vulnerable” and help the government deliver “our mission to go for growth”.
Andy Chamberlain, director of Policy at the Association of Independent Professionals and the Self-Employed (IPSE), slammed the “spineless decision”.
“Today’s announcement will be a huge blow to thousands of self-employed contractors and the businesses they work with,” he said. “The reforms to IR35 have created a nightmare for businesses seeking to engage talent on a flexible basis, while simultaneously forcing individuals out of business altogether.”
He added: “Businesses that were looking forward to an era of less complexity and less cost will have had those hopes dashed today. Our fear is this decision will lead to yet more work being offshored to other territories and more people being forced to work through unregulated umbrella companies. The supposedly pro-business Conservative government has sent out a clear message today – it does not support people who work for themselves.”
We currently have contract roles on our website. Please click here to find out more.
by Jamie Fitzgerald
Cybersecurity Awareness Month, every October, is a collaboration between the government and private industry to raise awareness about digital...
Cybersecurity Awareness Month, every October, is a collaboration between the government and private industry to raise awareness about digital security and empower everyone to protect their personal data from digital forms of crime.
The month is dedicated to creating resources and communications for organizations to talk to their employees and customers about staying safe online. While most of cybersecurity news articles are about massive data breaches and hackers, it can seem overwhelming and feel like you’re powerless against it. But Cybersecurity Awareness Month reminds everyone that there are all kinds of ways to keep your data protected. It can make a huge difference even by practicing the basics of cybersecurity.
93% of company networks are now breachable by hackers, one source notes, and nearly 1 in 3 organizations say they don’t have the funding for proper cyber protection. With that in mind, any month might be a good month to be more cyber aware.
So here are tips and best practices that everyone can use to feel a little safer online. Here are some simple things you can do to make sure you’re protected:
Choose strong passwords and make use of a password manager rather than re-using passwords on multiple sites.
With so many essential services available through the internet today, passwords may be the only thing standing between your accounts –and the sensitive financial and personal information they contain – and cyber criminals. Because so many passwords have been exposed in data breaches, it’s vital that you don’t employ the same one for multiple accounts. Should someone intercept one account’s password, you don’t want them gaining access to others. A strong password should contain a minimum of twelve characters (though more is better) and should not be easily guessable. Because they’re even longer, passphrases offer additional security.
Consider a password manager such as the free open-source password vault KeePass. With these services, you need to remember only one strong password, which will then give you access to all your others. Keeps stores your account passwords in a strongly encrypted database.
Use two-factor or multi-factor authentication (MFA) on all of your accounts.
Implementing two- or multi-factor authentication adds a layer of protection beyond the passwords that safeguard your accounts. Once it’s set up, users need to present an additional form of identity verification before they’re granted access to accounts or online resources. This additional factor could be evidence that they have a smartphone (proof of receipt of a text message), access to an email account, a unique code or token, a fingerprint or even a retina scan. With MFA in place, even if you do fall victim to a phishing attack, there’s an extra barrier standing in the way of cyber criminals seeking to make use of compromised credentials.
Educate yourself, your co-workers, and your employees about the latest cybersecurity threats.
When it comes to cybersecurity, knowledge is power. Because attackers are always on the lookout for new ways to hoodwink potential victims, it’s critical to remain aware of the dangers associated with internet use. The better you understand the tactics criminals are currently employing to gain access to user accounts or personal and financial information, the less likely you are to be tricked.
Take phishing as an example. It used to be that these fraudulent email or text messages were rife with grammatical errors and spelling mistakes, but that’s no longer the case. Today’s most sophisticated phishing messages feature pirated logos and another branding that’s nearly impossible to distinguish from the real thing. For this reason, you should never click on a link in an email to visit a banking website. Instead, bookmark a link to what you’re certain is the authentic and trustworthy site. Many banks offer automatic alerting whenever transactions are initiated – an extra layer of protection that it’s worth enabling. In addition, it’s always a good idea to call your financial institution if you notice questionable activity in your account. Be sure to use a known phone number to reach them when you call, not one that arrived by email.
Keep software up to date.
Software vendors frequently update their products and as soon as vulnerabilities are discovered, they issue patches that fix problems that have been discovered. Some of these vulnerabilities are severe, in some cases even enabling malicious third parties to completely control someone’s computer without their knowledge. Cybercriminals are constantly scanning the internet for machines that are running older versions of software that contain vulnerabilities that can be exploited. Enabling automatic software updates is an easy way to protect yourself from these sorts of attacks. It ensures that all new patches will automatically be applied to your computer as soon as they’re released.
Use antivirus software and install a firewall
Antivirus programs and firewalls are designed to prevent malicious code from infecting your computer. This includes malware that’s arrived via infected email attachments, malicious links in email messages, and so-called “drive-by downloads” – automatic downloads initiated by compromised websites. Because antivirus and firewall technologies usually work by blocking known threats, it’s important to ensure that your software will receive automatic updates. This provides protection based on the most recent information and guards against the latest threats.
by Sonja Giesemann
Finally Cyberwomen could take place in person again! The event, founded in 2019 to create a platform for women in cybersecurity, took place again on...
Finally Cyberwomen could take place in person again! The event, founded in 2019 to create a platform for women in cybersecurity, took place again on September 22 this year. We are very proud to have been there again as one of the sponsors. We are even happier for our recruitment specialists Adriana Timme and Anne-Sophie Hufer, who had the opportunity to visit the conference last Thursday and exchange ideas in interesting and progressive discussions.
About 24% of cybersecurity professionals are women. While this is an improvement from 11% in 2017, there are still barriers for women looking to enter or advance in the global cybersecurity industry. In addition to the large gender gaps in cybersecurity, women are on average paid less than men in this field. In 2021, 29% of men reported making between $50,000 and $99,999, while just 17% of women reported the same amount.
Amidst all of this, the rise in cybercrime - particularly ransomware - is the number one threat for 2021. Of the ten countries with the highest ransomware cases, the US had as many attacks as the other nine countries combined. Despite the global attention cybersecurity has received in recent years, there is still a significant skills shortage.
Our consultant Anne-Sophie Hufer, who attended the conference last Thursday, explains her perspective on this topic and her experiences with Cyberwomen 2022 in general:
“It was a great event! I had a lot of fun and it was also very interesting! There were very competent cybersecurity experts like Jana Ringwald or Laura Kludas, who took part in the sales panel. In general the conference was well organized and all the speakers contributed a lot to the overall conference. I particularly liked the lectures on cyber agencies and innovation management, and the CxO panel on ransomware and its consequences. We also had the opportunity to make new friends and meet old ones. There were just so many interesting women that altogether make such a strong and inspiring group of people. From this, I learned that the presence of women in the cybersecurity industry will definitely increase in the future. Especially in Germany, where the topic of cybersecurity and women in IT is not discussed that much. But all in all, it was a great experience and I hope to be able to do it again next year!”
- Anne-Sophie Hufer, Information Security Consultant at Franklin Fitch
We are pleased that more and more women are interested in and participating in cybersecurity. This year, 240 people attended the conference, plus several people who were able to stream the conference from their homes. It is amazing to see how the event was made so inclusive and accessible to women who are able to attend and those who were unable to attend in person. Our Cyber & Information Security recruiter Adriana Timme tells us more about her experiences with all the different women and participants and what cyber women mean to her:
“This is now my second time at Cyberwomen. Last year I attended the conference but because of COVID-19, everything was online. So I was very happy to be able to attend in person! The organization of the event was just great! The balance between panels, conferences, and time to exchange and meet new women in IT as well as the speakers were really good! I really liked the HR panel, in which exciting solutions to the shortage of skilled workers in the cyber area were discussed, because the shortage of skilled workers concerns me almost every day as a personnel consultant for cyber and information security. The speakers (Lydia L., Rebecca Z., Christine R., Anja Z., Dr. Nina G., and Anna K.) had a fascinating concept of how women work in and alongside intensive environments such as cybersecurity to have a balanced personal life. This concept of "job sharing" not only means new opportunities for recruiting but is also an exciting option for my personal development! I also liked other speakers like Katharina Maier and Jana Ringwald because they are both very talented speakers. They gave some fascinating insights into the areas of usable, information and IT security as well as law enforcement in cyberspace. But the most important thing I took away from the whole experience is that women are going to take a more prominent role in cybersecurity. It will be a long road to success, but it will come! This is also why I think Cyberwomen 2022 is such an achievement and a great opportunity to promote women in the cybersecurity industry.”
- Adriana Timme, Cyber & Information Security Business Lead at Franklin Fitch
One thing is clear: Cybersecurity needs more women. To build a strong culture of cyber resilience around the world, employers should prioritize recruiting and developing talented female cybersecurity professionals. Women working in or aspiring to a position in cybersecurity represent untapped potential when it comes to filling the growing gap in the cybersecurity workforce. This is exactly why we need conferences like Cyberwomen. Here we discuss various topics, network, and learn more about cybersecurity and why it is important to bring women into the industry!
And we've already noticed a big difference over the years! We are already excited about the increasing participation of women and the growing interest in cybersecurity. As personnel consultants in the IT sector, we see unequal distribution every day. Because of this, we are determined to balance the industry in any way we can.
by Dafydd Kevis
Professionals in the field of cyber security are continually defending computer systems from numerous cyber threats. Every day cyberattacks target...
Professionals in the field of cyber security are continually defending computer systems from numerous cyber threats. Every day cyberattacks target businesses and private systems, and the diversity of attacks has expanded quickly.
Numerous factors can lead to a cyberattack. The first one is financial. An online hacker can deactivate a system and demand money to reactivate it. More advanced than ever, ransomware is a sort of software that demands payment in exchange for the return of services.
Individuals are also targets of cyber-attacks, owing to the fact that they store sensitive information on their mobile phones and use insecure public networks.
In order to strengthen cyber security, it is essential to keep track of how cyberattacks are evolving and growing. Earning an online cyber security master's degree can be very advantageous for cyber security professionals who want to increase their understanding of threats and cyber security information.
What Is the Definition of a Cybersecurity Threat?
