UK Business at Risk as Cyber Skills Gap Reaches Breaking Point

  • Over a year on from Parliament’s National Security Strategy report, cybersecurity training opportunities still aren’t a priority for the Government
  • A deepening talent gap in cybersecurity has potential to cause irreparable damage to UK business
  • CIOs and senior IT employers say a looming, uncertain Brexit is presenting enormous hiring challenges
  • Businesses face a global shortage of approximately 4 million cybersecurity pros
  • A focus needs to be put on ‘skilling up’ the UK’s next generation of cyber security professionals

27th November 2019 – A new, in-depth piece of research* conducted amongst UK CIOs and senior IT professionals has revealed that the cybersecurity skills gap has reached a crisis point, putting British business on the backfoot in the ongoing war against online fraud and cybercrime. This cybersecurity industry study from digital resilience experts RedSeal, unearthed major concerns about business’ ability to develop, attract and retain personnel with the right skillset to stand up against an ever growing threat landscape.

An enormous 87 percent of CIOs and senior IT pros reported that they are struggling to find cybersecurity professionals with the expertise needed to combat serious and organised online crime. Almost three quarters (73 percent) went on to say that uncertainty around Brexit is a huge concern when it comes to hiring security professionals from outside the UK. Further, 95 percent specified that Brexit will in fact widen the current skills gap, since many IT security professionals currently within British business are from outside the UK – due to the lack of advanced cybersecurity education provided locally.

Why aren’t cybersecurity training opportunities being made a priority by the Government?

It has been just over a year since Parliament’s Joint Committee on the National Security Strategy, a cross-party group that works across both the Commons and Lords, published a report exposing the UK’s chronic lack of digital skills, even within some of its own security agencies. Published in July 2018, the report revealed that ‘although the UK has one of the most vibrant digital economies in the world, there is not currently the cyber security skills base to match, with both the Government and private sector affected by the shortage in skills. Authors of the report, titled Cyber Security Skills and the UK’s Critical National Infrastructure, voiced huge concerns around the Government’s apparent lack of urgency in addressing the cybersecurity skills gap in relation to Critical National Infrastructure.

Cybercrime is a real and present problem for UK business at a time of continued uncertainty

Further questioning within the RedSeal research also demonstrated that cybercrime and its impact on UK business continues to grow, with 81 percent reporting that they have suffered a cybersecurity breach in the last 12 months. The lack of skills has also contributed to a lack of proper response planning and almost half (40 percent) of senior IT pros stating that their business doesn’t have a plan in place to respond to a security breach.

RedSeal urges the UK government to create a more robust education policy that will deliver the skills needed in the future.

Dr Mike Lloyd, CTO at RedSeal and expert in the study of the spread of malware, commented on the new research: “Across the industry, we have drained the talent pool for security professionals. There’s a global shortage of about 4 million cybersecurity pros, up from just over 3 million last year**.  The UK’s education system can help, but not quickly – professionals agree that it takes about 10 years of real-world experience to develop the skills needed to combat today’s threats, so we’re facing a sustained drought for talent. Automation can help but cannot replace human intuition and insight. We have to build hybrid teams, combining computers for all the drudge work so that the few human analysts can focus on the security tasks that matter.”

Professor Peter Komisarczuk, Head of Department Information Security at Royal Holloway University of London, commented: “Further and higher education in cybersecurity needs continuing support in order to keep pace with the ever changing threat landscape that UK business is facing right now. There is a shortage of professionals with cyber security skills in the UK which means that engaging young people and mid-career changers in developing skills and knowledge through high level technical and computing education is more important than ever before.”

He continued: “There are significant career opportunities in cybersecurity – the average annual salary for jobs in cybersecurity is £72,500 and we are seeing our graduates getting significantly more that the average graduate salary of £23,000 on leaving with their degree. Moreover, the potential to contribute to economic growth is huge, as well as support UK business against a very real cyber threat.”

He finished: “There are some great schemes encouraging younger people to pursue a career in Information Security such as CyberFirst which provides excellent opportunities for 11-17 year olds to develop skills and knowledge as well as a bursary scheme for undergraduate students.”

