Cyber security risk assessment
No cyber security measures are 100% effective, and there is always a risk that hackers will be able to successfully attack your computer systems. It is important for charity leaders to understand those risks and take steps to manage them so that resources are directed at mitigating the biggest risks to more acceptable levels.
The way to do this is through a cyber security risk assessment, which will enable the charity to:
- Identify any areas of operations which pose unacceptable cyber security risks
- Prioritise areas that need cyber security improvements
- Reduce the chances of cyber-security breaches
- Reduce the likely financial and reputational costs of cyber security breaches
- Reduce the impact of cyber security breaches on service delivery and fundraising
A cyber security assessment may also be a prerequisite for compliance with regulations such as the General Data Protection Regulation (GDPR).
Testing charity cyber security systems
Testing is an essential part of any charity cyber security program to ensure that the measures in place are effective.
There are a number of ways to do this, including checking that endpoint security software is up to date using the Anti-Malware Testing Standards Organization (AMTSO)’s Security Features Check (SFC) cyber security tools.
A penetration test is the most comprehensive form of cyber security system test. This involves trusted security experts attempting to mimic a hacker’s likely techniques to see if they can get access to computer systems or data that ought to be inaccessible. If they are successful they then provide details of the cyber security measures that need to be put in place to prevent a real hacker from having similar success.
What jobs are in cyber security?
Cyber security jobs in larger organisations tend to be fairly specialised, and their job titles reflect this. Common cyber security UK job titles include:
- App security engineer
- Cyber security consultant
- Data protection officer
- Chief security officer
- Security analyst
- Security engineer
- Security architect
- Security and penetration testing expert
Smaller charities are unlikely to have the resources to recruit more than one person to look after all the cyber security requirements of the organisation. For that reason, they are likely to be responsible for buying in specialist cyber security services from a cyber security consultancy, a managed cyber security service provider, or a cloud-based cyber security service provider. Information about the various cyber security systems that are provided can then be compiled in an organisation’s cyber security wiki.
In 2018 there was an estimated global cybersecurity staffing shortage of three million people, and that has now grown to over four million, according to research by the International Information System Security Certification Consortium. That means that the global cyber security workforce needs to grow by almost 150% in order for those cyber security job vacancies to be filled, according to the research.
As a result, cyber security jobs command high salaries, making it harder for smaller charities to recruit large cyber security teams.
What skills are needed for cyber security?
All cyber security jobs require strong IT skills with a good knowledge of computer hardware, operating systems, applications software, and networking. Beyond that, many people believe that specialist skills in specific cyber security fields are necessary. These can be attained by taking cyber security courses leading to certifications such as:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
But gaining a certification in cyber security is not essential for getting a job in cyber security, according to Graeme Einfelds, an IT recruitment consultant at Henry Nicholas. “It’s not always about specific skills. Many companies will get one or two higher-level IT security experts in the door, and then recruit graduates and teach them,” he says.