Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

The Birth of a New Cybersecurity Hole

July 18, 2017

  • Blog
  • Archive

 The cybersecurity job market is exploding as companies look to bring on new personnel—very often in newly created roles—to address the increasing complexity and severity of attacks. Below are just a few statistics from a recent CSO article that highlight this trend:

  • There are currently approximately 350,000 cybersecurity job openings, a 67% increase from 2015
  • The sector’s unemployment rate in 2016 was 0%, and it’s expected to remain that way until 2021
  • Symantec predicts that the demand for cybersecurity talent will rise to 6 million jobs by 2019

It’s clear that the industry recognizes that cybersecurity expertise is essential in today’s heightened environment. But what good is investing in cybersecurity hires if management doesn’t take their advice?

I recently came across this Reddit thread from a cybersecurity architect expressing his frustration with a server project. You can get the background and email correspondence between him, his colleague and their boss on Reddit, but the gist is that his significant security concerns and advice were overruled in the interest of getting the project done. From an email with his boss:

Due to timing of the Insert Important Event let’s get this up and running and we will circle back about patching and hardening methods.

The thread’s comments underscore that this is far from an isolated incident. One reader explained:

If security slows down production which in turn reduces profitability, [executive management is] never going to side with IT. It's a matter of risk balancing, and if they've never experienced a security breach, they're going to take the risky route until they do.

Another agreed, saying:

Even then, if they have a security breach, there will be about six weeks of taking security seriously, before it goes back to status quo and management says "well, compared to what you're proposing, the security breach wasn't that expensive".

Perhaps the original poster put it best:

 Between the corporate buzz words and misprioritization, we can see the birth of a new cybersecurity hole that will never be closed. 

This mindset must change if companies are truly serious about protecting their most valuable assets.  Cybersecurity professionals should be included in the early stages of a project, and their input used to inform the timeline and expected deliverables. In the case of the Reddit poster, he was only contacted about the server change in the eleventh hour, at which point his suggested enhancements were deemed less important than meeting the project’s targeted completion date. Had he been consulted at the outset, it’s possible that the company could have incorporated his feedback and still turned the project around quickly.

Of course, it’s equally possible that his warnings still would have been ignored. This is the scenario that’s most troubling to me (and probably all readers with a security background!) Bringing on new cybersecurity resources is a great first step in responding to today’s security threats, but if their counsel is not heard, respected and implemented then their value is significantly reduced.

If we hope to see the situation outlined on the Reddit thread become more of an exception and less of the rule, the industry has some serious legwork to do. The demand for cybersecurity talent is well-known—now it’s time to let that talent go to work. 

Sam Elliott

Director of Security Product Management

At Bomgar, Sam is responsible for the product management group that is driving product strategy for Bomgar’s security products. He has more than a decade of information security, ITSM, and IT operations management experience. He also is a seasoned expert in the areas of cyber-security, data center discovery, systems configuration management, and ITSM. Sam has a Bachelor of Science from Florida State University and is certified in ITIL v3 and Pragmatic Marketing. He resides in Atlanta, GA with his family and can be found on twitter @samelliott.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.