*An online survey was conducted by Atomik Research on behalf of RedSeal among 502 IT professionals from the UK. The research fieldwork took place on 19th-27th June 2019. Atomik Research is an independent creative market research agency that employs MRS-certified researchers and abides to MRS code.

**According to the latest annual workforce study by (ISC)²

RedSeal Appoints Greg Straughn as Chief Financial Officer

SAN JOSE, Calif. — Oct. 8, 2019 — RedSeal today announced the appointment of Greg Straughn as its chief financial officer (CFO). Following Symphony Technology Group’s equity investment in RedSeal earlier this year, Straughn will help drive RedSeal’s rapid growth as organizations increasingly prioritize digital resilience as the objective for their cybersecurity strategy.

RedSeal’s cyber risk modeling and scoring platform is already trusted by hundreds of Global 2000 corporations, mission-critical government agencies, power grid companies and the world’s leading financial institutions. With Straughn at its financial helm, RedSeal will strengthen its position in the market, as well as expand and pursue new growth opportunities.

“This is an important and strategic hire for RedSeal, as Greg has a proven track record of helping companies drive growth,” said Ray Rothrock, chairman and CEO at RedSeal. “His wealth of knowledge and extensive experience will play a critical role as we expand our market presence and help more organizations become resilient in this era of increased cyber threats.”

While CFO of A10 Networks (NYSE: ATEN), a leader in application networking and security solutions, Straughn navigated the company through and beyond its $187 million IPO. His strategic financial and growth plans helped increase the company’s quarterly revenue by more than 260 percent, from approximately $18 million to $65 million over 5 years. Additionally, he held CFO positions at Kabira Technologies and AT&T/Pacific Bell Internet Services.

Straughn also served as a principal at Meridian Business Systems, a consulting firm at the intersection of finance and strategy, where he assisted large and small organizations in growth planning, business plan development, fundraising and IPO planning.

Having earned 11 new awards in the last nine months RedSeal is considered a force multiplier for every security product on the network. By ensuring that network fundamentals are correct, providing a network risk assessment, and evaluating compliance with regulations and policies, RedSeal gives organizations a holistic understanding of their networks. Its Digital Resilience Score measures a network’s resilience and the effectiveness of existing cybersecurity investments in protecting business operations and value.

RedSeal Recognized by Multiple Industry Publications for Growth Potential, Cyber Risk Modeling and Thought Leadership

CEO Ray Rothrock awarded SC Media Reboot Leadership Award

SAN JOSE, Calif. — RedSeal (www.redseal.net) today announced that it has received three new awards recognizing its executive leadership, cyber risk modeling platform capabilities and the company’s overall growth potential.

The following organizations have honored RedSeal in this latest round of award of wins:

  • SC Media named RedSeal Chairman and CEO Ray Rothrock a winner in the Thought Leader category of the SC Reboot Leadership Awards. Rothrock was selected for his efforts to drive resilience as a cyber security strategy and further improve the level of security across both public and private enterprises. Celebrated as a team player – who is both a strategic thinker and a doer – Rothrock’s work to create solutions, establish standards, and initiate best practices has greatly contributed to the cybersecurity industry as a whole.
  • Cyber Defense Magazine’s Black Unicorn Award, whose judges included Robert Herjavec of Shark Tank and Dave DeWalt founder of NightDragon Security, selected RedSeal as a candidate with the potential to reach a $1 billion market value. Criteria to become a Black Unicorn includes a proven, dedicated and passionate leadership team, combined with an in-demand, innovative cyber security solution, and harmonious execution.
  • Security Today’s New Product of the Year Award chose RedSeal’s cyber risk modeling platform as the best Risk Management Software for its outstanding platform development achievements. The award recognized RedSeal as the only U.S. government certified platform that can create a network model across complex hybrid data centers –including cloud, SDN and on-premise environments.