A cyber security threat is any potentially hostile attack that aims to destroy data, obstruct online transactions, or access data unauthorizedly. Potential cyber risks include corporate spies, hacktivists, terrorist groups, hostile nation-states, criminal gangs, lone hackers, and dissatisfied workers.
Sensitive data was exposed by several high-profile cyberattacks in recent years.
Cyber attackers can use sensitive data from an individual or a business to steal information or gain access to financial accounts, among other potentially harmful acts, which is why cyber security professionals are essential for protecting private data.
Here are the top five most common cyber threats:
1. Malware and viruses
Computer programs are known as viruses attack and replicate on host systems. Infections, viruses, worms, trojans, rootkits, and other similar words are also used to refer to malware. Any application that does not belong to the user is considered malicious software. A virus is often a harmful piece of code that can harm your system if it is not removed. Your security measures ought to lessen malware attacks.
2. Theft of Identity
When someone gains unauthorised access to sensitive information, such as financial data, intellectual property, medical records, trade secrets, customer lists, or employee information, they are said to have committed data theft. Data thieves utilise social engineering techniques to con people into exposing passwords, private keys, login information, credit card numbers, and other sensitive data. The prevention of data theft mainly depends on user knowledge and education.
3. Website Hacking
Web hacking is the term for the unauthorised use of equipment and methods to attack networks or websites. Websites, software, and network infrastructure all have vulnerabilities that hackers are continuously searching for. These assaults can range from straightforward website vandalism to full server takeovers.
4. Social Engineering
Social engineering is the practise of persuading others to take actions they otherwise would not. Social engineering methods are often used by cybercriminals, ranging from simple phishing scams to more intricate plans involving malware. When engaging with unknown parties online, users should use caution, and they should never click on links without first checking their validity.
5. Cryptocurrency Mining
The process of employing computers to carry out repeated calculations (known as hashes) to validate transactions on the blockchain, which records cryptocurrency balances and transfers, is known as cryptocurrency mining. In return for processing transactions and defending the network, miners receive fresh money. In addition to maintaining the security of the network, miners also give cryptocurrency exchanges liquidity.
by Simon Nicholls
One of the biggest issues that organisations today must deal with is cyber risk. The Global Risks Report 2022 from the World Economic Forum...
One of the biggest issues that organisations today must deal with is cyber risk. The Global Risks Report 2022 from the World Economic Forum demonstrates how rising digital dependence and digital transformation have increased cyber threats. However, according to the survey, cybersecurity failure is still seen as a serious short-term risk, and high-value organizations frequently experience breaches that have a major negative impact on their performance.
According to a recent Acronis report, 80% of businesses experienced a cybersecurity breach in the past year, up from 68% the year before. The high levels of danger now exist are demonstrated by the fact that 9% of the businesses experienced at least one cyberattack every hour. This shows that businesses are becoming more open to cyber-attacks, yet most are not prepared to defend themselves in a way that keeps up with the more sophisticated attackers.
In the upcoming years, it is anticipated that the number of cyberthreats to businesses will continue to increase. Today, cybersecurity is an essential part of an organization's business plan to guarantee data privacy and prevent the expense of reacting to a cyber-attack.
Even though IT security is a vital part of a security strategy, employees are one of any organization's most vulnerable areas. Employees are on the front lines of the battle against cyber risks as a result of the focus of many cybercriminals on assaulting individuals through malware, phishing, and other scam activities.
Fostering a cybersecurity culture can outlast individual turnover and isolated occurrences and can provide a stronger front against cyber threats than any one policy or process. By integrating cybersecurity into organisational processes and practises and keeping an open conversation, you may develop a cybersecurity culture.
Analyze the culture and determine the current state of organisational security. Recognize the strategy for dealing with audit results, the top technology and security priorities, and any metrics in place for tracking development. Additionally, be aware of behaviours that could increase risk, like as BYOD rules, international travel, unencrypted communication (such instant messaging), data storage on personal devices, unconventional computer setups, and usage of unapproved software.
Outline the mission
Establish what constitutes security and technological achievement before settling on specifics. To make it easier to communicate, turn the mission into an "elevator pitch." When the company succeeds, it should be celebrated to reinforce the importance of security and to solidify the culture.
Win employee support
Headline-making breaches may not feel applicable to all departments. Earn employee support with department-level conversations about the impact of cyber threats to ensure staff realize the value of security and aren’t tempted to circumvent processes.
Define roles and expectations
Remove uncertainty with a thorough plan that outlines roles, objectives, and duties for departments in the event of a cyber-attack. By adding other departments, you can broaden the scope of who is responsible for promoting security outside the IT security team. Build trust that, in the event of a mistake, firm security professionals will come up with solutions, provide assistance, and avoid taking the responsibility.
Invest in training
Expect the IT department to regularly train personnel on attacks and the resulting areas to watch. Clearly express all cybersecurity policies and guidelines. A consistent onboarding programme for new hires should also be in place. These issues, ought to be on the agenda:
Lean on an outside party to handle training if internal resources aren’t available.
Create a conversation
Similar to any culture, story is frequently its basis. Discuss cybersecurity constantly, drawing lessons from news about the topic, and keep staff members up to date on best practises. Regular training sessions, forums, or newsletters can all offer regular forums for cybersecurity discussion. Encourage a question-friendly climate, and make sure staff members are aware of whom to ask. Equally crucial: check to see if the response contains a lot of jargon.
Employees with the skills and knowledge to take action will embrace personal responsibility for supporting security in an organisation with a strong cybersecurity culture. Employees may even actively defend the company as they become more aware of cybersecurity procedures thanks to this collective approach, which transforms them from risk factors to security advocates. A preventative approach will undoubtedly pay off for both individuals and corporations given the escalating costs of cybercrime.
by Dominik Bart
According to a report published by Dell Technologies and authored by the Institute For The Future (IFTF) and a panel of 20 tech, business...
According to a report published by Dell Technologies and authored by the Institute For The Future (IFTF) and a panel of 20 tech, business and academic experts from around the world, states that 85 per cent of the jobs that will exist in 2030 haven't even been invented yet.
"The pace of change will be so rapid that people will learn 'in the moment' using new technologies such as augmented reality and virtual reality. The ability to gain new knowledge will be more valuable than the knowledge itself," Dell Technologies said in the report Given the rapid pace of change in the workplace, particularly when we consider all of the things that have changed over the last ten years, such as social media, artificial intelligence, and automation, it, it doesn’t seem an unlikely statistic.
The work human beings do will continue to shift as some jobs become obsolete and new jobs emerge as technological advancement will replace outdated positions and produce new ones that combine human and machine collaboration. Moreover, the expertise and skill set we'll require in the future varies greatly from those we currently require. Soft skills will grow in importance as the demand for the thing’s machines can’t do continues to increase. However, the ability to understand and work confidently with technology will still be critical.
With that in mind, here are four digital skills you need to cultivate to thrive in the new world of work:
Digital Literally refers to the abilities required to learn, function, and get around in an increasingly digital world. We are able to interact with technology effortlessly and confidently when we possess digital literacy skills. This entails abilities like:
● Keeping on top of emerging new technologies
● Understanding what tech is available and how it can be used
● Using digital devices, software, and applications – at work, in educational settings, and in our everyday lives
● Communicating, collaborating, and sharing information with other people using digital tools
● Staying safe and secure in a digital environment
The fourth industrial revolution, which is presently underway, is characterised by numerous waves of new technologies that merge the digital and physical worlds. Consider the abundance of "smart" everyday items like watches and internet-connected thermostats that are available on the market.
Data literacy is one of the crucial talents we'll need in the future because all of that new technology is based on data.
A fundamental understanding of the significance of data and how to transform it into insights and value is known as data literacy. You'll need to be able to access the right data, work with it, interpret the results, share your findings with others, and, if required, challenge the data in a business setting.
Today, "technical talents" encompasses a wide range of abilities; future employers won't just require IT and engineering expertise. A wide range of technical abilities remain of utmost value even as the nature of work changes and processes become more automated.
Technical skills are essentially the practical or physical abilities required to do a task successfully. Although it is true that coding, AI, data science, and IT skills are in high demand, there is a far wider market for these skills. Being a plumber requires technical expertise. The same is true for truck drivers, nurses, carpenters, and project managers.
As new technologies emerge, we will require increasingly specialised technical skills in every business. As a result, you should be ready to constantly learn and concentrate on your professional development through a combination of formal education, training, and on-the-job training.
Digital Threat Awareness
The world is becoming increasingly digital, and cybercriminals are becoming more sophisticated and smarter This implies brand-new dangers that could significantly affect both our personal and professional lives.
Digital threat awareness refers to being aware of the risks associated with utilising digital devices and the internet, as well as having the tools necessary to protect your company and yourself.
Our digital fingerprints are bigger than ever since so many of our activities—from scheduling doctor visits to placing takeaway orders on Friday nights—take place online.
Digital threat awareness means understanding the biggest threats in our everyday lives, including:
● Digital addiction
● Online privacy and protecting your data
● Password protection
● Digital impersonation
● Data breaches
● Malware, ransomware, and IoT attacks
In order to reduce the dangers posed by these cybersecurity threats, we should all strive to have healthy relationships with technology and educate people on how to get the most of technology without letting it take over our lives.
by Jasmine Ellis
Virtualization is a process of creating a virtual environment. It enables users to run different operating systems on a same computer. It creates a...
Virtualization is a process of creating a virtual environment. It enables users to run different operating systems on a same computer. It creates a virtual (rather than physical) version of an operating system, a server, or network resources. Virtualization can be considered as part of a broader trend in IT environments that will govern themselves based on perceived activity and utility computing in many organisations. The most crucial goal of virtualization is to reduce administrative tasks while improving scalability and workloads. However, virtualization can also be used to improve security.
In today's work context, virtualization offers numerous advantages. Running many workloads allows physical server resources to reach their full potential. Operating system instances are able to be divorced from the underlying hardware and move freely between several hosts in a cluster setup without causing any negative consequences.
