What do recent information security breaches mean for the industry?

Information security is one of the biggest areas of focus for the industry in the US right now, and indeed around the world. A recent spate of high-profile security breaches has led to an increased focus on information security by senior management who are becoming more and more protective of their data.

Similarly, the continued threat of cyber terrorism to the government has seen information security thrust further into the spotlight, and industry professionals are sitting up and taking notice. So what have been the biggest breaches, what have they taught us and what does this increased focus on security mean for the industry?

Security breaches shine a light on the need for heightened security

2015 was a notable year for many reasons. It saw a climate change deal reached by 200 countries, the TPP finally going ahead and more celebrity scandals than you can poke a stick at. It was also the year of many major information security breaches.

In June, the Office of Personnel Management announced it had been on the receiving end of a targeted data breach, compromising the records of more than 21 million people. Information gathered in this attack included Social Security Numbers, fingerprints and other personally identifiable information. No group has been brought to justice for the hacking, but the breach revealed a clear case for multi-factor authentication for people accessing sensitive information, along with the need to consistently follow – and update – policies and procedures.

Shortly after this breach came the Ashely Madison scandal, where the extramarital affair site was hacked to the tune of more than 30 million clientele records. The user information was published online by a group of vigilante hacktivists, showing the need for organisations that may be unpopular with some groups to consider additional security measures.

Looking back to 2014, we saw some of the biggest security hacks of all time. Sony suffered at the hands of ‘Guardians of Peace’, who deleted data from its systems as well as stealing and releasing everything from people’s personal details through to pre-release movies. The hack led to the cancellation of the formal premiere of ‘The Interview’ and resulted in many cinemas pulling the movie entirely. JPMorgan Chase was also targeted in 2014 in one of the largest data breaches in history, where more than 83 million accounts were compromised. According to the New York Times, an overlooked server may have left the bank vulnerable to this attack, again highlighting the importance of consistently updated information’s security systems and procedures.

What does this extra attention mean for information security clients and candidates? 

Information security breaches are occurring in a wider range of industries than ever before. Banks are now having to compete with pharmaceutical, healthcare and insurance companies to secure the best talent, with huge demand for CISOs capable of building new security functions. And while demand from clients is strong, the availability of jobs means that more people are being attracted to the industry.

IT auditors in particular have been making moves into what has developed as a ‘1.5’ line of defence model, sitting between front and middle office, which is a more attractive alternative for some people compared to the traditional third line of defence.

The Bureau of Labour Statistics points to a rapid 18% growth in Information Security Analyst jobs from 2014-24, up from the average occupational growth rate of 7%. And with more than one million unfilled security jobs worldwide, there’s never been a better time to make your next move. 

If you’d like to have an informal discussion about potential opportunities, please contact our IT Security Specialist Will Wilcox at wc@barclaysimpson.com

For more on information security jobs and to see our list of the latest vacancies, click here.