Why Cutting Cybersecurity Jobs Is Shortsighted

Could your company survive if it was taken offline for an entire week? What would be the repercussions and how much would it cost to recover? Trading group Ion found out last month when they had to experience this first-hand after a ransomware attack caused huge disruptions to customers, which included some of the world’s largest banks. 

Financial leaders know the threat of cyberattack is ever-present and ever-growing. As the Bank of England reported late last year, cybersecurity is the number one risk for financial institutions. The impact of remote working has led to a rise in ransomware hacks, while a surge of DDoS attacks linked to the Russian war on Ukraine has all contributed to an increasingly threatening cyber landscape. 

However, as cyber complexity rises, we also see a trend of “brutal” job cuts across the sector, threatening vital roles in already-stretched cybersecurity teams. Cost-cutting is being cited as the driver behind a growing number of security leaders and engineers being cut from headcounts. 

This is a stark turnaround from previous years’ trends which saw organisations struggling to hire the required cybersecurity skills, leading to a vast leap in cyber salaries.

In our turbulent economic climate, it might be tempting, therefore, to see cybersecurity as an area ripe for trimming. As Joseph Thomssen, a senior cybersecurity recruiter at NinjaJobs, recently told SecurityWeek, “Many of these layoffs in cybersecurity seem to be short-term attempts to save money.” 

This is a very dangerous tactic. Firstly, firing staff in the short term will make re-hiring much harder. Reputation as an employer is damaged easily, especially within cybersecurity which is a close community. In the UK, where there is a severe cyber skills gap, fire and rehire is not a viable option and this has been compounded by news of the closure of programs such as the Tech Nation visa scheme, which supported overseas talent to bolster the UK’s cybersecurity workforce. Fire now, regret later. 

Squeezed Security Teams Could Set Companies Up For Failure 

Cyber teams are already struggling, and as cuts are made, the remaining team is left to pick up the slack - doing even more with even less. As uncovered by the Information Systems Security Association (ISSA), over half of organisations are being impacted by a lack of cybersecurity skills, with the result being an excessive workload for existing talent. Nearly four in ten cybersecurity professionals say they have experienced burnout due to the pressures of increasing risks and lack of support. When teams are understaffed and burnt out, cyber risk only increases, which can have devastating consequences for individuals and organisations alike. 

In the face of expanding threats, rather than shrinking cyber teams, financial organisations should consider investment in strategies and tools to support them. For example, working with managed security partners can remove the burden of identifying and mitigating risk and reduce the attack surface, securing data, applications, systems, and devices at all times. With real-time threat intelligence utilising AI and ML, such partners free in-house cybersecurity teams to focus on supporting broader, strategic initiatives. As such, an MSP provides scalable security options based on organisational requirements and the cyber teams' size, skillset and important strategic drivers.

For example, while cyber risk is rising, financial organisations are also undertaking rapid digital transformation, from online trading to mobile banking, digital currencies and app proliferation.  Increasing cloud adoption and integration of SaaS offerings moves critical business assets outside of the traditional network perimeter. According to ISSA, those making this shift to the cloud find it even more challenging; 39% of organisations struggle to fill cloud computing security roles.

While digital transformation has countless benefits for businesses, we must remain conscious of the cyber risks associated with cloud adoption. 

With financial institutions a prime target for malicious actors, cybersecurity is now a core driver for financial institutions, but beyond that, it is also fundamental to supporting innovation. 
With increasing regulatory requirements and soaring customer expectations, the need for transformation and innovation to be built on a secure base is fundamental.

As Candy Alexander, board president of ISSA International, warns, “Cybersecurity is seen as a cost centre to the business -- something you have to do, but only to a minimal degree, like paying the light bill. We need to shift the conversation to aligning our security programs with the business." 

Rather than making short-term cuts and regretting it down the line, business leaders should look at smarter investments to strengthen existing security. This means enhancing teams and supporting them to function at their full potential.

Dan Davies is CTO at Maintel

You Might Also Read: 

Cyber Security Is The CEO’s Biggest Problem:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« British Cyber Security - New Threats Call For Action
Deepfakes Are Making Business Email Compromise Worse »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

April 4, 2024 | 11:00 AM PT: Join this webinar to find out about six emerging trends dominating the cloud cybersecurity landscape.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LogRhythm

LogRhythm

LogRhythm's security platform unifies SIEM, log management, network and endpoint monitoring, user behaviour analytics, security automation and advanced security analytics.

Cato Networks

Cato Networks

Cato connects your branch locations, physical and cloud datacenters, and mobile users into a secure and optimized global network in the cloud.

Haystax Technology

Haystax Technology

Haystax’s security analytics platform applies artificial intelligence techniques to identify and prioritize threats in real time.

Secardeo

Secardeo

Secardeo is a provider of corporate solutions using digital signatures and certificates. Our solutions enable the user transparent end-to-end encryption of e-mails between organizations.

ISGroup (Information Security Group)

ISGroup (Information Security Group)

ISGroup services include network penetration testing, Web application penetration testing, ethical hacking, vulnerability assessments, code review and associated training.

Oxford BioChronometrics

Oxford BioChronometrics

By building profiles based on electronically Defined Natural Attributes, or e-DNA, Oxford BioChronometrics protects digital networks, communities, individuals and other online assets from fraud.

Virsec Systems

Virsec Systems

Virsec detects and remediates previously “indefensible” advanced memory-based attacks on critical applications and server endpoints.

Six Degrees Group

Six Degrees Group

Six Degrees is a specialist managed IT services organisation offering a range of solutions including Managed Security Services.

Nuspire

Nuspire

Nuspire provide services to protect your network with best-in-class managed detection and response, allowing you to stay focused on managing your business.

Keyless Technologies

Keyless Technologies

Simple, secure, and interoperable authentication. Keyless offers unmatched security, privacy and usability, while reducing risk and infrastructure costs.

Keeper Security

Keeper Security

Keeper is a leading enterprise password manager and cybersecurity platform for preventing password-related data breaches and cyberthreats.

WidePoint

WidePoint

WidePoint Corporation is an innovative provider of Trusted Mobility Management (TM2) solutions.

ISTC Foundation

ISTC Foundation

ISTC Foundation is one of the leading innovation centers in Armenia, founded by joint initiative of IBM, USAID, Armenian Government and Enterprise Incubator Foundation.

MalwareFox

MalwareFox

MalwareFox is an advanced, yet simple-to-use anti-malware solution for Windows computers. We provide aggressive detection capabilities and an effective malware removal tool to keep your systems safe.

LocateRisk

LocateRisk

LocateRisk provides more efficiency, transparency and comparability in IT security with automated, KPI-based IT risk analyses.

HackEDU

HackEDU

HackEDU provides secure coding training to companies ranging from startups to the Fortune 500.