High-availability mechanisms that were never before possible, such as the ability to restart virtual machines on a separate server if the primary host dies, are now possible. By abstracting the network from the underlying physical network switches, wiring, and other devices, virtualized networking provides many of the same benefits to network traffic.
In this article, we will see how virtualization technology is improving security by means of innovative ways security problems and challenges are being met with virtualized solutions.
Security is of Primary Concern
Organizations today are quickly recognising how critical security objectives are, regardless of the project or business activities involved. However, security is being scrutinised more than ever before, particularly with regard to technology infrastructure. Large-scale, high-profile data breaches that make significant news headlines are not the type of attention that companies want. Ransomware attacks that disrupt business-critical systems are equally alarming. Today's businesses must have a razor-sharp focus on security concerns and how to effectively address them.
With any plans to integrate new technologies or go forward with new infrastructure, security cannot be an afterthought. It must be built into the project as a required component to ensure that essential aspects of the security thought process are not overlooked. The virtualization era has altered the way businesses think about security and privacy. Many of the security boundaries that existed in the strictly physical world have been broken down because to virtualized technology.
After installing new technology, many companies consider the security concerns. Virtualization has numerous advantages, making it simple to sell in IT architectures. Virtualization can help you save money, improve business efficiency, reduce maintenance downtime without disrupting operations, and get more work done with less equipment.
The following are the few ways to minimize risk and improve security through virtualization:
Sandboxing is a security strategy that isolates running applications from untrusted third parties, vendors, and websites. It's commonly used to run untested code or programmes. Sandboxing's major purpose is to increase virtualization security by isolating an application to protect it from external malware, destructive viruses, and stopped-running apps, among other things. Put any experimental or unstable apps in a virtual machine. The remainder of the system is unaffected.
Since your application can be attacked maliciously while running in a browser, it's always a good idea to run your apps in a virtual machine. Virtualization and sandbox technology are closely related. Virtual computing provides some of the advantages of sandboxes without the high cost of a new device. The virtual machine is connected to the Internet rather than the corporate LAN, which protects the operating system and apps from viruses and other malicious threats.
Server virtualization is the process of dividing a physical server into smaller virtual servers in order to maximise resources. The physical server is divided into many virtual environments by the administrator. Hackers nowadays frequently steal official server logs. Small virtual servers can run their own operating systems and restart independently thanks to server virtualization. Stable and compromised programmes are identified and isolated using virtualized servers.
This sort of virtualization is most commonly found on web servers that offer low-cost web hosting. Server utilisation manages the complex aspects of server resources while enhancing utilisation and capacity. Furthermore, a virtualized server makes it simple to detect dangerous viruses or other harmful items while simultaneously safeguarding the server, virtual machines, and the entire network.
Network virtualization combines network hardware and software resources, as well as network functionality, into a single virtual network. Virtual networks, which use network virtualization, reduce the impact of malware on the system. Furthermore, network virtualization produces logical virtual networks from the underlying network hardware, allowing virtual environments to better integrate.
Isolation is an important feature of network virtualization. It allows end-to-end custom services to be implemented on the fly by dynamically combining various virtual networks that coexist in isolation. They share and utilise network resources received from infrastructure providers to operate those virtual networks for users.
Segmentation is another important element of network virtualization. The network is divided into subnets, which improves performance by reducing local web traffic and enhancing security by making the network's internal network structure invisible from the outside. By generating single instances of software programmes that serve many customers, network virtualization is also utilised to develop a virtualized infrastructure to fulfil complicated requirements.
This lets users to generate, change, and delete photos while also separating the desktop environment from the computer that is used to access it. Administrators may simply manage employee computers with desktop virtualization. This protects people from attacking computers with viruses or gaining illegal access.
Additionally, the user gains additional security from the guest OS image for the desktop environment. Such environment allows the users to save or copy data to the server rather than the disk, thus making desktop virtualization more secure option for networking.
On the security front, virtualization is possibly one of the most effective strategies that businesses can use to combat harm and criminal intent. These principles demonstrate how virtualization can help your firm reduce risk and increase security.
Regular upgrades and vulnerability scans are required for all technology-based systems (virtualization included) to reduce the chance of weakness, and the adoption of hardened virtual machine images is strongly recommended.
by Simon Nicholls
High-profile cyberattacks, data breaches, and ransomware attacks have dominated the headlines over the past year or so, causing organizations all...
High-profile cyberattacks, data breaches, and ransomware attacks have dominated the headlines over the past year or so, causing organizations all around the world to review their cybersecurity strategies. For organisations that do not regard cybersecurity as a business investment, the destructive effects of cyberattacks on a company's ability to operate will increase in the future.
The Gartner Security & Risk Management Summit, June 20-21 in Sydney, Australia, delivered sobering revelations about the future of cybersecurity — with the aim of helping security and risk management leaders succeed in the digital era.
Richard Addiscott, senior director analyst, and Rob McMillan, managing vice president, of Gartner, highlighted important patterns in their opening keynote talk. One of these trends was the emerging relationship between Executives performance evaluations and the capacity to handle cyber risk.
Gartner’s experts noted that almost one-third of all nations will regulate ransomware response within the next three years; and security platform consolidation will help organisations thrive in hostile environments.
“We can’t fall into old habits and try to treat everything the same as we did in the past,” Addiscott told attendees. “Most security and risk leaders now recognize that major disruption is only one crisis away. We can’t control it, but we can evolve our thinking, our philosophy, our program and our architecture.”
Gartner recommends that cybersecurity leaders build several strategic planning assumptions into their security strategies for the next two years:
1. Consumer privacy rights will be extended
Privacy regulation continues to expand and the tech analyst predicts it will be extended to cover five billion people, and more than 70% of global GDP. It said organizations should track subject rights request metrics, including cost per request and time to fulfill, to identify inefficiencies and justify accelerated automation.
2. By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access
Garter said with the rise of hybrid work, vendors are offering integrated services across web and cloud-application security. The benefit here is tighter integration, fewer consoles to use, and fewer locations where data must be decrypted, inspected and re-encrypted.
3. Many organizations will embrace zero-trust, but fail to realize the benefits
The tech analyst predicts that by 2025, 60% of organizations will attempt to adopt zero-trust security, a concept that assumes there is no traditional 'perimeter' to the corporate network, so all devices and users have to be regularly re-authenticated. But it said more than half will fail to realize the benefits.
Replacing implicit trust with identity -- and context-based, risk-appropriate trust -- is extremely powerful, said Gartner, but requires a cultural shift and clear communication that ties it to business outcomes to achieve the benefits. And not all companies will be successful.
4. Cybersecurity will become key to choosing business partners
Gartner predicts that 60% of organizations will use cybersecurity risk as a "primary determinant" in conducting third-party transactions and business engagements by 2025. Only 23% of organisations monitor third parties in real time for cybersecurity exposure, according to Gartner. But as a result of pressure from customers and regulators, it believes organizations will start to insist on measuring cybersecurity risk, ranging from simple monitoring of a critical technology supplier to complex due diligence for mergers and acquisitions.
5. Ransomware payment legislation will rise
At the moment there is little legislation around when companies can -- and can't -- pay ransomware demands. That could be about to change; Gartner predicts one in three countries will introduce such laws soon. The decision to pay the ransom or not is a business-level decision, not a security one. Gartner recommends engaging a professional incident-response team as well as law enforcement and any regulatory body before negotiating.
6. Hackers will weaponize operational technology environments to cause human casualties
Attacks on OT -- hardware and software that monitors or controls equipment, assets and processes and is often the brains behind industrial systems in factories or power grids -- have become more common and more disruptive, Gartner said, warning that threat actors will have "weaponized" operational technology environments to cause human casualties by 2025. "In operational environments, security and risk management leaders should be more concerned about real-world hazards to humans and the environment, rather than information theft", according to the analyst firm.
7. Resilience will be about more than just cybersecurity
By 2025, 70% of CEOs will drive a culture of organizational resilience to deal with threats from cybercrime, but also from severe weather events, civil unrest and political instabilities, Gartner said: "With continued disruption likely, Gartner recommends that risk leaders recognize organizational resilience as a strategic imperative."
8. Cybersecurity will matter for the CEO's bonus
By 2026, 50% of C-level executives will have performance requirements related to risk built into their employment contracts, Gartner said. As boards now increasingly regard cybersecurity as a business risk rather than just a technical problem, accountability for cyber risk will shift from the security leader to senior business leaders, it said.
by Jasmine Ellis
DevOps culture and procedure are critical for enterprises to keep up with the pace of cloud-native software development, especially when code...
DevOps culture and procedure are critical for enterprises to keep up with the pace of cloud-native software development, especially when code deployments happen multiple times per day. The capacity to construct, populate, and grow cloud apps and infrastructure in real time, frequently through code, offers for extraordinary agility and speed. Security, on the other hand, is frequently left in the dust when things move so swiftly.
The reality is that many businesses have yet to figure out how to effectively secure the cloud. A lack of cloud security knowledge, along with legacy security regulations that do not cover the cloud and a scarcity of cybersecurity expertise relevant to cloud systems, is a problem. And thieves are eager to exploit these flaws: according to a 2021 research, nearly half of the more than 2,500 publicly publicised cloud-related vulnerabilities were discovered in the recent 18 months.
Security must be integrated at every level of the DevOps life cycle, also known as DevSecOps, due to the flexible nature of cloud technology. Any firm that uses the cloud must adopt a DevSecOps approach, which necessitates new security guidelines, policies, procedures, and technologies.
There are two primary goals of DevSecOps-
1. Secure Code
2. Speedy Delivery
Advances in IT like cloud computing, shared resources, and dynamic provisioning requires application security in every stage, and DevSecOps entails the same.
The Cloud is a Vulnerable Platform
Data breaches are one of the most pressing risks for any company today. The methods employed by attackers to enter cloud settings differ from those utilised in on-premises environments. Malware attacks are rare; typically, attackers take use of misconfigurations and other flaws.
Another important worry is that most firms employ multi-cloud, which might result in a lack of visibility. It can lead to cloud workloads and traffic not being properly monitored, allowing attackers to exploit security flaws. DevOps teams also have a habit of giving people considerably more privileges and permissions than they require to do their jobs, which increases the risk of identity-based attacks. According to studies, identity-based assaults were used in roughly 80% of cyberattacks to compromise legitimate credentials.
