Cyberattacks are becoming increasingly sophisticated. Read about the concerns that industry leaders have for the future and three approaches organizations can take to build up their defenses.

Cyber workforce shortage

There are over four million unfilled cybersecurity jobs in the world today. Filling these vacancies has become a security imperative, and several global compliance mandates have been established to tackle the issue. For example, in the US, the 2023-2025 CISA Cybersecurity Strategic Plan aims to increase basic-level cyber skills across the country, transform cyber education and boost the cyber workforce. The European Union Agency for Cybersecurity (ENISA) provides a series of recommendations for reducing the cybersecurity skills shortage and gaps through higher education. Other regions around the world have similar cyber mandates.

Generative AI attacks

Social engineering attacks, which involve tricking users into giving attackers access to systems, will also increase in sophistication. Generative AI tools, such as ChatGPT, enable more attackers to make smarter, more personalized approaches, and deepfake attacks will become increasingly prevalent. Combatting generative AI attacks will involve implementing organization-wide cybersecurity awareness and training.

Cyberattacks will top USD 10.5 trillion by 2024

By the end of 2024, the cost of cyberattacks on the global economy is predicted to top USD 10.5 trillion. A shortage of professionals with the skills needed to protect organizations from cyberattacks will continue to be a running theme throughout 2024. This is a threat to business and societies. However, generative AI can have a transformative impact on defense mechanisms where organizations focus efforts on cybersecurity training, development and upskilling programs.

Cybersecurity transformation: the time is now

While every organization should create its own cybersecurity transformation roadmap, there are three approaches organizations can take to ensure that people are its first line of defense.

1. Crisis simulation

After a cybersecurity breach, every second counts. Security teams, line-of-business managers and executives should know exactly what role to play to help contain the damage. To help prepare, many organizations are testing their incident response (IR) plans and teams with cyber range simulations. Organizations with an incident response team can save USD 1.5 million in data breach costs compared to organizations without an IR team or IR plan testing.

Organizations gain:

• Sharpened collaboration across organizations with increased knowledge of their attack surface to more effectively identify vulnerabilities and improve resilience
• The ability to experience a simulated cybersecurity incident with the intensity and pressure of a real-life data breach
• Confidence in responding and recovering from enterprise-level cybersecurity incidents, managing vulnerabilities and building a stronger security culture

2. Cybersecurity awareness and training

Many companies struggle to understand their cyber risk. IBM’s in-depth cybersecurity expertise leverages lessons learned from 1,500 businesses where we’ve hosted training sessions combined with industry best practices based on NIST and ISO standards to help organizations improve their cyber culture.

Organizations gain:

• Reduction in number of incidents; hence, reduced overall cost
• The visibility of live phishing tests linked with targeted training
• An increase in security awareness and behavioral change

3. Cybersecurity talent transformation

With the increased sophistication and rise of cyberthreats, organizations struggle to develop and maintain the necessary cybersecurity talent to detect, prevent and respond to advanced attacks. The IBM Cyber Talent Transformation service is tailored to an organization’s cybersecurity objectives. using AI in its unique security talent management processes, which helps build resilient cybersecurity teams.

Organizations gain:

• The cybersecurity talent and critical skills needed to meet current and future demands
• The ability to upskill and reskill effectively and at speed
• The ability to incorporate AI and skills strategies where organizations can grow and retain talent faster, while reducing the risk of critical cyber skills shortages that can hinder business performance

Join the IBM Consulting team on Tuesday, Feb. 13, 2024 from 10-11:00am EST, to hear from cybersecurity talent experts and learn how you can apply new approaches to transform your business to face today’s cyberattacks.