Skip main navigation

Technology Lag, Application Development Security, Skill Gap

.

Technology Lag

When considering the cybersecurity landscape, it’s important to note that the versions of products that organizations have deployed exist on a spectrum, with a small number of organizations running the latest versions, most organizations running older but still supported versions, and a substantial number of organizations running information systems that are no longer supported by the vendor.

While the latest operating systems and applications still have vulnerabilities, organizations can substantially improve their security posture by ensuring that they are running the most recent versions of operating systems and applications and by keeping those products current with released updates. It’s also important to note that many vendors are less diligent about addressing security vulnerabilities that are discovered in older versions of their products. A vulnerability that may be addressed in the current edition of a product may not be addressed in previous versions of the product.

It’s usually the organizations running outdated or unsupported products that you hear about when a large cybersecurity incident occurs. For example, the 2017 WannaCry ransomware attack disproportionally impacted organizations that had servers running the Windows Server 2003 operating system where the ports that are used for SMB storage protocol were exposed to the internet.

The WannaCry incident is reflective of a substantive part of the cybersecurity landscape in that it demonstrated that not only are a large number of organizations running outdated or unsupported information systems but that the security configuration of the networks that host those systems fell far below best practice.

Application Development Security

The adoption of secure application development practices is another important part of the cybersecurity landscape. Many application developers create applications that are subject to attacks including cross-site scripting (XSS) and SQL injection, even though these attack vectors have been known about and understood for many years. As applications move from being locally installed on computers and devices to running as web applications in the cloud, it is important for organizations to ensure that secure application development practices are followed.

Skill Gap

It’s regularly reported that the field of information security doesn’t have enough trained personnel to meet industry needs. The recent Global Information and Security Workforce Study by the Center for Cyber Safety and Education projected a global shortfall of 1.8 million information security workers by 2022.Organizations cannot begin to protect themselves from the various threats that exist if they aren’t able to hire the personnel to manage and secure their information systems.

As you will be reminded throughout this course, information security is an ongoing process. It’s not enough to have a consultant come in, deploy, and configure software and hardware, and then your organization’s information systems are secure going forward. Instead, the process of securing information systems is ongoing. For most organizations, this means having IT staff that are trained in information security processes. Until the skill gap is closed, the cybersecurity landscape will be littered with organizations who are unable to substantively improve their security posture because they don’t have access to the personnel that would enable them to do so, and existing personnel are overworked due to a shortage of filled headcount.

This article is from the free online

Microsoft Future Ready: Fundamentals of Enterprise Security

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education