Installing cryptominers onto a company's system is another option for attackers to profit from cloud vulnerabilities. Cryptocurrency mining necessitates a significant amount of computational power. Threat actors will employ hacked cloud accounts to carry out this operation and make as much money as possible while draining the company's resources.
Security Shifting to the Left
Protecting the cloud entails safeguarding an ever-increasing attack surface that includes everything from cloud workloads to virtual servers and other cloud-related technology. Attackers are continuously on the lookout for weak points in systems, especially susceptible cloud applications. With more organisations turning to the cloud than ever before to fulfil the needs of a remote workforce, the number of cloud apps available has grown.
Traditionally, security is applied to code as the final step before it is released. When vulnerabilities are discovered, the release is either postponed or the development team is forced to hustle to fix each security flaw while the security team scrambles to review the updates. Shifting security left for DevOps teams guarantees that vulnerable code is found as it is built rather than during the testing phase, lowering costs and resulting in secure cloud apps.
Shift left security is a critical component of the software development life cycle, and getting it correctly should be a top concern. Organizations can accomplish DevSecOps and greatly reduce security issues surrounding cloud-native software and application development by incorporating security into the early phases of the development process.
Cloud security that is effective can enable DevSecOps
DevSecOps technologies and techniques can help companies develop a strong and secure cloud foundation. Cloud security requires a unified view of multi-cloud environments and constant intelligent monitoring of all cloud services. That unified visibility must be able to detect misconfigurations, vulnerabilities, and security threats while also giving developers and DevOps teams with actionable insights and automated remedies.
Additionally, it's critical to have the correct security policies in place that enforce cloud security standards throughout the entire infrastructure to satisfy (or exceed) industry and government regulations. This encompasses everything from multi-factor authentication to general security best practises for all employees, as well as a robust incident response system that guarantees the organisation is ready for an attack.
Up-to-date threat intelligence, on the other hand, should always be at the heart of any good cloud security strategy. Adversaries are continuously devising new techniques to attack the cloud and looking for flaws to exploit. It's critical to have the most up-to-date information about threat actors and their techniques, and then apply it to breach detection. Threat intelligence allows security teams to anticipate attacks and properly prioritise protection, mitigation, and repair in order to avoid them. DevSecOps provides enterprises with the prevention, detection, visibility, and reaction tools they need to defeat attackers by delivering all of this functionality from and for the cloud.
by Dafydd Kevis
Following the European Council and Parliament's provisional agreement on networks and information systems, called NIS2, Europe has moved closer...
Following the European Council and Parliament's provisional agreement on networks and information systems, called NIS2, Europe has moved closer to new cybersecurity standards and reporting requirements. The new measures, first proposed by the European Commission at the end of 2020, look to boost the cyber resilience of entities across range of sectors deemed critical for the economy and society.
NIS2 will take the place of the present Directive on the Security of Networks and Information Systems, or NIS, which was adopted in 2016. The new directive establishes tighter criteria — as well as possible consequences, such as fines – for a broader range of industries that must adhere to computer security regulations.
It also aims to minimise "significant differences" in risk management and security reporting requirements among EU member states by adopting uniform criteria for assessing, reporting, and taking action to mitigate cyber risk.
The existing regulations on network and information system security (NIS Directive) were the first piece of EU-wide cybersecurity legislation, and they cleared the way for a dramatic shift in mindset, institutional, and legislative approaches to cybersecurity in many Member States. Despite their remarkable accomplishments and beneficial influence, they needed to be updated due to our society's expanding digitalisation and interconnection, as well as the increasing amount of cyber harmful operations on a global scale.
To address Europe's increased vulnerability to cyber threats, the NIS2 Directive now includes medium and large entities from a wider range of sectors that are critical to the economy and society, such as providers of public electronic communications services, digital services, wastewater and waste management, critical product manufacturing, postal and courier services, and public administration, both at the national and regional levels. Given the increased security threats that occurred during the COVID-19 pandemic, it also covers the healthcare sector more widely, for example by incorporating medical equipment manufacturers. The new standards' expanded reach will assist raise the level of cybersecurity in Europe in the medium and long term by effectively compelling more organisations and sectors to employ cybersecurity risk management procedures.
The NIS2 Directive also enhances the cybersecurity standards imposed on businesses, targets supply chain and supplier security, and holds top management accountable for non-compliance with cybersecurity duties. It intends to harmonise sanctions regimes across Member States by streamlining reporting responsibilities, introducing more tougher monitoring measures for national authorities, as well as stricter enforcement requirements. It will aid in the sharing of information and collaboration on cyber crisis management at the national and EU levels.
NIS2 also sets up a European cybercrisis liaison organization network, dubbed EU-CyCLONe, to help manage large-scale online attacks across Europe, and also to coordinate vulnerability disclosure and increase information sharing and cooperation between government and private sector organizations. Meanwhile, companies that don't comply with the new risk management and reporting rules face fines of up to €10 million or two percent of their global annual turnover, whichever is higher.
Once adopted by the Council and European Parliament, member states will have 21 months to incorporate NIS2 into their national laws.
European Commissioners, for their part, welcomed the agreement.
"In today's cybersecurity landscape, cooperation and rapid information sharing are of paramount importance," said Thierry Breton, commissioner for the internal market, in a statement. "With the agreement of NIS2, we modernize rules to secure more critical services for society and economy. This is therefore a major step forward."
by Simon Nicholls
The importance of cybersecurity is increasing. Fundamentally, our society is more technologically reliant than it has ever been, and this tendency...
The importance of cybersecurity is increasing. Fundamentally, our society is more technologically reliant than it has ever been, and this tendency shows no signs of slowing. Technology's development and expansion have had a beneficial impact on human existence, but the ease has come at the cost of cyber-attacks. If you utilise a tech device for any reason, you're likely to be a victim of a cyber-attack.
You'll need to be secure, which is where cyber security comes into the equation. Whether you're a person, a small business, or a huge corporation, you rely on computer systems on a daily basis. When you combine this with the rise of cloud services, poor cloud service security, smartphones, and the Internet of Things (IoT), you have a slew of cybersecurity risks that didn't exist only a few decades ago.
The protection of electronic data and information is known as cyber security. It protects electronic systems on devices like as computers, phones, servers, and networks against harmful assaults. It is critical, regardless of who you are, to protect your data from unwanted access.
Cyber-security is at an all-time high, and we must all do our share to be protected. Everyone has a role to play. This does not imply that everyone should become a cybersecurity specialist; rather, we must raise awareness of the threats that your users encounter so that they are not caught off guard when they are attacked.
Here are some top, simple tips to kep yourself and your business protected against unwanted Cyber Attacks:
Many of your personal accounts may be accessed through your email, putting you exposed to identity theft.
Important security upgrades are included with software and app updates to help safeguard your devices from cyber criminals.
To ensure the security of your data, two-factor authentication is advised for email accounts.
Password managers can assist you in creating and remembering passwords.
With a screen lock, you can keep your smartphone and tablet safe and add an added degree of protection to your devices.
Back up your most valuable material, such as photographs and essential papers, to an external hard drive or a cloud-based storage solution.
by Dafydd Kevis
The increased reliance of business on their IT functions means that the cybersecurity sector is required to evolve and grow almost on a daily basis....
The increased reliance of business on their IT functions means that the cybersecurity sector is required to evolve and grow almost on a daily basis. From single phishing attacks to nation-state attacks used in the midst of the theatre of war, the versatility required from cyber professionals and organisations has never been so imperative, especially with the constant changes in threat landscapes and business operations.
Although not conventionally correlated, the global pandemic has directly influenced complexities in developing robust security architectures. The rise in remote working and the increased preference for cloud-based approaches have ensued major shifts in not just technical advancements, but also in operational.
How has COVID influenced operational arrangements?
The position of CISO has seen advancements in many aspects, from increased salary ranges to restructured hierarchies. With cybersecurity being viewed more as a business risk as opposed to a technological risk, the role of CISO has become fundamental to every business and therefore expanded to include business continuity decisions and liaising with board members for wider business decision making.
As the cybersecurity landscape continues to evolve the more prevalent the CISO is in the overall success of a business, especially considering the shift to more remote working. We have seen an increased requirement for senior cyber professionals to join organisations and begin maturing and building out their internal security functions.
What technological advancements are influencing the cybersecurity landscape?
The biggest driver of change has been the quick implementation of cloud-based services since the onset of the pandemic. This has meant that cybersecurity strategies have too required quick implementation of new and robust procedures and tools to remediate the increased variety in threats.
The increased aggregation of company data into cloud systems means an efficiency and practicality on terms of the client, however the provider becomes a prime target for data breaches and attacks. With the likes of IaaS and PaaS, the responsibility of securing data, user access, applications and operating systems falls under the remit of the organisations and at differing levels, requiring comprehensive plans and strategies to ensure robust security protocols. IAM and PAM requirements are prevalent in job specifications at the moment, simple access practises are no longer acceptable in environments with increase collaboration and remote access requirements.
What does the future of the cybersecurity landscape look like?
Ultimately, the cybersecurity landscape will continue to evolve and develop to coincide with the constant shifts in attack vectors. Organisations will continue to utilise the most up-to-date systems and platforms available and with this leaning more towards cloud-based computing, robust security strategies, functions and tools will become highly sought after.
There are increasing calls for more governmental regulated approaches to cybersecurity and defence, particularly due to recent events in which cyber attacks are being used in the theatre of war.
There is no doubt that cybersecurity will be at the top of corporate agendas in the post-COVID era, it will be interesting what innovations and transformations will come as a result of this.
by Lauren Greene
Who, what, where, when, why?
Despite common misconception, the concept of a metaverse isn’t a new one. First introduced in 1992,...
Who, what, where, when, why?
Despite common misconception, the concept of a metaverse isn’t a new one. First introduced in 1992, sci-fi writer Neal Stephenson coined the term 'metaverse' to describe a 3D virtual space. This idea was then realised for the first time in 2003 through an online multimedia platform called “Second life”.
