The Petya GoldenEye Attack Highlights IT Talent Shortage

Ransomware attacks like the recent Petya GoldenEye and WannaCry show how vulnerable even the largest businesses and public agencies are to the increasingly dire and dynamic threat environment.   Cyberattacks are growing in sophistication, frequency and damage, and if the world’s largest organizations aren’t safe, neither are your customers.  This is exacerbated by the woeful lack of security professionals in the market.  This guest post from Adam Burke of Quest Technology Management makes the case for why your customers need your help with cybersecurity now more than ever. – Lily Weibel, AVANT Marketing

Your clients are vulnerable and the labor market can’t keep up. If you take nothing else away from this write-up remember this: there is a negative percentage unemployment rate in the cybersecurity field. Which means for your customers, talent is scarce and expensive. The old adage that good help is hard to find rings true today especially in cybersecurity. Furthermore, threats such as the highly publicized ransomware outbreaks are increasing in cadence, scope and financial impact.

  • Ransomware is malicious software used to control computer systems until the demanded ransom is paid.  It poses serious, pervasive risk to both individual users and large organizations.
  • Ransomware most commonly enters a system through email; for instance, 31% of ransomware invasions were traced to email links and 28% to email attachments.

Even more frustrating than the lack of qualified security professionals and the growing business impacts of threats like ransomware, is the market’s inability to keep up with the threat evolutions. Buy this, install this, subscribe to this and everything will be better! Sounds great, but that’s just one of many unfortunate lies spreading in the market. Security cannot be addressed by a product. Threats evolve and defenses need constant attention. With threat vectors spreading from email, to mobile, to social media, to traditional network exploits and social engineering, hackers are evolving faster and with better tools than the “good guys”. As soon as specific threats are deterred new exploits are discovered and propagated on the dark web. Vendors patch, NextGen platforms promise security bliss, and no one wants to admit how vulnerable every organization really is.

The only real security available is the ability to produce active management of security in-depth, and the knowledge of what to do when breached. Managing security in-depth takes experience, and demand for that experience far outpaces its supply.

So let’s summarize what your clients are dealing with…

  • Security talent is scarce and therefore expensive to hire and keep on staff
  • Threats are multiplying exponentially
  • Product/hardware/software-based solutions are being actively positioned as a “fix”

At Quest, we have been helping organizations address cybersecurity for 35 years. There are remarkable tools available on the market today, and we have found the best security applications and packages pale in comparison to the simple day-to-day security conscience approach at every level of an organization. The security conscience of any organization is the Chief Information Security Officer (CISO). The market has some amazingly talented CISOs and CISO organizations, however there are not enough to go around.
Observing this scarcity and executing on approach to the market How can we Help©, is why Quest put together a virtual CISO ( vCISO) program. Our partners who did not have this capability asked for our help.

Quest’s vCISO provides your Clients:

  • A dedicated, trusted security senior advisor
  • An expert voice in executive/board/committee leadership meetings for security guidance
  • Hands-on consulting for security policy, process, and procedural development
  • Security compliance management
  • Expert review of risk assessments and consultation on risk mitigation prioritization
  • Security mentorship and training to all levels of staff (engineer – executive)
  • Independent advice on third party risk management and security development life cycle
  • 24 x 7 x 365 access to Quest’s Incident Response Team to address catastrophic events
  • Ability to translate complex technical security details into business action

Enable your clients to help address this critical talent shortage by building your security practice with AVANT.  Start selling security today!