“It has been a terrific year for RedSeal, marked by the equity investment from Symphony Technology Group (STG) in April to further accelerate our growth,” said Julie Parrish, COO and CMO at RedSeal. “We have received eleven awards this year – recognizing our platform, leadership team and endorsing our opportunity. I am delighted to see that in addition to our product awards, CEO and Chairman Ray Rothrock has been acknowledged for his thought-leadership efforts.”

CEOs Use of Smart Devices Increase Risk of Cyberattack

  • New research finds CEOs are disengaged from cybersecurity policies — 30% are unaware of the volume of attacks on their business and 54% don’t adhere to security teams’ ‘out of office’ security protocol
  • Smart technology puts sensitive information at risk, as CEOs become a major target for hackers and cybercriminals  

SAN JOSE, Calif. – RedSeal, the leader in network cyber risk modeling for hybrid environments, released the results of research that found the lack of CEO-specific security plans, their failure to comply with plans in place and the growing prevalence of unsecure smart devices mean CEOs and other senior executives are regularly at risk of being targeted by cybercriminal networks.

The RedSeal research*, which polled senior IT teams up to CIO level, unearthed a number of gaps in cybersecurity protocols and awareness in the C-Suite. Although the research demonstrated that many senior IT professionals have tried to implement CEO-specific cybersecurity plans, more than half (54%) believe their CEO exposes their organization to potential compromise by not following procedure. Over a third (38%) also weren’t fully aware of the technology their CEO used in their own homes.

The proliferation of smart devices is a danger to business

With data showing one in five smart devices** have been breached or compromised, along with senior executives who don’t follow cybersecurity measures outside the office, there’s significant risk, or opportunity.

“C-suite executives are ideal targets. They have broad access to their organizations’ network resources yet frequently see themselves as exempt from the inconvenient rules applied to others,” said Dr. Mike Lloyd, CTO of RedSeal. “Combine this with the security lapses prevalent while traveling and in the home, and you have a great opportunity to exploit for commercial or national advantage.”

The risk of cyberattacks is high and business leaders know it. According to the recent Cyber Risk Index (CRI) survey by the Ponemon Institute, “80 percent of IT business leaders anticipate a critical breach or successful cyberattack over the coming year.” It also highlighted a critical gap between data risk and the protection measures businesses have in place noting, “…the ability to securely implement disruptive technologies like mobile, cloud, and IoT devices was a great concern.”

There is global confusion as to how many cyberattacks businesses have experienced in the last 12 months. For example, the UK Government’s recent Cyber Breaches report cited that only 38% of UK businesses have recorded an attack, whereas RedSeal’s research reports 81% of senior IT professionals in the UK admit to their company having suffered a breach.

75% of those IT pros surveyed also stated that their CEO must pay more attention to cybersecurity, with almost the same amount (74%) saying that their customers’ information has been put at risk because of a cyberattack or breach on their organization.

The research also revealed that 42% of companies don’t have a cyber-response plan in place to inform customers of a security breach, and that over a quarter (26%) will only report the major breaches to their CEO.

Lloyd concluded, “Despite its many benefits, the Internet is a dangerous place where new security threats can evolve and rapidly mutate. The concept of a perfect defense is illusory; in a complex and interdependent world, some attacks are bound to succeed. Organizations must look to a strategy of resilience. They’ll survive only by planning in advance for how the inevitable successful attacks will be handled.”

*An online survey was conducted by Atomik Research on behalf of RedSeal among 502 IT professionals from the UK. The research fieldwork took place from June 19 – 27, 2019. Atomik Research is an independent creative market research agency that employs MRS-certified researchers and abides to MRS code. To read a summary, please click here.

** Atomik Research conducted an online survey on behalf of RedSeal among 2,004 UK consumers aged 18+ between June 19 – 25, 2019. To read a summary, please click here.

CEOs’ Lack of Cyber Awareness Is Exposing UK Business To Major Risk

London, UK – Tuesday 16th July 2019 – The lack of CEO-specific security plans, failure to comply with plans in place and the growing number of unsecure smart devices in the home and places of travel (such as hotels) means that CEOs and other senior executives are regularly at risk of being targeted by cybercriminal networks, a new piece of research has revealed today.