Since then, there have been numerous examples of gaming platforms exploring the potential applications of this concept. For example, in 2020 the immensely popular video game Fortnite conducted a virtual Travis Scott concert within the game, and 12.3 million people worldwide tuned in. A more general example is any game within the MMORPG (Massively Multiplayer On-line role-playing game) genre such as World of Warcraft, where thousands of players can inhabit the same virtual space, with players logging in and out continually, and able to interact in various ways.
The Covid 19 pandemic has been a large extrinsic motivator for the growth of this industry, accelerating and driving the convergence of physical and digital. Companies invested heavily within collaboration and messaging technologies such as Teams, Zoom and Skype, and have now created a digital hiring, onboarding, and remote working world.
Meta, the rebrand of Facebook, and Microsoft, are leading the path for the metaverse alongside other large names in the tech industry which are all racing towards securing their name and real estate in the 3D VR world that will soon become a reality.
The evolution of emerging technology and digital transformations will see a huge transition for the main 3 pillars of human activity: Work, Education and Entertainment.
Over the years, Retail as an industry has taken a huge, and successful move onto online platforms, saving money for physical resources, allowing mediation of our activities remotely, and putting products in the hands of consumers worldwide. The metaverse could be the next evolution of this journey, allowing consumers to get that physical feel whilst they shop online from the comfort of their own homes.
Many companies are already looking at being a part of this virtual world and benefiting from a dedicated virtual space in which they can conduct interviews, doctors’ appointments and try on clothes without moving a muscle.
On a larger scale, geopolitics will see an impact, which could be both a help and hinderance to have present governing bodies for smaller counties but to also create communities transcending borders in reality.
Understanding how the Metaverse will be accessed
To first give a broad understanding of how the metaverse will be accessible, you first need to understand the different tech behind it. Extended Reality (XR) covers both Virtual Reality (VR) and Augmented Reality (AR) where VR enables you to fully immerse yourself in a 3D platform with the use of a headset whilst AR will overlay images onto the real world.
Whilst the metaverse doesn’t have to exclusively exist in XR, it’s the version of it that does that’s getting the most attention. This is because more immersive, experiential environments are central to the whole concept – something that XR interfaces lend themselves to very well.
Meta is focusing heavily on the VR aspects through its well renowned and recently bought hardware brand Oculus. 3D environments, avatars, and gamification – three fundamental aspects of the concept – all fit well with VR interfaces. And AR, too, with its potential to blur the distinction between virtual and real worlds, is another idea that meshes well with the metaverse concept.
2022 should see the release of Meta’s Horizon platform as an expanded VR world, this will be the first step into giving people a sensation of what the metaverse could become, and VR will be the window through which they experience it.
How will it ‘feel real’?
As a running trend for technology becoming smaller and more powerful, over the next few years we will also see this for VR which is a huge benefit for lighter headsets.
First seen in CES 2022 was the rebrand of the chunky VR sets to sleek and easily wearable AR devices which will be made available to buy over this coming year. HTC also made a device called the flow which is a slimmer stand-alone model making this device easier to use which focuses on entertainment and mental health.
AR devices will get lighter, too – California start-up Mojo-Vision has already demonstrated the potential for AR contact lenses that project information directly onto the retina.
Other innovations will attempt to solve the problem of enabling realistic movement within virtual environments (which will always be a problem if your actual environment doesn’t match the size and proportions of your virtual one and isn’t free of hazards that might cause you to trip over!). Proposed solutions to this problem include both boots, as offered by Ekto VR, and treadmills, like the one developed by Virtuix.
Another technology known as haptic feedback will attempt to solve the problem of providing sensations of touch in XR environments. One example is the Teslasuit that provides tactile feedback through electrostimulation. The suit currently costs around $20,000 and, among other uses, is used by NASA for astronaut training, but we can expect to see smaller-scale consumer versions on the market in 2022.
We can also thank the 5G rollout which is picking up pace in 2022 to become a mainstream proposition with speeds 20 times quicker than existing networks for data transmission. In addition to increasing this differential, the benefits also include different types of data and services. This is likely to include the large data volumes needed to run XR, making wireless and cloud-based VR and AR a possibility. Plutosphere, for example, and other start-ups offering similar services, let users stream VR games from cloud servers. This will dramatically lower the barriers to entry for many businesses wanting to deploy XR solutions without making large infrastructure investments.
How will this impact us?
Within education, XR technologies make it easier for students to visualize concepts – from the numbers used in accounting to historical events or even the inner workings of reality exposed through quantum physics – in interesting and engaging ways. Evidence suggests that when we learn through experiencing in this way, rather than simply reading dry facts, we can improve our knowledge retention by 75 to 90%.
Examples in a working environment include VR being used for training and to simulate operations in dangerous situations, such as the FLAIM system used to train firefighters to tackle wildfire and aircraft fires. AR is increasingly being used to provide real-time inputs to trainees during on-the-job learning, such as using computer vision-equipped glasses and headsets to recognize and warn of potential dangers in the work environment.
For businesses, AI will be able to inform target audience creation, creative optimization, and inventory forecasts.
In the agricultural world we have seen a ‘bovine’ matrix for happy cows testing in Turkey, where cows will experience a virtual open field and sunny setting rather than cooped up in a milking parlour which has proved results in higher quantity and quality of milk. Despite the positive results for farmers, the process raises serious questions about ethical farming. Would more milk be worth putting animals in a bovine matrix where they have no perception of the real world (a cooped-up milk farm with tens of other cows)?
Complexities and challenges of a new reality
Regulators will need to be put in place with facial expressions, blood pressure etc. being tracked for digital rights. On top of this if this is a pixelated replica of our universe, will this face balkanization as seen in our world where the internet already operates in different parts of the world.
Even more of a frightening thought is with a Metaverse containing so much private information, what risk is there for digital espionage and how much technical support will the Infrastructure and Security of a platform of this size need?
Control of data will also be the control of market. The opening advantage in the metaverse will go to those with the data to make the new virtual activities relevant to the user. The result is no different from the present online world in which those with the data hoard it to control the market.
Facebook algorithms are programmed to maximize user time on the site to maximize the number of advertisements that can be sold. As the algorithms are programmed to maximize engagement this means the algorithms send to each user news that is in line with their pre-established views, not news that creates a shared foundation. Even worse, is that one of the best ways to hold engagement is to create conflict and outrage, regardless of the veracity of the claim. This brings us around to the development of government-overseen behavioural standards protected consumer, workers, and competition in the industrial revolution—while simultaneously enabling a vibrant and growing economy. Where the digital revolution requires similar government-overseen standards. Facebook is currently discussing behavioural standards for the metaverse, but it is not sufficient. Many people are looking to distract from our current challenges with the shiny new metaverse, however we have yet to resolve the challenges in the current online universe—problems that will simply metastasize into the metaverse if not dealt with.
by Charlotte Robinson
Microsoft launched Windows 11 on the 5th of October 2021 as a free upgrade. Throughout the previous 3 months, I have had many interesting discussions...
Microsoft launched Windows 11 on the 5th of October 2021 as a free upgrade. Throughout the previous 3 months, I have had many interesting discussions with candidates on whether Windows 11 is as good as it has been made out to be. Throughout this article post, I will discuss some of the benefits and disadvantages of Windows 11 and everything you need to know to make the decision on whether it's time to upgrade.
Microsoft has made it clear that Windows 11 is available to all. There is no additional cost associated with installing Windows 11. However, it is not available to everyone because the update is only compatible with a Trusted Platform Module 2.0 and an Intel Core 8th generation processor that was released in 2017. As a result, most PCs older than four years will be unable to download the update. Since Windows 10 will only receive one upgrade per year until 2025, when it will be retired, this is a major issue for businesses using older technology. Companies have only three years to change their computer hardware as a result of this.
Despite the fact that the update is difficult to obtain, it has its advantages. For gamers, it features automatic HDR, which enhances the vibrancy of game pictures, and direct storage, which allows the graphic card and the Solid State Drive (SSD) to communicate more quickly.
Additionally, given Microsoft has chosen a new MacOS-style taskbar, it should be easier for MacOS users to navigate Windows 11. Unlike MacOS, which allows you to pin the task bar to any of the four corners of the screen, Windows 11 only allows you to pin it to the bottom, which could be inconvenient. Furthermore, customers have been perplexed by the fact that they are unable to see their live programmes on the task bar, making navigating more difficult.
As well as the new tool bar, Windows 11 will also come with a “Microsoft Chat” App, very similar to iMessage and Facetime from Apple. The Chat App uses the users Phone Number or Email-ID to enable the chat feature.
One of my favourite new features will be the various Window Sizes; by that, I mean that Windows 11 has "Snap Layouts" that allow you to have multiple applications or documents open on your screen at the same time. As someone who works in a second language, I find that online dictionaries are my closest friend. Having a dictionary and a document open on the same screen at the same time will help tremendously. Individuals will be able to get more work done as a result of this feature, as they will be able to view a greater variety of jobs they are working on. Home office plays a key part in our working lives at the moment with not all of us having access to multiple screens, “Snap Layouts” provides us with an alternative. On the other hand, having more tabs open may lead to more distractions because you are not focused on a single job.
"Edge Browser" is the preferred browser for Windows 11. Sleeping tabs are available in this browser, allowing you to save memory and Central Processing Unit (CPU) usage. This means you have the ability to re-open the apps you had the previous time you turned on your computer. This has the advantage of allowing you to pick up just where we left off, but it also implies that if we want to start fresh the next day, we must ensure that all apps are closed at the end of the day.
I am really excited to be able to use the new Windows 11. I look forward to using the new taskbar, the “Snap Layouts” and the setting to have my last opened applications open again when I start in the morning.
by Chris Burnett
When it comes to IT, companies must make critical strategic decisions all the time. In doing so, it is essential to keep an eye on industry trends...
When it comes to IT, companies must make critical strategic decisions all the time. In doing so, it is essential to keep an eye on industry trends and developments. Looking ahead to 2022, there are several themes that have emerged because of the pandemic, as well as some that come up year after year.
