October 24, 2024

Future-Proofing Your Cyber Security Team

8 min read

This week is Cyber Smart week, which is Cert NZ‘s annual campaign to raise awareness of cyber threats and encourage Kiwis to stay vigilant and be cyber secure.

So I figured this would be the perfect time to look at how businesses can protect themselves by future-proofing their cyber security teams, especially in an ever-changing threat landscape.

The Evolving Landscape

CERT NZ’s 2024 Q2 report indicated that New Zealand businesses faced over 1,200 cyber security incidents, ranging from phishing to ransomware attacks, at an estimated cost of $6.8 million in direct financial loss. Kiwi businesses with online operations are linked to the rest of the world through their data and infrastructure, which puts us at risk of global cyber threats.

These malicious attacks are increasing in frequency, reach and sophistication. In fact, a report by worldwide insurance group, QBE, predicts that the total number of significant global cyber attacks in 2024 will be double (211) that of 2020 (103) – a potential 105% increase.

While we’re mindful of scaremongering, it’s still important to understand that the threat of financial and reputational impact from cyber attacks is very real. The numerous, recent examples of such attacks right here in NZ and across the ditch underscore the critical need for strong, up-to-date and responsive cyber security measures. And of course, we need people with the right experience and skills to be able to operate successfully in this space.

Supply and Demand Issues

As you probably know, despite the current economic climate and rising unemployment in New Zealand, sourcing certain subsets of tech talent remains hugely challenging. This is amplified within the area of cyber security. A deep talent pool of experts with the ‘right’ knowledge simply does not exist.

Even if you were in the lucky position of having a massive budget to find that needle in the hay stack, the reality is that you’d be hard pressed to find more than a handful of cyber security professionals who have an in-depth understanding of the latest attack protocols. Instead, it pays to be sensible and recognise the challenge for what it is.

A Problematic Skills Gap

As we identified in our mid-year IT Job Market Report – Update for Employers, hiring and staffing in this business-critical area is a very real challenge.

An unpleasant knock-on effect of the ever-changing threat landscape is that individuals working in the cyber security space may discover that, through no fault of their own, their knowledge is no match for emerging issues. What they learned in the past could be irrelevant, or their skill set could have become dated, or even obsolete.

According to the World Economic Forum’s 2024 Global Cyber Security Outlook, there is a growing mismatch between the cyber security skills needed by modern organisations, and the training available to employees. This skills gap leaves organisations vulnerable to threats, particularly as attackers grow more adept at exploiting human error.

The Role of Continuous Improvement

So how do we address this problem? Both businesses and individuals who work in this space need to adopt a mindset of continuous learning and improvement. To begin, take an honest look at your workforce’s current capabilities, and make sure you’re taking a proactive approach to skills assessment.

Create robust processes to regularly evaluate the knowledge of your entire workforce, and consider using simulated attacks to help identify areas where additional training is needed.

For example, phishing attacks, which remain the most common type of cyber incident, often succeed because employees lack the skills to identify malicious emails. Upskilling your workforce in these areas can significantly reduce vulnerabilities and strengthen your organisation’s defences.

Recruiting Soft Skills

From a recruitment perspective, while acknowledging that technical skills are the right foundation, we believe it’s essential to also identify and hire for the right kinds of soft skills.

We’re looking for skills that support a growth mindset and facilitate a commitment to continuous improvement, especially for the people in your organisation who are responsible for your cyber security.

For example, when an issue arises you need your people to be able to think on their feet to assess risks, identify patterns and vulnerabilities, and quickly implement countermeasures.

The types of soft skills that are crucial in this scenario, and which we’d look out for in potential candidates, are:

Communication
Critical thinking
Problem solving
Adaptability

A high Emotional Intelligence (EQ) is also useful when it comes to handling high-stress situations calmly, and maintaining professionalism during crisis moments (such as a security breach or ransomware attack). EQ also helps in understanding team dynamics and managing relationships across departments. We look for these ‘softer’ skills in our sourcing here at Absolute IT, and recommend our clients do the same.

Creating Career Pathways

Attracting talented cyber security professionals is one challenge; retention is another. Given how competitive the market is, you don’t want to invest time and money into finding and developing great people, only for them leave.

We know it’s not always possible to pay the highest salary or offer benefits like flexible hours, but there are other ways you can positively impact retention.

For example, our mid-year IT Job Market Report – Update for Employers found that career development ranked as number three in our list of top non-financial benefits which Tech Professionals deem most valuable. By offering clear career pathways, you’re more likely to keep your talent engaged, motivated, and IN your business.

You could also consider supporting your people to gain cyber security certifications, such as Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager^® (CISM^®). This provides your employees with valuable, sought after opportunities for growth and development. Of course, as training in this space can quickly become outdated, it’s important to be fluid and flexible in the providers and programmes that you choose to offer.

Cross-departmental roles can also be a good option to consider, as they allow employees to take on cyber security responsibilities while continuing to work within their core areas of expertise. This not only helps develop a well-rounded workforce, but also demonstrates a commitment to employee development, which can improve retention rates.

Building the Right Culture

In order to stay ahead of threats, it’s crucial to build a culture where cyber security is incorporated into everyday business practices. Employees at all levels, not just those in IT, need to understand the importance of online security, from recognising phishing scams to implementing robust data protection measures.

We recognise that this can be challenging due to limited resources, but some practices don’t cost much or require a big, specialised team. For example:

Adopting up-to-date security measures, such as two-factor authentication and data encryption
Holding regular knowledge-sharing workshops with all staff
Making sure you keep up to date with cyber security certifications.

