Skip main navigation

New offer! Get 30% off one whole year of Unlimited learning. Subscribe for just £249.99 £174.99. New subscribers only. T&Cs apply

Find out more

Technology Lag, Application Development Security, Skill Gap

.

Technology Lag

When considering the cybersecurity landscape, it’s important to note that the versions of products that organizations have deployed exist on a spectrum, with a small number of organizations running the latest versions, most organizations running older but still supported versions, and a substantial number of organizations running information systems that are no longer supported by the vendor.

While the latest operating systems and applications still have vulnerabilities, organizations can substantially improve their security posture by ensuring that they are running the most recent versions of operating systems and applications and by keeping those products current with released updates. It’s also important to note that many vendors are less diligent about addressing security vulnerabilities that are discovered in older versions of their products. A vulnerability that may be addressed in the current edition of a product may not be addressed in previous versions of the product.

It’s usually the organizations running outdated or unsupported products that you hear about when a large cybersecurity incident occurs. For example, the 2017 WannaCry ransomware attack disproportionally impacted organizations that had servers running the Windows Server 2003 operating system where the ports that are used for SMB storage protocol were exposed to the internet.

The WannaCry incident is reflective of a substantive part of the cybersecurity landscape in that it demonstrated that not only are a large number of organizations running outdated or unsupported information systems but that the security configuration of the networks that host those systems fell far below best practice.

Application Development Security

The adoption of secure application development practices is another important part of the cybersecurity landscape. Many application developers create applications that are subject to attacks including cross-site scripting (XSS) and SQL injection, even though these attack vectors have been known about and understood for many years. As applications move from being locally installed on computers and devices to running as web applications in the cloud, it is important for organizations to ensure that secure application development practices are followed.

Skill Gap

It’s regularly reported that the field of information security doesn’t have enough trained personnel to meet industry needs. The recent Global Information and Security Workforce Study by the Center for Cyber Safety and Education projected a global shortfall of 1.8 million information security workers by 2022.Organizations cannot begin to protect themselves from the various threats that exist if they aren’t able to hire the personnel to manage and secure their information systems.

As you will be reminded throughout this course, information security is an ongoing process. It’s not enough to have a consultant come in, deploy, and configure software and hardware, and then your organization’s information systems are secure going forward. Instead, the process of securing information systems is ongoing. For most organizations, this means having IT staff that are trained in information security processes. Until the skill gap is closed, the cybersecurity landscape will be littered with organizations who are unable to substantively improve their security posture because they don’t have access to the personnel that would enable them to do so, and existing personnel are overworked due to a shortage of filled headcount.

This article is from the free online

Microsoft Future Ready: Fundamentals of Enterprise Security

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now