The latest survey*, conducted by RedSeal amongst senior IT teams up to CIO level within UK businesses, unearthed a number of gaps in cybersecurity protocols and awareness amongst a CEO audience. Although the research demonstrated that many senior IT professionals have aimed to put CEO-specific cybersecurity plans in place, over half (54%) don’t believe that their CEO follows procedure and are exposing their organisation to potential compromise. Over a third (38%) also weren’t fully aware of the technology their CEO used in their own homes.

  • New research reveals that CEOs are disengaged from cybersecurity challenges and are unaware of many of the attacks on their business
  • Many CEOs still aren’t adhering to ‘out of office’ security measures put in place by their security teams
  • Smart technology is putting sensitive company information at risk, as CEOs become a major target for hackers and cybercriminals

The proliferation of smart devices is a danger to UK business

With the ever-changing digital working habits and behaviours of CEOs made possible by innovative mobile and smart technology the research found that cybersecurity measures aren’t being followed outside the traditional workplace — an enormous potential security oversight given 1 in 5 smart devices in the home** have been breached or compromised.

“Smart devices are important because they are new, unproven, and not built with security as a primary goal” said Dr. Mike Lloyd, CTO of RedSeal. “Smart devices compete on convenience and price. Security is usually an after-thought, if it’s addressed at all. Some popular smart devices, like smart speakers, compromise privacy even when working as intended — which is scary when you think about the opportunity this presents to people who want to spy on CEOs for commercial or national advantage. CEOs have wide access to their organisation’s network resources, the authority to look into most areas, and frequently see themselves as exempt from the inconvenient rules applied to others. This makes them ideal targets.”

UK business is also under attack but are we trying to hide it?

There is industry-wide confusion as to how many attacks there have been on UK business in the last 12 months. The UK Government’s recent Cyber Breaches report cited that only 38% of UK businesses have recorded an attack, whereas this most recent research from RedSeal is showing that, in fact, 81% of senior IT professionals admit to their company having suffered a breach.

75% of those IT pros surveyed also stated that their CEO must pay more attention to cybersecurity, with almost the same amount (74%) saying that their customers’ information has been put at risk because of a cyberattack or breach on their organisation.

The research also revealed that 42% of UK companies don’t have a cyber-response plan in place to inform customers of a security breach and that over a quarter (26%) will only report the major breaches to their CEO.

Lloyd concluded, “Despite its many benefits, the Internet is a dangerous place where new security threats can evolve and rapidly mutate. Perfect defence is illusory; in a complex and interdependent world, some attacks are bound to succeed.  Organisations must look to a strategy of resilience. They’ll survive only by planning in advance for how the inevitable successful attacks will be handled.”

ENDS

*An online survey was conducted by Atomik Research on behalf of RedSeal among 502 IT professionals from the UK. The research fieldwork took place on 19th-27th June, 2019. Atomik Research is an independent creative market research agency that employs MRS-certified researchers and abides to MRS code. To read a summary, please click here.

**A second online survey was conducted by Atomik Research among 2,004 UK consumers aged 18+. The research fieldwork took place on 19th-25th June, 2019. Atomik Research is an independent creative market research agency that employs MRS-certified researchers and abides to MRS code. To read a summary, please click here.

RedSeal Launches New Suite of Professional Services to Accelerate Hybrid Network Modeling and Enhance Risk Management

Cybersecurity services increase productivity for resource-constrained security teams

SAN JOSE, Calif. — RedSeal, the leader in network cyber risk modeling for hybrid environments, today introduced a new portfolio of professional services to help customers reduce cyber risk and improve the productivity of their security teams. Organizations in both public and private sectors use the RedSeal platform – which acts as a force multiplier for every security device within a network – to gain critical cyber and business insights. These services expedite deployment, accelerate time-to-value and expand the impact of RedSeal’s platform while offloading burdensome tasks from already overloaded teams.