In this article, we've compiled a list of our top IT trends for 2022, as well as looking at the overall direction in which the information technology market is moving.
With more staff working remotely and the cloud becoming the norm, it's critical for businesses to start thinking about network security in new ways. Cybersecurity mesh is a flexible architecture that combines best-of-breed, stand-alone security solutions to improve overall protection. It enables organisations to separate policy decision-making from policy enforcement: a cybersecurity mesh creates security perimeters around individuals rather than just the company. Organisations will be better equipped to protect data and information using this mesh technology, including what's inside the facility walls as well as what's on the outside.
Data is one of a company's most valuable assets. To be able to carry out operational and transactional activities reliably and cleanly, it is vital to maintain excellent data quality. The "cleaner" the data, the more accurately, solidly, and confidently it may be examined and used to make business decisions."Data fabric," according to Gartner, is a design idea that acts as an integrated layer, or fabric, of data and processes. Data fabric makes use of both human and machine skills to access data that is already in place or to facilitate data consolidation when necessary. It allows for the flexible and reliable integration of data sources across platforms and business users, ensuring that data is available wherever it is needed, regardless of its location.
Gartner defines PEC as featuring three technologies that protect data while it is in use. These technologies include:
- A trusted environment where sensitive data can be processed or analyzed.
- Performs processing and analytics in a decentralized manner.
- Encrypts data and algorithms before analytics or processing.
With this trend, organizations are empowered to conduct research securely across regions and with competitors without betraying their confidentiality.
According to Forbes, PEC allows different parties to extract value and achieve significant results from data in untrustworthy environments, letting them to interact without disclosing personal or sensitive data. According to Helpnet Security, as privacy and data protection legislation become more prevalent, more breakthroughs in data privacy have been created. PETs uses privacy-protection to extract value from data in a safe manner without jeopardising confidentiality, using a data-driven approach to security and privacy.
For a long time, Hyper Automation has been spoken about in aspirational terms, with the technology being dubbed '"the next frontier for organisations globally" by Deloitte. It's been featured on Gartner’s top 10 key technology trends for 2020 and 2021 and according to Gartner, during the next year, 85 % will enhance or maintain their hyperautomation investment strategy. Hyper automation is a method for quickly identifying, vetting, and automating as many business and IT activities as possible. The faster provisioning and utilisation of IT infrastructure saves time, people resources, and money. Employees will be able to focus on more critical / strategic duties as a result. Additional benefits include reduced error rates and faster scaling of various IT infrastructures, whether on-premises, in the cloud, or hybrid.
Cloud computing surged in 2020 and 2021 as businesses turned virtual to adapt to the worldwide pandemic by focusing on digital service delivery. In 2022 we will undoubtedly witness further rapid acceptance and growth in 2022, with predictions from Gartner, global spending on cloud services is expected to reach over $482 billion in 2022. Cloud-native platforms take advantage of cloud computing to provide enterprises with elastic and scalable capabilities that allow them to respond quickly to digital change. Cloud-native solutions are an improvement over the typical lift-and-shift approach to cloud, which loses out on the benefits of cloud and adds complexity to maintenance.
Every day, the world generates approximately 2.5 quintillion bytes of data, and this figure is growing at an exponential rate. However, the effectiveness of that data is limited by the processes in place to manage, control, and assess it. Because this massive effort is practically impossible to complete manually, businesses therefore turn to artificial intelligence (AI). To make AI delivery more efficient, AI engineering automates data, model, and application upgrades. AI engineering, when combined with robust AI governance, will operationalize AI delivery to assure its long-term economic value.
By addressing common business challenges, the top strategic technology trends will advance digital capabilities and generate growth. Different trends will have different impacts on people organisations. Because most of the trends are tightly intertwined, different combinations of technology are likely to be necessary to compete at different stages of the company growth cycle.
by Adriana Timme
Cyber security is one of the fastest expanding businesses in the UK and throughout the world, with no indications of slowing down. Cyber criminals...
Cyber security is one of the fastest expanding businesses in the UK and throughout the world, with no indications of slowing down. Cyber criminals are always inventing and adapting in order to find new ways to hack, attack, and steal information online. It's a rapidly growing sector with several opportunities for individuals interested in pursuing a career in it. Cybersecurity professions, like many other technologically focused sectors, are overwhelmingly dominated by males.
The gender gap in cyber security is one that is regularly talked about.
The gender imbalance in the cyber security sector is one of the most apparent irregularities. Women make up just 11% of the worldwide cyber workforce, according to a recent survey from the Women's Society of Cyberjutsu (WSC). Women are sorely underrepresented in cyber security and often don’t see the occupation as a viable option due to a number of factors such as a lack of female role models within the industry, stereotyping and pay gaps.
Many businesses are beginning to see the value of having a gender-balanced workforce, particularly in fast-paced areas like cybersecurity. There are numerous reasons why this is an excellent career choice for women.
We've compiled a list of reasons why women might consider pursuing a career in cybersecurity:
1. Job Diversification
Cybersecurity is not confined to a single type of employment; it comprises a wide variety of positions in many areas and industries. Each area of cyber demands a unique and specialised skill set, from forensics to incident response strategy to counselling large corporations.
Working in cyber is also highly varied in terms of day-to-day responsibilities; with the environment continuously evolving, no two days are same. Multitasking and a great aptitude for problem-solving are required to solve cyber security issues. It is, without a doubt, a fascinating industry to be a part of.
One of the greatest barriers women face in their professions is a lack of professional flexibility. Unfortunately, childcare is still primarily the responsibility of women, making strict work environments challenging for women who wish to strike a healthy work-life balance while simultaneously achieving success.
Because most of the work in cybersecurity is done online, many positions lend themselves to flexible working hours and remote work.
3. Financially Rewarding
The cyber security industry is an extremely rewarding career path, especially at the moment where this skillset is in demand. The average salary for a cyber security analyst is around £51,000, with a career in the industry leading to a salary upwards of £70,000.
4. Boost Innovation
It has been established that having a higher percentage of women in the workforce increases team productivity and creativity, both of which are critical in the cybersecurity sector. We can enhance the potential talent pool and build a more strong workforce to meet the rising cyber threat of the upcoming years if we have more women in cyber.
by Matthew Bell
At nearly 18 months into the pandemic, numerous lockdowns, multiple vaccinees and a completely new way of working – it’s safe to say that...
At nearly 18 months into the pandemic, numerous lockdowns, multiple vaccinees and a completely new way of working – it’s safe to say that the world has changed quite drastically.
Technology has been a huge enabler of this change. Microsoft’s Brad Smith said two years of digital transformation took place in the first two months of the pandemic.
As England emerges from lockdown with a promise of a return to “normality”, which of these tech innovations will stick?
Perhaps the most notable “new tech” is the increased use of video calling, not only as a work tool, but also to stay connected to our loved ones. So much so that Zoom became a verb.
While Zoom-fatigue did hit hard and the thought of another virtual pub quiz is a little sickening, it’s clear that video calling is is a welcomed tool in the workplace, if not in our personal lives.
Unsurprisingly, in-person interactions with friends and family are preferred to virtual ones, but the use of Zoom, Teams and other video conferencing tools have facilitated the new era of flexible working. It’s safe to stay that Zoom is here to stay, whether we like it or not.
Cyber-criminals have had a field day since the pandemic started. Businesses globally were forced to adopt a remote working model where employees were often working from personal PCs, laptops and phones with limited antivirus software.
The ever-growing amount of data breaches means an ever-growing demand for cyber-security professionals. The unemployment rate in cybersecurity has been at 0% since 2011, so the responsibility lies with businesses, organisations and educational programmes to upskill people in the skills needed to fill the gap.
There will always be people looking to exploit a situation. As users of tech, we must remain diligent to phishing attacks, while keeping our devices updated and secure.
Fitness and wellness apps
As gyms remained closed for large parts of the pandemic, people looked for new ways to remain fit and healthy. Apps such as Strava and Nike Run Club were downloaded in mass.
Strava went from just over 2 million sessions each week pre-pandemic, to over 6 million sessions by May 2020. This figure remained even with the reopening of gyms.
While the gym isn’t going anywhere yet, it’s clear that people’s exercise habits have changed. Perhaps it was the efficiency of a home workout vs going to the gym that has kept the momentum going.
Awareness around mental health rose in 2020 as months in lockdown took their toll. Mindfulness and meditation apps such as Calm, which raised new funding at a $2 billion valuation in December 2020, were downloaded globally to combat the lockdown-lows.
The fact that these apps have held on to their users throughout the past 18 months points to a shift in the way we manage our fitness and wellbeing.
With so much uncertainty around what the immediate future will look like, it’s difficult to determine whether the tech we use today will be relevant tomorrow. Certain habits from the past 18 months were indeed welcomed and here to stay – many of which were enabled by technology.
written by Evangeline Hunt
by Leonie Schaefer
Once again, social media platforms are facing calls to tighten regulations on their platforms, following the hurl of racial abuse to members of the...
Once again, social media platforms are facing calls to tighten regulations on their platforms, following the hurl of racial abuse to members of the England football team. After losing to Italy in the final of the Euro 2020, certain players received swarms of abuse on social media, which critics say lies in the hands of these platforms to regulate.
London Mayer Sadiq Khan directly called on social media platforms to ‘act immediately to remove and prevent this hate’.
What kind of responsibility do these platforms have to prevent the spread of hate? Is there a way to leverage automation and machine learning to make this job easier?
Traditional media in the UK has an agreement with regulator Ofcom that makes them accountable for any form of abusive response to content. For example – a racist comment left on a BBC News article – the BBC would be accountable.
Ofcom doesn’t have this agreement with social media platforms because they aren’t considered to be publishers or broadcasters. These platforms remain self-regulating, so the question of accountability remains a grey area.
The difficulty these tech giants face is the huge volume of user-generated content, which swamps the efforts of human moderators employed by these platforms. It’s not expected that human moderators can sift through every piece of content, as soon as it’s posted, to see if it contains hate. The solution has to be automation.
