It makes sense to think cybercriminals would focus their attacks on large businesses. After all, their potential gain is larger if the company has more resources.
However, this is not the case. According to technology company Acronis, 43% of cyberattacks are aimed at small businesses. While small and large businesses have different resources to fight cyber threats, they're both facing the same types of attacks. This means that small businesses tend to be more vulnerable than larger ones.
Why can't small businesses employ savvy cybersecurity professionals like big corporations can? Because of the cybersecurity talent gap. There are simply not enough qualified cybersecurity professionals to go around.
What's causing the talent gap?
Several factors appear to be causing the shortage of cybersecurity workers. First, employers utilize problematic hiring practices that weed out qualified professionals. According to the technology publication TechRepublic, many employers looking for cybersecurity professionals don't know what they're looking for. They might focus too much on credentials that aren't strictly necessary to do the job — listing a certification that takes five years to complete as a requirement for an entry-level position. This leads to employers filtering out qualified candidates because of skills or experience they don't have, but that can easily be learned on the job
Cybersecurity credentials tend to be expensive, barring many otherwise-qualified candidates from getting the ones that impress employers. Pricey certifications, which are often used to prove qualifications, raise the costs of hiring certified cybersecurity professionals. These credentials also inflate what is considered a competitive salary for a cybersecurity professional, one that many small businesses can't afford. It costs nearly $1,000 to attempt to obtain a Global Information Assurance Certification and $469 to renew it. As long as employers keep saying they need certifications like these in their job descriptions, job seekers will continue to need them to stand out.
What can be done about it?
Rick Howard, the chief analyst at Cyberwire, proposed that businesses simply start lowering their standards, hiring entry-level employees and training them so they have the skills necessary to be successful cybersecurity professionals. Businesses could also begin to train people who may not be cybersecurity experts but know enough about adjacent fields that they can learn the necessary skills quickly.
Redefining the cybersecurity professional stereotype could also help. Instead of just looking for education and certifications, businesses can search for candidates who are good at solving problems. Cybercriminals come from all over the world, so there may be an advantage to hiring a more diverse workforce of cybersecurity professionals. According to Zippia, about 83% of cybersecurity professionals are men, and this percentage has consistently risen yearly. In addition, about 73% are white. By diversifying the cybersecurity field, businesses can be better prepared to deal with different approaches to cybercrime.
Spear phishing and how cybersecurity professionals are being challenged
Cybercrime is a quickly-evolving threat. It's evolving so fast that the cybersecurity industry can't keep up. There are certain types of cybercrime that might seem simple but tend to be very effective at getting employees to give up their company's information.
Spear phishing is a perfect example. As a concept, it's straightforward enough: Someone posing as someone else — such as an authority figure, official organization, executive, IT professional or some other legitimate source — asks for sensitive information via email. They often include a link where the victim can type in the information. The page looks genuine, as well. The victim unknowingly hands essential information over to the cybercriminal, which can be used to break into the company's information network.
This type of attack is something cybersecurity professionals have difficulty dealing with. The criminals who design these emails are clever enough to make the whole thing look completely real and in no way suspicious. Spear phishing requires surveillance of the victim to work, so the email includes pieces of information such as names and phone numbers that are identical to authentic ones. As many companies have found out the hard way, it can be extremely difficult to tell the difference between a legitimate email and a spear phishing attack.
Spear phishing is just one example of cybercrime that cybersecurity professionals of all kinds can't seem to form an effective defense against. In an example from 2020 involving Twitter, people posing as key figures such as Barack Obama, Joe Biden, Bill Gates, Elon Musk and others stole information from Twitter employees. The cybercriminals responsible used these individuals' real accounts to send out fake emails leading to fake sources. This example demonstrates that whether it's a small or large business doesn't matter. Cybercrime is sophisticated, and cybersecurity professionals can't keep up.
Change can bring hope for the future
If cybercriminals continue to outpace the expertise of even the top cybersecurity professionals, the future of the former looks promising. Without enough cybersecurity professionals to go around, small businesses in particular are going to continue to be under attack and suffer massive damages every time their network is breached.
Some things can be done to fill in the cybersecurity workforce gaps, and it may be useful if the cybersecurity industry starts paying attention. If they don't, then the pattern will continue and the problem will get worse. It's already unsustainable for small businesses to keep up with cyber threats, so it benefits everyone if the industry reforms itself to allow for the creation of a new generation of cybersecurity professionals.
Here at the Inventu Corporation, we equip organizations of all sizes with a revolutionary web terminal emulation tool called Inventu Viewer+. It's a high performance emulation solution built with C at its core. Inventu Viewer+ supports SAML 2.0 and other identity technologies to enable securing your critical mainframe applications. This allows deployment of reliable and safe software using clean HTML and JavaScript hosted on secure Windows servers. All in all, the Inventu Viewer+ web terminal emulation meets employer and staff expectations in a way that feels both familiar and simple. Contact us today and see how Inventu can help you integrate your active terminal emulation with the best web identity frameworks available.
