Why the next wave of cybersecurity talent won’t have a ‘security’ job title
Over the past five years, we’ve witnessed the state of cybersecurity become chaotic – and, quite frankly, grim – across a variety of industries. Hotels, financial institutions, consumer electronics, hospitals, universities, governments, retail chains, telecom providers, airlines, vehicles. You name it; it has been hacked.
Due to the overwhelming explosion of data breaches around the world, the C-Suite has raced to scoop up any and all cybersecurity talent – to help navigate the complex task of safeguarding an organization, its employees and proprietary information. The information security profession is expected to continue growing at a rate of 36.5 percent through 2022, according to U.S. News and World Report.
This talent war, however, has stemmed from companies associating the threat of data loss with malicious hackers or stolen property. And that is a significant miscalculation on their part.
CISOs, CSOs, information security analysts and other cybersecurity professionals are undoubtedly vital in maintaining an organization’s security posture. But the problem is that they’re focused on bolstering external defenses and protecting IT devices currently within their purview – and not the pile of retired fax machines, desktops, laptops, servers, smartphones and tablets collecting dust in a basement.
Better known as “e-waste,” these devices are often relegated as an afterthought for most. But doing so can have far more dangerous implications than any malicious hacker.
If you consider a legacy corporation on the Fortune 500 list, with hundreds of offices around the world, and hundreds of thousands of employees – each outfitted with a laptop and smartphone – not only is that a substantial number of devices in use, but it’s also an enormous amount of sensitive corporate data being shared and stored.
So what’s to become of that data when these devices reach their end of life?
Considering the unprecedented amount of Internet-connected devices in use today (Gartner estimates a total of 6.4 billion) – plus the general multiplication of mobile devices owned and used by individuals – dumping out-of-use equipment into landfills is no longer sufficient, nor is it eco-friendly.
Proper decommissioning and safe disposal of corporate assets has, evidently, become a monumental task. And that’s why, over the next five years, we will see the next cybersecurity talent war waged over ITAD (IT asset disposition) specialists and managers.
An ITAD manager protects corporate data at every stage of an IT asset’s lifecycle – from the moment a device is turned on until the day it is retired or rendered unusable. The core function of this role is to understand, at the most granular level, where every piece of data is stored across a variety of devices, so when it comes time to dispose of, reassign or recycle a computer, server, tablet, smartphone, etc., no crumb of highly-sensitive information is left behind.
Improper decommissioning of used devices presents a very real security risk for organizations without an ITAD manager to mitigate with the right tools and skills, as cyber criminals are becoming more and more sophisticated, resorting to new infiltration tactics in order to wreak havoc on businesses and consumers. For those organizations that don’t conduct a complete data scrub, they are voluntarily handing over their intellectual property to those with malicious intent.
An ITAD manager’s 360-degree view enables companies to not only reduce security risks, but also to meet the increasingly stringent regulatory requirements for asset disposal, and to avoid costly data breaches and fines from industry regulators or environmental agencies, along with other repercussions that could damage customer loyalty, sales or even stock prices.
The next several years will be critical for businesses to wrap their heads around the importance of securing defenses internally, in addition to guarding against external threats. Those that hire an ITAD manager are ahead of the pack in securing every piece of IT equipment, no matter what stage of the lifecycle it is in.