*By Thiago Marques
We live in a world ruled by ease. Companies, in a movement towards standardization and even outsourcing their responsibilities with information security, often resort to alternatives that, initially, prove to be cheaper and simpler. However, over time, deliveries and demands prove to be complex and much more expensive. As the saying goes: “simple solutions to complex problems”.
Of course, internalizing an entire cybersecurity architecture is a big challenge. Starting with the people, as there is a low level of professional training in Brazil. I'm not just referring to quality, but also quantity. A study by Vanson Bourne, a specialized technology research, with approximately 1,000 cybersecurity professionals, published in May reveals that 30% of them want to change their profession: experts from Australia, Brazil, Canada, France, Germany, India, Japan, UK and USA working in various sectors made this statement in their interviews. A total of 85% believe that labor shortages affect their organizations' ability to protect increasingly complex information systems and networks.
This is what reinforces the Global Cybersecurity Outlook 2022 report, produced by the World Economic Forum, which indicates that by 2030, the global technology sector will have a labor shortage of 4.3 million professionals. When the survey asked the nearly 1,000 members about the company's defense strategies for responding to and recovering from a cyberattack, 50% of respondents found it difficult due to skill shortages within teams.
Companies, with the lack of professionals to command and support their security architecture, end up resorting to the complete outsourcing of their niches and do not always have an objective notion of what this entails. It's all a matter of time to market. Fast, low-cost projects and run over processes. Who suffers from it? The security area. This one that has IT-related investment, which usually prefers to outsource this infrastructure than to do training, seek solutions, assemble a structure at home. Of course, they are choices. Complex decisions.
It is in this complexity that doubts are fostered. This is where the perfect situation for cybercriminals was created. An unsecured environment, an unknowing end user and an overstretched security team – the result is inevitable. A data breach or ransomware incident, a data leak…it's almost certain. The damage? Most High. And this has drastically affected the security posture of organizations.
You need to do your homework. Training and experience give cybersecurity managers the information they need to know what they're up against so they can act accordingly. We must focus on learning, on what we are learning today versus what we don't know yet. Look for partners in the market that, in fact, help to build a solid layer of security for the company instead of taking simplistic attitudes. Remember: facilities do not match cybersecurity.
*Thiago Marques is a cybersecurity specialist and partner at Add Value Security
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies