March 2023 Newsletter – Cybersecurity and Recession

Welcome to the March edition of Intercast’s monthly newsletter for cybersecurity professionals. As always, we’ll bring you the latest news and views to make you a better-informed consultant. In this issue:

  • Client Insight
  • Cybersecurity jobs may be more secure
  • Tough at the top
  • A quantum of solace
  • No language barrier
  • Best of the rest

Client Insight

Each month we ask our clients what’s on their minds and what it means for candidates. This months focus is on a comment made by the global CISO of IBM. He noted that one of the key questions he asks his CISO peers is “What keeps you up at night?”

The idea behind the question is to build out a ‘threat scale’, helping him and his peers gain insight into how detrimental specific threats are, from a nuisance rating, up to an existential crisis.

It’s certainly not a replacement for detailed and objective threat analysis, but this question does provoke an instinctive response that can often be revealing.

We believe this is a useful question to ask yourself regularly, regardless of your position on the cybersecurity ladder. It can be a helpful way for you to focus your days tasks on mitigating the most important threats.

Cybersecurity Jobs May Be More Secure

Around one in ten executives expect their business to lay off cybersecurity staff this year. That might not sound like great news but it’s fewer than in any other professional sector.

The figures come from a survey that asked executives about their staffing plans in areas that also included finance, HR, general IT, marketing, operations, research & development and sales. Cybersecurity had the best hiring outlook, with 42 percent of execs saying they expected a bigger headcount this year. The survey also found that 74 percent would consider hiring cybersecurity staff who had been made redundant from other businesses.

It seems to be a story of both demand and supply. Most of the executives expect cyberattacks against their business to increase this year, a notable finding given the people questioned were not tech specialists. Meanwhile the shortfall of cybersecurity workers continues, with burnout and limited promotion opportunities driving some from the industry.

Tough at The Top

We’ve spoken a lot about the cybersecurity skills shortage across the workforce. Now it seems the problem reaches right up to boardroom level.

Hunt Scanlon Media reports that businesses are increasingly looking for staff who can oversee cybersecurity strategy at an executive level.

Again, it’s demand and supply. Companies that have previously seen cybersecurity as simply a departmental issue are now looking for Chief Information Security Officers who can help make it a core, business-wide function.

Meanwhile, the sheer intensity of attacks such as ransomware campaigns in recent years, plus the rush to secure remote working, has led to high stress that makes retention difficult.

It looks as if the result may be more businesses looking to promote from within. That means big opportunities for those cybersecurity experts who can broaden their skillset beyond technology to include leadership, resource management and an understanding of senior business culture.

A Quantum of Solace

It’s no secret that quantum computing will one day make “traditional” encryption redundant, with dramatically increased computing power reducing the protection that complexity brings. (While clearly oversimplified, we did enjoy one analogy that pointed to solving a maze becoming a trivial task when you can explore multiple routes simultaneously.)

New “quantum-resilient” encryption standards are in the works and the main issues are likely to include the timescales and the bureaucratic challenges of agreeing standards. One other problem is working out the priorities for upgrading encryption.

That’s the target of Sandbox AQ, a spin-off from Google’s parent company Alphabet. It’s now raised $500 million in funding to develop software that can scan a system, see what cryptography it uses, and identify the most urgent areas for upgrades. That takes into account not just the technology shortfall, but also the sensitivity of the data involved.

“Quantum hacking” may not be a threat today, but it may well be an important cybersecurity area in a few years, with those in the know being heavily in demand.

No Language Barrier

We’ve all heard plenty about how artificial intelligence could aid cyberattackers, but sometimes it’s a much less sophisticated picture than you might think. Researchers say hacking groups are using the AI-powered Google Translate to expand their range of targeted spear phishing victims.

Abnormal Security says the hacker groups are low profile and comparatively low in resources. They don’t need to rely on sophisticated attacks or powerful botnets because they are using highly-targeted “business email compromise” attacks. The goal is to trick specific individuals, often by posing as senior executives, and persuade them to either make a payment or divert payroll to the scammers.

Using Google Translate has reportedly helped the groups target companies using 13 different languages. Unlike with older computer translation, the results are natural enough that they won’t automatically raise flags for the targets.

It’s definitely a reminder that human nature remains one of the biggest weak points in any cyber setup – and that training non-experts to be alert to threats is still a valuable skill for cybersecurity professionals.

Best Of The Rest

Here’s our round-up of some of the other stories you need to know about: