Earlier this year, a bizarre cybercrime shook the world. A story broke of a criminal gang known as Fin7 faking a company to recruit potential employees. This gang is believed to have built ransomware earlier that disrupted a large US oil pipeline system company.
This whole incident points to one thing: There is a serious dearth of talent in the cybersecurity market.
And what a strange situation this is; the cybersecurity market is swamped with funds and investors.
Many successful companies that include start-ups and scale-ups particularly focused on cloud offerings have tapped into external financing. These financings are easily available through venture capital, financial institutions and the broader equity markets.
In the similar vein, thanks to the growing cybersecurity awareness, businesses have more options to deploy advanced security solutions.
But the fact remains that our big and ever evolving cyber network lacks sufficient cybersecurity experts. And the gap is alarming. Indeed, (ISC)², a certified non-profit association of cybersecurity specialists, estimates the global talent scarcity at more than 3.1 million people.
This serious shortage of cybersecurity experts prompts criminal gangs to work in shadows and search for legitimate professionals. They target the ones who could be lured to conduct illegitimate operations for a sum of money.
Furthermore, today’s cyber criminals are highly organized and, technologically, fairly sophisticated. The extent of their sophistication and the entire scheme of things are very much evident from the way they operate.
Ransomware-as-a-Service, a new cybercrime has emerged. Hearing this definition for the first time is likely to have anyone in fits of laughter. But on the second thought, we can just sink in the fact that how advanced cyber-criminals have become.
While serious deficit in the demand and supply of cybersecurity experts is one cause of concern, perilous consequences arising from this situation are too many.
What are the consequences of severe shortage of cybersecurity professionals?
- Literally all industries are vulnerable to cyber-attacks. But due to a severe shortage of cybersecurity experts, professionals will be lured towards more rewarding industries. Large banks and healthcare chains offer pay checks fatter than less glamorous fields such as non-private sector jobs
- The money made from executing cyber-attacks could be huge. This is particularly true at a time when anonymous cryptocurrencies options are available to exchange the ransomware payments. This possibility might tempt unprincipled cybersecurity experts to sway towards criminal gangs. They could team up with rogue elements to make a quick buck
- On observing closely, one thing becomes obvious is that these criminal groups are highly organized. They are good at creating fake companies and fake identities. Cyber-criminals and their affiliates can scheme up in shadows to make a fraudster get hired in a perfectly legal establishment. Once hired, a fraudster can target exfiltration of confidential information and/or snoop on classified information. Insider attack is a classic example
It’s about time for governments and cybercrime investigative agencies to team up, address and solve the menace of organized cybercrime. Nurturing more cybersecurity professionals is surely one way to tackle it.