The Role of Leadership

Business leaders play a pivotal role in creating the right culture and ensuring organisations are set up to deal with potential cyber security threats.

The Global Cyber security Outlook 2024 emphasises the need for executives to prioritise cyber security, noting that businesses led by proactive cyber security advocates tend to perform better during security crises.

However, with many Kiwi companies facing more palpable problems, like decreasing sales and reduced profits, it’s not surprising that cyber security often slips down the list of priorities – the murky threat of a hacker data breach doesn’t seem quite as real.

But senior leaders have a part to play in communicating that these attacks are real, and can threaten livelihoods and undo collective gains in an instant. For example, in the 2022 Optus data breach, a failure to update and patch critical vulnerabilities resulted in the exposure of customer data, costing the company significant reputational and financial damage.

So how can business leaders avoid situations like this?

Ensure that cyber security is a key component of the organisation’s risk management strategy – regularly updating security policies, conducting audits, and investing in new technologies are all part of this process.
Support a commitment to continuous learning and improvement, in recognition of the constant changes in this area – attending industry training, staying informed of the latest threats, leveraging resources such as Cyber Smart Week, and supporting employees to learn and grow.

Tips for Employers

Assuming that attaining cyber-resilience is a concern for your business, what can you do as an employer? To summarise, here are some actionable steps:

Get it on the agenda: ensure that your leadership team prioritises cyber security and allocates resources where possible
Audit your people and systems: identify areas of weakness and vulnerabilities so that you know where to resource and improve
Foster a culture of security awareness and vigilance: make cyber security the responsibility of your entire workforce, and build this into your people framework, communicating regularly about security issues
Identify necessary soft skills: add these into the position profiles for your cyber security roles to ensure you’re recruiting for people who can continuously learn and improve
Invest in employee development: Offer cyber security certifications and learning opportunities, and identify career pathways for tech staff, to keep talent engaged and improve your team’s skills

Need Help Finding Talent?

We know it can be difficult to find great cyber security people, but we’ve already put in the time and energy to make things that little bit easier. Contact me today to discuss how we can help source skilled professionals ready to tackle tomorrow’s cyber security challenges.

Justin Kissling

Branch Manager

Justin Kissling enjoys understanding the impacts of new technologies in the market and following the trends across technology.

Reflections from the Canterbury Tech Summit: Insights, Innovation, and Future Tech

3 min read

Last week Sarah Harland and I attended the Canterbury Tech Summit at Te Pae in Christchurch. The summit was a resounding success, and we were thrilled to be able to go along, showing our support for New Zealand’s thriving technology sector.

We walked away having learnt lots, most of it resonating with our own experience working in the tech industry, so we wanted to share some of our thoughts, highlights, and insights from the day!

“Owning the Future”

The event kicked off with an inspiring keynote from Melissa Clark Reynolds, a renowned futurist. Her presentation, “Owning the Future,” was really engaging, and encouraged us to think beyond the present and consider the exciting possibilities that lie ahead in tech. It was definitely a highlight and we’d recommend checking out Melissa’s YouTube here.

This forward-thinking approach aligns perfectly with our own vision at Absolute IT. Whether we’re helping job seekers plan their career path with future tech advancements in mind, partnering with clients to identify candidates who have the rights skills to meet their long-term business goals, or theorizing how the roles and functions of a typical IT team will evolve – we’re always thinking about the future!

Digital Transformation

Another highlight was the Digital Transformation Masterclass, featuring experts from UC Business School, Fulcrum Associates, and Adaptive Integration. Their insights into strategy, people, and innovation resonated strongly with our own approach to talent matching. One point we found particularly interesting was:

“60-70% of transitional change fails or doesn’t achieve set goals”

The discussion around this statistic highlighted the importance of getting people on board with change quickly, and embedding current staff into future processes. This aligns with our own belief in the value of people and the importance of cultural fit in recruitment
They also emphasised the importance of avoiding ‘change for change’s sake’, and not just adopting new technology because it’s new. Instead, ensure that everyone is clear on how changes will drive business success before actioning anything or creating a digital transformation plan.

Using Data to Make Decisions

The data-focused presentation by Sophie Bolton from Foodstuffs South Island also stood out. She spoke about taking a practical approach to using data effectively. Rather than creating complex, detailed, overwhelming dashboards, she recommended focusing on a small number of key performance metrics that have practical applications, and can help inform daily business decisions. She emphasised the importance of reviewing data correctly too, in order to identify real problems that can be addressed and improved.

“Don’t have data for the sake of data”

This mirrors our own methodology at Absolute IT. We believe in providing our clients and candidates with clear, actionable insights, rather than drowning them in unnecessary information. Our IT Job Market Report: Update for Employers, is a great example of this.

Final Reflections

As sponsors of the Absolute IT Supreme Scale-Ups award at the annual Technology Investment Network (TIN) event, we were excited to see the innovation and growth on display at the Tech Summit. It reinforced our commitment to supporting and recognising the achievements of New Zealand’s tech companies.

As we reflect on the Tech Summit, we’re more excited than ever about the future of New Zealand’s tech sector and we look forward to continuing the conversations started at the event in the coming weeks and months. We’ll continue to support events like this, fostering innovation, and contributing to the growth of Kiwi tech companies taking the world by storm.

Want to know more about the topics covered in this blog? We’d love to chat! Find out more about us here.

James Mann