Cybersecurity is a relatively new domain that hasn't been around for as long as other traditional fields, such as medicine or engineering. Hence, it hasn't had the same level of resources and support that other fields have benefited from over the years. Despite this, significant technological advancements and increase of reliance on digital components in recent decades have greatly widened the threat surface, which ultimately created a high demand for cybersecurity professionals.
Given the scarcity of highly skilled cybersecurity resources available, it has made it difficult for leadership within organisations to find and maintain such resources and ensure they continuously increase their skills and competencies to match the increasingly advanced techniques and tactics of adversaries.
Use of emerging technologies, such as Artificial Intelligence (AI) and Quantum Computing is even introducing newer attack vectors now and in the near future, which requires cybersecurity professionals to consistently upgrade their abilities to keep pace with the latest threats.
With the rapid involvement of emerging technologies, reliance on Operational Technologies (OT) and the increase of utilising Internet of Things (IoT) along with the changes in the business environment, the identification of the most valuable assets (i.e. Crown Jewels) due to the lack of communication between the departments and the cybersecurity. This challenge is further magnified by the presence of shadow IT practices within many departments where departments independently procure and manage technology solutions without the involvement or oversight of the IT or cybersecurity teams often neglect implementing essential cybersecurity controls on these environments.
Time is another critical factor in cybersecurity. It can significantly affect the outcome of efforts to mitigate cybersecurity threats before, during, and after an attack. For instance, the failure to patch a vulnerability early on, delay in detecting an attack, or slow recovery after a cyber-attack can cost organisations a significant amount of money, damage their reputation, and/or erode customers' trust.
Assuming that cybersecurity functions are able to find and retain the right resources, while having the right procedures in place to swiftly respond to cyber-attack, they need to be able to cope with infrastructure and digital expansion. The expansive nature and intricacy of digital landscapes adds more responsibilities on the cybersecurity functions. Almost all organisations now have a website, many have their own mobile applications, few have already established their presence on the metaverse and some are even developing their AI models. While such advancements help organisations improve the lives of their customers, they also attract the attention of malicious actors.
Awareness of the cybersecurity risks by the Board of Directors enables them to understand the potential cyber threats and their impacts. Without such awareness the cybersecurity department may not receive the required focus and investments to overcome unforeseen cyber events.
All these challenges will not only impose high demand on the cybersecurity function but will also require other organisation departments to expect clearly communicated Service Level Agreements (SLAs) that are achievable by the cybersecurity function.