We can already see social media platforms utilising automation to prevent misinformation around COVID-19. For example, Instagram immediately fags any content that contains information about COVID, and points users to the World Health Organisation for accurate advice. Critics have suggested this same technology be used to detect racist and abuse content.
Automation is already built into the algorithm in this way, such as a blanket banning of certain hashtags and words. But it can only do so much. Automation is currently unable to understand context, nuance, different cultures, etc. A certain emoji may not be offensive if said to one person, but when the context is different, the intention also changes. Instances such as this is where automation fails.
So what is the solution? Stopping trolls from posting hate on these platforms is of course, the ideal solution. But alas, an impossible ask. The more likely solution will take time – develop automation technology that is intelligent enough to detect the context of hate. Until then, there remains some power in the hands of users to report hate content when they see it.
What do Bitcoin, Charlie Bit My Finger, and Beeple’s digital art all have in common? They’re all powered by blockchain – a digital...
What do Bitcoin, Charlie Bit My Finger, and Beeple’s digital art all have in common? They’re all powered by blockchain – a digital list of records that are linked together using cryptography.
Blockchain-powered tech has risen in popularity, most notably in the form of cryptocurrency. But more recently, the sale of NFTs (non-fungible tokens) online for often millions of dollars has created a new buzz around blockchain.
Blockchain was originally created in 1991 with the purpose of timestamping digital documents so that they couldn’t be tampered with. This new tech went mostly unused, until it was adapted by Satoshi Nakamoto in 2009 to create the digital cryptocurrency Bitcoin.
A blockchain is a decentralized ledger that is open to anyone. The complex properties of a blockchain make it near-impossible to tamper with. Each block contains a unique “hash” – like a fingerprint, plus the hash of the previous block. If a single block is tampered with, the hash will change and won’t correctly match the hash of the next block – invalidating the chain. This makes blockchains a very secure way of storing data.
These days, blockchain is essentially a peer-to-peer network that enables trusted trade between individuals without the need for a mediator. Mediators can be anything from banks, online servers such as eBay or Amazon, or physical shops.
This is all well and good, but it sounds a bit hypothetical. Where is blockchain being used in our lives as of now, and where can we expect to see it in the future?
Like any new technology, its potential is still being unlocked. The most commonly known use for blockchain tech as of present is Bitcoin. Cryptocurrency uses blockchain encryption techniques to control the creation of monetary units and to verify their transfer between users of the peer-to-peer network. This removes the need for banks and even physical money.
In theory, blockchain can be applied to any sort of trade – be it goods or services, energy, or something like voting.
Most recently there has been a surge in the sale of non-fungible tokens, which are powered on the Ethereum blockchain. Non-fungible means something unique and can’t be replaced with something else – like a piece of art, or a song. Bitcoin, or a dollar, is fungible – one bitcoin can be traded for another bitcoin and it’s exactly the same.
The Ethereum blockchain is the cryptocurrency used to support NFTs – it stores extra information that makes them work differently. NFTs can really be anything digital, such as art, music, tweets, memes, videos, etc. A lot of the excitement surrounding NFTs is around digital art. Yes, artist Beeple did sell a piece of digital art at Christie’s Auction House for $70 million… The exact piece of art can be viewed online by anyone – yes anyone. But only one person “owns” it. The authenticity of this ownership is powered by blockchain.
Is paying $70 million for a piece of digital art crazier than buying a tweet from the founder of Twitter for $3 million? I can’t decide…
What makes blockchain so interesting is that its potential is only just being unlocked. Until recently, we wouldn’t have thought that it was possible to “buy” a tweet – but apparently it is. Who knows where this exciting new tech will go next… any ideas?
by Dominique Lianos
The shortage of cybersecurity professionals is nothing new. The unemployment rate in cybersecurity has been at 0% since 2011 – a fact unmatched...
The shortage of cybersecurity professionals is nothing new. The unemployment rate in cybersecurity has been at 0% since 2011 – a fact unmatched by any other industry. According to Cybersecurity Ventures, there will be 3.5 million unfilled cybersecurity jobs worldwide by the end of the year, up from 1 million positions in 2014.
This issue has only been exacerbated by the pandemic. Businesses globally were forced to adopt a remote working model where employees were often working from personal PCs, laptops and phones with limited antivirus software.
According to IBM, remote working increased the average cost of a data breach by $137,000. Despite these heightened security threats, many businesses are still cutting their cybersecurity budgets as we move through 2021.
Even with the ever-growing threat of smarter and more advanced security breaches, the security industry is under-resourced to fight hackers.
What can be done to address this issue?
Upskill more people
Sounds simple, but giving people the skills needed to fill these roles is the single more effective way to close this talent gap. It’s clear that there isn’t enough talent to fill the roles needed, so businesses, organizations and educational programs need to take responsibility in training people in the skills needed.
Organizations already have the wheels in motion for this. Massachusetts-based MassCyberCenter is partnering with businesses, academia and the public sector to train new cybersecurity workers to fill the more than 9,000 vacant cybersecurity jobs.
The NYC Economic Development Corporation has launched Cyber NYC, which aims to grow the city’s cybersecurity talent pool through training and education programs.
The Cyber Innovation Center in BossierCity, Louisiana, plans to broaden its cyber skills preparation to 10 million students and 50,000 teachers in K-12 across the US – building a pipeline of young cybersecurity talent.
Build a youth movement
Encouraging and nurturing young people to become future cybersecurity experts will ultimately solve the cyber skills shortage of the future. Instilling enthusiasm and excitement around cybersecurity and STEM from an early age will organically grow a new generation of talent.
Various organizations are doing this already. Girls Scouts of the USA have joined forces with Palo Alto Networks to deliver the first-ever Girl Scout Cybersecurity badges for girls in K-12.
The National Security Agency has been educating young people in cybersecurity through their GenCyber program since 2014. The NSA’s summer camp, Camp Cryptobot, runs annual cybersecurity camps to build the next generation of cybersecurity workers.
Focusing on the impact that a cybersecurity professional can have on people, businesses and even nations can encourage young people to become invested in the industry. Framing cybersecurity as a career that helps people, does good and is morally right is something that young people in today’s world are keen to make time for.
Diversity and Inclusion
Diversity and inclusion are particularly important in the fight against skills shortages. Untapped talent pools exist that often go unnoticed in the recruitment process.
How can the cybersecurity industry tap into neurodiverse talent pools, for example? Autism affects more than one in 100 people which means a huge amount of talent. However, only 16% of autistic adults are in full-time employment, and out of the ones that aren’t, 77% would like to be according to the national autistic society’s research.
The lack of awareness around neurodiversity often acts as a barrier of entry for neurodiverse professionals looking to enter the cybersecurity space. Educating decision-makers in unconscious bias is one way to create a more inclusive hiring process that can open doors for unnoticed talent.
As recruiters in the cybersecurity space, we know too well the need for talented candidates in this space. Do you have a cybersecurity role that you’re struggling to fill? We have a pool of talent that could be the perfect fit for your role, so don’t be afraid to get in touch.
by Jamie Fitzgerald
October marks European Cyber Security Month (ECSM) – an annual EU campaign that promotes cybersecurity and provides accurate online security...
October marks European Cyber Security Month (ECSM) – an annual EU campaign that promotes cybersecurity and provides accurate online security information by sharing good practices. Every year in October, hundreds of activities take place across Europe, such as conferences, workshops, training and webinars, to promote digital security.
Organisers of ECSM provide the knowledge and tools to promote the safer use of the internet for all EU citizens. Since 2012, the ECSM has reached its key priorities by bringing together parties from across Europe under the slogan ‘Cybersecurity is a Shared Responsibility’ to unite against cyber threats.
ECSM 2020 launches with the motto of ‘Think Before U Click’. The month is split into two themes – the first two weeks focus on ‘cyber scams’ and the second on ‘digital skills’.
Kicking off the month with ‘cyber scams’, this theme provided insights on current and potential cyber threats to help businesses and individuals minimise risk. COVID-19 has led to an increase in e-commerce and online payments, which hackers have used to their advantage. The key message of this theme encourages users to have a heightened awareness of cyber scams when conducting online transactions.
The second theme, ‘digital skills’, presents educational activities that inform on internet security. COVID-19 has increased the digitalisation of everyday life, which requires people to be on top of digital trends to remain safe online. The theme covers e-privacy matters such as data protection, cyber bullying and cyber stalking.
For a full list of activities occurring in your region, please check the timetable here.
by Steven Ewer
Video calls and online chats are important social tools for many of us, so why not use them for business too? At a time when meeting face-to-face is...
Video calls and online chats are important social tools for many of us, so why not use them for business too? At a time when meeting face-to-face is being discouraged in a bid to contain the outbreak of Covid-19, many firms are doing just that and using virtual methods, such as video conference calls, to encourage business continuity.
In the recruitment business, interviews are key. They are the chance for candidates to meet their potential employer, get a feeling for the people and the business, and also to showcase who they are and what they can do. For employers, they are the chance to meet the potential employee, get a feeling of whether they would fit in with the office culture and obviously, to quiz them about their skills and experience. Doing this over the phone or by video link rather than face-to-face is a very different proposition.
Remote interviews can save time and stress
“Remote interviewing is nothing new,” says Steven Ewer, head of Franklin Fitch’s UK and US operations, adding that many of his clients have been using it for the initial interview stage for a long time. “Collaboration tools are so strong that actually there is no reason why the quality of your interview process needs to change.”
In reality, remote interviews can save time and stress both for the candidate and the company. Individuals need to set aside less time as they don’t have to travel and can fit a video call into a lunch break or even before work. Similarly, companies can schedule more interviews if they don’t need to spend time showing each person into the office.
That however, is a concern for some people. Steven says he has clients who are concerned that candidates want to see what the office environment is actually like and there is also the issue of how you check technology knowledge that would normally be tested in the confines of a controlled environment. In actual fact, he believes the company culture is the people and you can get a good feeling for that from a video call.
