The risks have never been greater, or the stakes higher
We have all become accustomed to working in an uncertain landscape surrounded by political, economic, social and technological change, which creates both new challenges and opportunities.
But, when it comes to ensuring that critical data remains out of the wrong hands, the risks have never been greater or the stakes higher. Cyberattacks are on the rise and becoming ever more sophisticated, while security teams are under increasing pressure to remain operationally effective in the ‘new norm’ and demonstrate value for money.
Last year, the World Economic Forum’s research on Covid19 related risks, stated that after economic and geopolitical risks, the top technical risk would be cyberattacks on remote workers.
As readers will no doubt know, remote working increases the risk of cyberattacks as hackers target people’s increased use and dependence on digital tools, data sharing and communication. Cybercriminals have seen these risk factors, which they have and will continue to exploit.
“Hacking and phishing attacks are likely become the new norm for many companies for months and years to come…even as the virus infection rate begins to recede.” The World Economic Forum
Amid the disruption caused by the pandemic, there’s certainly been no shortage of news headlines detailing examples where hackers have seized upon the opportunity to steal sensitive personal or company information from remote workers.
What’s more, in recent months, cyber criminals have preyed upon people’s fears and desperation to receive a vaccination. As vaccines have been announced, the world has seen increased phishing schemes or malware disguises, designed to dupe people into parting with their sensitive personal data -opening them up to cyberattack.
The forced ‘working from home experiment’ has also meant that the use of cloud-based services looks set to remain prevalent this year. Organisations will want to securely maintain business continuity in a remote working environment and evolve their online service / product offerings to accommodate changing consumer habits.
As such, the imperative to maintain privacy and data loss prevention will mean more budget diverted to security measures and this will only increase the demand for Cyber Security expertise, across the globe.
A truly borderless, global talent pool emerges
A positive outcome from the pandemic is that remote working has become completely normalised and the many benefits have been realised by both employees and employers alike.
As a result, many employers now don’t shortlist against a specific location but will consider Cyber Security candidates from a wider pool of talent, from across a country, continent or indeed the globe.
As one senior technology leader put it, “I think we've all been in recruiting situations where you find the most amazing potential hire. Then we discover they're geographically undesirable because they can't come in for whatever reason - suddenly we've opened up the entire globe for our talent so long as they have good Internet connection.” Dan Crisp, Senior Technology Leader
In a world where cyberattacks are on the rise, and where Cyber Security skills are in short supply, this is indeed a welcomed consequence.
A focus on Asia Pacific
Asia Pacific (APAC) is an ideal environment for cyber criminals to thrive in due to high digital connectivity, contrasted with low cybersecurity awareness, growing cross-border data transfers and weak regulations. This lack of transparency leads to an inaccurate perception that the APAC cyber threat level is lower than other regions around the world.
According to management consultancy firm Oliver Wyman, “The potential of cyber threat exposure is disproportionally large compared to the amount of investment in cyber security or risk management strategies. Companies need to start treating cyber risk as an enterprise-wide risk by applying a comprehensive risk management framework and upgrading capabilities. The reality is that many APAC organisations lack the structure, processes or culture necessary for this.”
Although increased remote working, the rapid transition to cloud-based services and the adoption of new digital and mobile technology has resulted in increased risk across APAC - this has not translated (yet) to sufficient investments in Cyber Security by corporations. This lack of investment is prevalent across technology, talent and process.
What’s more, according to the Thales Data Threat Report 2020, 45% of all APAC corporate data is already stored in the cloud. 42% of that data is sensitive information and only 52% of that is sensitive information is actually encrypted.
This suggests that there is plenty more scope, for many more businesses across the region, to transition to cloud-based services. Unfortunately, as they do, it also seems that more than half of their sensitive corporate data will be not have the necessary security defenses in place.
In APAC at least, we appear to be on the cusp of what we hope will be a boom in demand for Cyber Security professionals.
A company can have the best technology, cybersecurity policies, governance structures and processes in place - but without the people, with the requisite skills to execute the job, gaping holes will continue to exist in their cyber defense. So, what are the Cyber Security skills in demand this year?
Cyber Security skills in demand
The two most in demand skills are Cloud Security and Application Development Security - both involve proactively building secure systems from the start rather than responding to attacks. According to Burning Glass technologies demand for these skills over the next five years is projected to grow, 115% and 164%, respectively.
As previously noted, in a bid to grow faster and become more efficient, organisations across APAC are continuing to invest in digital transformation programmes which include the transition to cloud-based services.
As such, organisations across APAC will inevitably have to start focusing more on the areas that will support their digital transformation to multi cloud adoption, including: Access Management, Data Loss Prevention, Cloud Security and Information Security.
These are all areas of expertise we see employers needing and wanting more of this year. What’s more, professionals with regulatory knowledge, related to local and regional GRC policy, will command a premium.
In order to better service customers, organisations are also focussed on the rapid development of application software. However, when it comes to application development and security, there is a clear clash of priorities. The notion of fast application development is completely at odds with the discipline of ensuring code is secure.
On the one hand, developers want to create new apps fast and deploy them quickly. On the other, security teams can be seen to slow down innovation over concerns that attackers are looking for weak points in the code.
As such, the area of DevSecOps, where security is built into the software development lifecycle, has started to evolve to ensure businesses can overcome these conflicts quickly. These experts help shift security further ‘to-the-left’ by helping design secure code to begin with, rather than focusing on post-deployment scanning and remediation.
Security professionals with DevSecOps expertise are in very high demand and candidates with a software background (who might be able to rewrite their own changes or contribute to secure architecture) will be highly sought after.
In addition to technical expertise, soft skills have taken a stronger focus when it comes to hiring decisions. No matter the level of seniority, the ability of a candidate to be able to communicate technical information whilst conveying the risks, in layman’s terms, should not be underestimated.
Ultimately, it’s important to remember that the security skills employers need and want can change and evolve very quickly. Only a couple of years ago, the areas of Cloud Security and Application Development Security were still very much in the shadows.
So, when it comes to the security expertise of the future – do you have a view of what’s around the corner?
Top Cyber Security jobs 2021
Here’s our list of the top five Security skillsets, we foresee in APAC, for 2021:
1. Application Security Engineers / Architects (DevSecOps)
2. Cloud Security Engineers / Architects
3. Red Team Specialists
4. Identity & Access Management Specialists (Including Privileged Access)
5. Cyber Threat Intelligence & Malware Analysis
How can we help?
From our established offices in Hong Kong, Singapore, US and the UK we deliver Cyber Security recruitment solutions, across APAC, North America and EMEA. We help organisations find exceptional permanent and contract security talent from across the globe. Our joined up international teams offer deep technical and local market expertise.
If you are job searching in these difficult times, and potentially interviewing from home, there are lots of things we can help you with to prepare. We have plenty of career advice guides we can share with you. Everything from CV tips, to developing your personal online brand and video interviewing advice.
If you would like any of our career advice guides, or want to speak with a Digital Transformation / Technology recruiting expert in Asia, please do not hesitate to get in touch.
Delivering Exceptional Experiences
"A truly refreshing experience to meet with a recruitment professional who had researched well, understood the sector, and actively listened and understood what was being discussed. Great experience."Share your experience