I’ve covered this topic previously but recent posts in several markets Extract serves prompted me to cover it again. With Russia and China impacted by some form of sanctions, either imposed by western countries or self-imposed, threats have intensified while the shortage of cyber professionals continues to grow.

“A World Economic Forum study reported that prior to the Ukraine invasion there were more than 3 million unfilled positions globally for cybersecurity professionals — a number that is expected to grow in part due to the exodus of up to 70,000 technical workers now leaving Russia since the war began, the Associated Press has reported.” Compliance hiring of cybersecurity pros faces squeeze amid new US rules and Russian-threat warnings | Reuters.

The US Securities and Exchange Commission approved a rule change last month requiring investment firms to create designated cyber-defense representatives and written supervisory procedures. The US Treasury Department tightened its rules on reporting breaches last November. The Department intended to include language on governance and cyber-defense management structure but removed after banks objected.

Historically, defense against cyber-attacks has been managed by IT staff, but that is changing to include more involvement from compliance teams as regulatory requirements increase. “The finance sector is the most well prepared after spending billions of dollars on cybersecurity and dedicating thousands of staffers to protect their networks”, says Austin Berglass, BlueVoyant’s global head of professional services and a former FBI special agent in cyber-defense. He adds, “The sector is seeing a constant barrage of attacks on a daily basis, and malicious actors are constantly scanning for vulnerabilities.”

The threat certainly isn’t limited to financial services. The National Center for State Courts (NCSC) posted a blog two weeks ago talking not only about the threat from Russia and China, but advising their members to guard against internal threats as well. Threats to steal sensitive data or encrypt important files and backups. Playing cat and mouse as cyber-threats intensify in 2022 | NCSC.

NCSC references a couple recent incidents that attacked weaknesses in the very services many of their members rely on. “The Log4JShell vulnerability sent web administrators scrambling to prevent malicious code from executing on web servers that use Apache logging. In the past year, Microsoft's on-premises implementations faced threats as did Office365. Spam blocking software and services fail to block many threats that reach our end users.”

NCSC recommends courts perform an honest and impartial cybersecurity assessment to identify major information assets and their vulnerabilities. After completing an assessment and watching their cybersecurity webinar then the real planning can begin.

Some from Europe refer to Russia as the visible threat and China as the invisible one. Regardless of the threat it is clear there is a large gap between the number of compliance and cyber security jobs to be filled and people available. We encourage organizations to be constantly improving cybersecurity operations while retaining the best talent.

About the Author: Troy Burke

With 30 years of experience providing clients with stellar service and strategic solutions for growth and development, Troy is committed to ensuring his customers receive the highest quality solution, training and support with every implementation. He frequently speaks on the topic of redaction and is actively involved with National Association of Court Management, Property Records Industry Association and several other government organizations.