Treat it the same as any interview
“You need to treat a video interview in the same way you would a face-to-face interview,” says Steven, adding that many people forget they can be seen and can become easily distracted. He believes a video interview is preferable to a phone-only interview as it not only helps concentration and focus but you also get a better sense of the individual’s character. He does point out however, that it can be harder to gauge reaction and that body language is hyper-exaggerated on screen – not a big issue, but something to be aware of.
“And if you really want your candidates to see the office, the technology is there,” he says. “You can do virtual walkthroughs if you want and thanks to Google it is now even possible to see into buildings.”
“You don’t miss much by interviewing remotely,” he says. “It’s more of a mental issue.”
Companies need to adapt their hiring processes
Given the current situation – many European countries and much of the US is on lockdown and the majority of office-based staff are working from home, face-to-face interviews are a no go for the time being. Companies that want to hire – and there are still plenty of them – will have to change their recruitment processes and adapt.
There are signs this is already happening. Global downloads of business apps that facilitate remote interviews and working such as WeChat Work, Zoom, Microsoft Teams and Slack have risen nearly five-fold since the start of the year, according to data from app analytics firm Sensor Tower. In the first week of March there were 6.7 million new users across the App Store and Google Play, compared with 1.4 million in the first week of January.
So, gone are the days of being judged on your pre-interview handshake. Now, if you get it wrong, it’ll be the quality of the video backdrop that you’re remembered for. So don’t forget to move away from the drying washing!
We're still hiring
For anyone looking for a position in IT infrastructure or companies with roles to fill, we are still here and busy making the most of the technology on offer to continue hiring both for ourselves and clients as normal. Give us a call on 0203 696 7950 or email firstname.lastname@example.org.
Remote interview advice for candidates:
Remote interview advice for interviewers:
by Claire Shoesmith
by David Annable
It’s official, the coronavirus is here. Yesterday the UK Prime Minister advised people to avoid non-essential travel and where possible to work...
It’s official, the coronavirus is here. Yesterday the UK Prime Minister advised people to avoid non-essential travel and where possible to work from home to help slow the spread the of the Covid-19 virus that has already killed thousands of people around the world. Many European countries and parts of the US are already on lock-down. At Franklin Fitch we are heeding the advice and from today, most of us are working from home.
Thanks to technology such as Skype, Microsoft’s Teams and Zoom Video Communications, to name but a few, remote working is relatively simple. Provided you have access to a computer and an internet connection, most people can continue doing their job in the same way they would in an office. Meetings, document sharing and even interviews (we will return to this in a separate blog) can all be done remotely online – it just requires a bit more planning and perhaps a little more discipline from the individual workers to ensure they remain engaged and motivated.
It's about collaboration and communication
Some companies had already made the decision for their employees to work remotely before yesterday’s announcement, but it was one that was not taken lightly at Franklin Fitch. Ultimately we are a business built on collaboration and communication, and while this can be successful at a distance, it is something that David Annable, the firm’s founder, believes is even better done face-to-face.
“We are all about collaborative working,” says David. “And what’s the easiest way to achieve that? – to sit at a desk with other people.” For him, there are huge benefits to sitting in an open-plan office surrounded by colleagues doing a similar job. As well as the collaborative aspect, he believes the learning and emotional support provided by nearby colleagues is very important.
“Being present in the office means you are more aware of what is going on with your colleagues and are able to see the visual clues to help you provide the right emotional support at the right time,” he says.
People can work just as well remotely
Still, the government advice is very clear and we fully support the move to reduce close contact in the office, especially when our employees can do their job just as well remotely. We will continue to offer the same level of training and support to our staff and engagement with our candidates and clients via email, phone and video conferencing.
For many, flexible working is nothing new – in fact, according to a study by business payment advisers Merchant Savvy, 61% of global companies already allow their staff to work remotely for at least some of their working week. But for those who usually travel into an office each day and not only enjoy the company of, but also learn from, the colleagues sitting around them, the isolation of home working can be difficult. We at Franklin Fitch are very aware of this and will be keeping in close contact with all our employees, candidates and clients to ensure that not only business continues as usual, but also that their health, both mental and physical, remains strong .
We are open for business
Contact us on 0203 696 7950 or email email@example.com
by Charlotte Drury
A new year, a new you, or so the saying goes. For some this will mean a new job, for others it will be new resolutions, but for the remainder, it...
A new year, a new you, or so the saying goes. For some this will mean a new job, for others it will be new resolutions, but for the remainder, it will simply be a continuation of the same, picking up where they left off sometime before Christmas. Even if it’s the latter, there’s no room for complacency. The IT world is constantly changing, and so should you if you want to keep on top of your game and get the most out of 2020.
Whilst we at Franklin Fitch have many skills, unfortunately crystal-ball reading isn’t one of them. However, being involved in two of the fastest moving industries – IT Infrastructure and recruitment, we have no doubt that 2020 is set to be an exciting year. So, what do we expect the first year of the new decade to bring, and more importantly, what can you do to ensure you stay ahead?
Here we look at the five top trends we expect to be dominating the market over the next 12 months and how we believe you can use them to your advantage.
There are several reasons for this: unemployment is at its lowest rate for more than 40 years (the latest figures from the UK’s Office of National Statistics (ONS) released in December show the unemployment rate fell to 3.8%, its lowest level since 1974) and the ongoing uncertainty surrounding Britain’s departure from the EU. The upcoming change to the IR35 legislation is also having an impact, but we will examine this in more detail in another article.
Finding individuals with the required skills and experience to fill roles in cutting-edge sectors, such as serverless and cloud technology, DevOps, containerisation, networking and cyber security has never been easy, but it’s now harder than ever. Not only are there not enough Britons out there seeking these positions, but we are now faced with a likely shortage of skilled migrant workers thanks to the uncertainty around Britain’s future immigration policy. While there is much talk of an Australian-style point-based system, which would allow those with the necessary skills to take these roles, David Annable, Franklin Fitch’s founder, says that all the uncertainty is reducing the attractiveness of the UK as a place for non-Britons to work.
While the tight market makes it more difficult for businesses looking to hire highly-skilled security architects, network engineers or chief information (security) officers, it is also an opportunity for the UK’s top technology talent.
The knock-on effect of a shortage of candidates is obviously an increase in salaries. With fewer people to fill the roles, particularly in the highly-skilled areas of networks, servers, security or data, it goes without saying that those individuals capable of doing the job will need to be paid more to attract them to, and keep them in, the role.
Another feature of a tight employment market is that it places the power very firmly in the hands of the candidate. Employers will need to work harder to attract and retain the right people, says Annable.
Training and development will be key to ensuring employees remain engaged and hopefully prevent them being enticed away to other roles. In our 2019 Market and Skills Report, the opportunity to progress featured highly, just behind salary, in the rankings of what candidates consider to be most important when choosing a new job.
Getting the right work-life balance has long been a talking point. While no definitive solution to the age-old challenge has been found, organisations have become much more open to alternative ways of working, including flexible hours, job sharing and the option to work from home. This is understandably not an option for all roles, but in today’s tight job market, organisations are going to have to pay more attention to the requests of individual employees and seek to accommodate their demands to attract the top talent. Again this offers a great opportunity for job seekers.
Improving diversity and inclusion is not just a box-ticking exercise. Organisations are at last starting to realise the benefits of a diverse workforce. According to the latest figures from the UK’s Office of National Statistics (ONS), just over half of the 6.5 million Britons working in professional occupations are women. While this is indeed progress, it has unfortunately not filtered through to the IT and telecommunications’ sectors, where the ratio is just one in six.
However, the IT sector fares better when it comes to ethnic diversity, with the latest ONS figures showing that of the 1.84 million professionals who work in science, engineering and technology, 85.1% are white, compared with 87.6% across the UK workforce as a whole.
While the debate rumbles on as to how to achieve increased diversity in gender, ability, ethnicity and sexual orientation, you can expect organisations to try their own variations of quotas and targets to help achieve their goal. For some individuals, this will be an opportunity.
To conclude, there is no doubt that the tight employment market offers highly-skilled IT candidates the chance to shine and move ahead of the curve, but they aren't the only ones. The market situation also creates a significant opportunity for recruiters to face up to the challenge of finding the right person for the right role in a market where organisations themselves are likely to struggle.
If 2020 is looking like a good year for candidates, then it's also not looking too bad for recruiters.....
by Leonie Schaefer
Diversity and inclusion are very important topics for businesses across all industries. We want to shine a light on the topic specifically for those...
Diversity and inclusion are very important topics for businesses across all industries. We want to shine a light on the topic specifically for those working within IT Infrastructure.
We’ve seen a lot of women in tech initiatives over the years yet still only 10% of participants in this market and skills report were female. Although we were hoping that this is not a representative number, day to day conversations with industry specialist show a similar result.
We are supporting events like CYBERWOMEN 2019 in Germany and hope that initiatives like these will give women and girls the confidence to take on a career in IT Infrastructure.
Although we are huge fans of initiatives encouraging women and girls in tech, we think that this is not enough. Diversity & Inclusion is not only about the female-male divide. It is about tackling biases based on gender, race, religion, ethnicity, disability, sexual preference and age (just to name a few) and ending discrimination completely.
We would like to provide a platform for those working within or interested in IT Infrastructure to share their experiences with us and to come up with possible solutions together.
We are conducting interviews with industry experts who are willing to give us their opinions and insights on diversity and inclusion within IT Infrastructure.
Interested? Contact Leonie Schaefer for more information +44 203 696 7950, firstname.lastname@example.org.
We pride ourselves on trusted partnerships, whether you're looking for a new role in IT Infrastructure, talent for your team or considering joining Franklin Fitch. Why not start that partnership today?
Copyright © 2019 Franklin Fitch | All rights Reserved. Designed by Venn Digital
Please indiciate whether you would like us to hold onto your details in order to keep you up to date with relevant opportunities
Or if you prefer email your CV to email@example.com
Please indiciate whether you would like us to hold onto your details in order to keep you up to date with relevant opportunities
Franklin Fitch Newsletter
By subscribing to our newsletter, you can stay updated with Franklin Fitch-related news, hot employment opportunities, and current industry news from the tech and recruitment sectors.
I agree to receive your newsletters and accept the data privacy statement.