Recent statistics released by Risk Based Security prove that data breaches have reached significant highs in 2019: 38,000 breaches, a figure that marks an increase of over 50 per cent in cybersecurity hacks through the last four years.
Other statistics reveal equally troubling information. For example, while IBM places the average total cost of a data breach at $3.92 million, Healthcare Finance reports that data breaches are projected to cost the healthcare sector $4 billion by the end of 2019 and more in 2020. Also, Business Insider's recent list of the biggest hacks and data breaches in the 2010s suggests that companies in every sector are vulnerable to data breaches: Equifax (credit), eBay (e-commerce) and Facebook (tech) being major examples.
Expectedly, companies, tech stakeholders and the media have turned their full attention to cybersecurity. Defined by Cisco as the practice of "protecting systems, networks and programs from cyberattacks usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes", cybersecurity is a difficult process to implement due to several challenging factors.
One of such factors is the finding and recruitment of cybersecurity professionals like a security analyst.
WHY SECURITY ANALYSTS ARE CRUCIAL TO CYBERSECURITY EFFORTS.
When there are flaws in a company's security systems, unauthorized attempts to access digital information or the company's security has been breached, a security analyst is expected to step in, find the cause of the problem and recommend solutions. Due to the nature of rapid developments in technology, security analysts must work round the cloUck to keep up with new cyber attack trends while monitoring the company's security strengths and weaknesses.
This is why security analysts are in hot demand. According to Forbes, "In 2012 there were 72,670 security analyst jobs in the U.S., with median earnings of $86,170. Three years later, there were 88,880 such analysts making $90,120."
EVERY YEAR, OVER 40,000 SECURITY ANALYST OPENINGS GO UNFILLED.
But the high demand for security analysts has come at a great cost. Today, there are more job openings than there are skilled security analysts; a trend that might gro into the future due to the continued rise in sophisticated cyberattacks and data breaches, and the challenging nature of learning and mastering cybersecurity skills for potential recruits.
Forbes draws further attention to this crisis; emphasizing reports from CyberSeek that confirms "...every year in the U.S., 40,000 jobs for information security analysts go unfilled and that for every ten cybersecurity job ads that appear on careers site Indeed, only seven people even click on one of the ads, let alone apply."
This means that companies must either compete fiercely to hire security analysts or they must develop their own security analysts. While the latter option provides many gains, it will also require a lot of financial, time and human personnel investment; hardly a short term option for companies that want to improve their security systems immediately.
EFFECTIVE WAYS TO HIRE THE RIGHT SECURITY ANALYST.
Hiring a security analyst in today's highly competitive recruiting environment will be very difficult. However, it can be a viable option for companies who want to improve their cybersecurity sooner rather than later (and develop their inhouse analysts). The following tips will be highly effective in this regard:
Gaining clarity on the job responsibilities, desired skills, competencies and experience of the right security analyst; how he should relate with other members of the cybersecurity team and with folks in other departments; and the benefits that he should bring to the company's bottom line should be prioritized.
That's why James Hadley, the CEO of Immersive Labs, an industry-leading cyberlearning platform wrote in Forbes "Unfortunately, the HR teams, heads of business and board members that make the decisions around who to hire often won’t understand the nuances of what being on the front line against cyber threats really involves...The point is this: just as there’s no single attack vector, there’s no single type of security expert. An organization must appreciate the nuances to effectively protect its attack surface... Labelling everyone involved a “cybersecurity professional” is, therefore, a generalisation that, at best, will limit their development and, at worst, put the organizations they work for at risk."
Companies should seek the assistance of cybersecurity experts or consultants when trying to find, hire or retain security analysts. The consultants must be involved with the HR executives before the shortlisting of candidates, in drafting the work contracts and in determining job responsibilities.
2. Use a proven recruitment strategy:
Even when hiring for less competitive roles, recruitment can become tricky. For example, hiring an entry-level accountant who is a bully can endanger the company's work environment and cause stress to others, thereby affecting productivity, competitive advantage and even business growth.
To find the best security analyst, companies must apply the best hiring techniques. Companies should network with cybersecurity consultants and other security analysts working within their industry before or during the hiring process. This will expose them to the best referrals, enable them to 'steal' the best brains from competitors and eliminate the need to teach them about the industry.
Sometimes, companies may have to look inwards to find the best hires. A budding security analyst might just be working in a different capacity in their workforce. Or they could actively request for referrals from employees who might know a likely candidate. And there's more.
A company must also improve its employee benefits, enhance the working relationship between senior executives and low ranking hires, and prioritize work satisfaction. This will encourage employees to speak positively about the company and as a consequence, to attract new hires among their colleagues outside the office - including security analysts - with ease.