The gap due to lack of skills and talent in cybersecurity continues to grow.
A study by ESG and the Information Systems Security Association (ISSA) highlights that 70% of companies are affected by this lack of resources.
Despite the importance that cybersecurity has taken as one of the basic pillars of digital transformation – even more so with the presence of forced teleworking – the gap generated by the absence of technical skills and the shortage of professionals continues to grow, according to a study by ESG and the Information Systems Security Association (ISSA). Up to 70% of skilled workers believe that their organization is affected by a lack of skills. In the last four years, this figure has grown by up to five percentage points.

In this way, this lack generates an extra and increasingly increasing workload for cybersecurity experts, who also have to take care of staff training and deal with insufficient resources. “We are so busy putting out fires that we have not taken time to learn how to take advantage of the tools,” they say.

Likewise, the gap is widened when it comes to application security, cloud, and analytics. Organizations are moving more and more workloads to the public cloud and are facing increasingly sophisticated threats, leading to bewilderment.

The report also highlights that only 7% of professionals believe that their company has improved its position in terms of cybersecurity in recent years. 45% say they have worsened and 48% believe they are in the same situation.

As final conclusions, the survey expresses that this shortage shows two aspects; on the one hand, that there are not enough professionals; on the other; skills are also in short supply.
Source: https://cso.computerworld.es/tendencias/la-brecha-por-falta-de-habilidades-y-talento-en-ciberseguridad-sigue-en-aumento
At Itera we can help you.
Contact a specialist: seguridad@iteraprocess.com

As an organization, different aspects related to its operation must be analyzed, the limits of operation must be prioritized and determined, and the necessary measures must be established to guarantee the continuity of activities in the event of an incident.
Due to this situation, we must design a Business Continuity Plan that includes all types of plans, to mitigate the impact caused on the information and business processes of a company.
The process and implementation must be carried out taking into account the following phases:

1. Determine the scope
   Here we will determine which assets, systems or processes are critical, that is, those whose unavailability would directly impact our organization.
2. Organization Analysis
   This phase bases its activity on obtaining, elaborating or understanding the circumstances surrounding our organization, analyzing both processes, technologies or resources. To achieve this stage we must carry out a set of tasks.

• Hold meetings: It is necessary to meet with the end users of the processes selected as critical or within our scope, gathering all the information about the operation of our processes.
• Business Impact Analysis: Based on the information collected, we will perform a Business Impact Analysis. This document will contain the requirements, both temporal and resource, of the processes that are within the scope of the project.
• Recovery time, or the time that a process remains stopped until it is restored.
• Human resources and technologies used, so that a process works in a contingency situation.
• Maximum tolerable downtime of service. That is, the time that a process can remain down before disastrous consequences occur for the organization.
• Minimum service recovery levels. This would be the minimum level of recovery that an activity must have in order to be considered recovered.
• Dependencies on other processes, either internal or with external suppliers. It is a question of knowing if a contingency situation in other processes.
• Degree of dependence on the recency of the data. The impact that data loss would have on our activity is determined.
• Risk analysis: It consists of studying and determining the possible threats to which the organization is exposed, as well as the possibilities of materializing in each case, and the impact they would cause if they were to occur. Subsequently, a risk treatment plan will be drawn up describing measures, risk mitigated, those responsible for implementation, necessary resources, etc.

3. Determination of the Continuity Strategy
   It must be determined which recovery strategies should be implemented for each of the elements identified as critical or that could be affected in a contingency. That is, how to recover a system or a process to prevent the contingency from irreversibly degrading it for the organization. It should be noted that some processes may require several recovery strategies.
4. Response to the contingency
   It begins with the implementation of the initiatives that have been highlighted in the previous phase. In addition, all documentation related to the response to the contingency must be addressed, through the following documents:

• Crisis plan whose objective is to avoid improvised decision-making that could worsen the situation or that decisions are simply not taken.
• Operational plans for the recovery of environments, which must specify which environment they are applied to.
• Technical work procedures, which describe the actions to be carried out for the management and recovery of a system, infrastructure or environment.

5. Testing, Maintenance & Overhaul
   For a Continuity Plan to be effective, we must check that it really works and keep it updated. To do this, tests must be carried out on the identified environments, after which we will prepare reports that collect the results obtained. In addition, all incidents arising in this process must be recorded, which is essential to be able to establish corrective measures.
6. Awareness Phase
   In this phase, all kinds of measures will be implemented to promote staff awareness of continuity and knowledge of the plans drawn up.

Source: https://www.incibe.es/protege-tu-empresa/blog/fases-plan-continuidad-negocio

At Itera we can help you.
Contact a specialist: seguridad@iteraprocess.com