“Every organization faces either a chronic shortage of skilled cybersecurity personnel or is challenged by managing dozens of security products, or both. This makes it difficult to effectively use the products they have, which ultimately impacts their security posture,” said Ray Rothrock, chairman and CEO of RedSeal. “To address this, our tiered set of services helps customers with everything from speeding the implementation of our platform, to transforming their approach to risk management through managed services.”

The RedSeal platform automates critical cyber risk management functions so organizations can be confident in their approach to managing risk, even within a resource-constrained environment. RedSeal’s services guide customers through the process of leveraging the deep insights contained within the platform, beginning with network discovery and understanding.

“Once you know what you have and can see how everything is connected – across complex cloud and physical environments – then you can use those insights to prioritize and fix areas of risk,” continued Rothrock.

Recognizing that risk management is a continuous process, RedSeal created a professional services portfolio with three main service offerings: Build Project, Run Subscriptions and Managed Subscriptions.

RedSeal Build Project:  This offering accelerates implementation of the RedSeal platform and establishes a baseline network model and associated metrics. Specific deliverables include network device configuration assessment, network access assessment, vulnerability risk prioritization, a built and validated network model, security segmentation and a briefing for the in-house team.

RedSeal Run Subscriptions:  Nearly all RedSeal customers find additional uses for their RedSeal platform as their networks continue to evolve. To help extend the value and further operationalize the platform, RedSeal offers three levels of Run Subscription Services. With each service level, a RedSeal security engineer will work with the organization’s cybersecurity team to deliver assessments and prioritized risk mitigation recommendations.

  • Run Operate Level: The RedSeal security engineer will focus on secure configuration assessments, network model assessments and network access assessments, and transfer that knowledge to the in-house team.
  • Run Accelerate Level: This includes all activities in the Operate level, plus the security engineer addresses security segmentation and compliance monitoring, vulnerability risk prioritization and security change reviews.
  • Run Transform Level: In addition to the Operate and Accelerate activities, the RedSeal security engineer will perform incident investigation, security posture monitoring and strategic security program management.

Managed Subscription Services: For organizations that require additional support, RedSeal’s Managed Subscription Services expand on the selected Run subscription level. In addition to the outcomes customers can expect with Operate, Accelerate or Transform, a RedSeal platform administrator will optimize, upgrade and maintain the platform for the customer.

To meet a customer’s specific needs, RedSeal will also offer customized services, such as integrating the RedSeal platform with existing business process systems or implementing a specific set of best practices.

RedSeal Honored with Eight Awards Across Financial, Government and Cyber Sectors

Accolades include five consecutive years as one of JMP Securities’ “hottest privately-held cybersecurity companies”

SAN JOSE, Calif. — April 24, 2019 — RedSeal today announced that it has won eight awards over the past six months. Its cyber risk modeling and scoring platform is trusted by more than 220 Global 2000 corporations and mission-critical government agencies, including all branches of the U.S. military, as well as power grid companies and the world’s leading financial institutions.

The RedSeal platform provides users with a deep understanding of their complete enterprise data centers, including public cloud, private cloud and physical network environments. This in turn improves an enterprise’s resilience to cyber events.

The following organizations honored RedSeal’s business strategy and the technical excellence of its platform – across the government, cybersecurity and financial sectors.

  • The “2019 Elite 80,” marks RedSeal’s fifth consecutive year on JMP Securities’ “hottest companies” list, which recognizes the most interesting and strategically positioned private companies that have the capability to dominate their respective markets within the cybersecurity, data management and IT infrastructure industries.
  • The Govies: 2019 Government Security Awards honored RedSeal with the gold designation in Network Security, for its excellence in features, innovation, market opportunity, and impact in the security industry.
  • For the third consecutive year, Government Security News’ Homeland Security Awards honored RedSeal’s platform.
    • Platinum for “Best Cyber Operational Risk Intelligence”
    • Platinum for “Best Compliance/Vulnerability Assessment”
  • 2019 InfoSec Awards, hosted by Cyber Defense Magazine, selected RedSeal as the one of the best Infosec solutions in two separate categories:
    • Network Security and Management, for the second year in a row
    • Compliance, a new category in 2019
  • For the second year in a row, RedSeal received TMC’s 2018 Cloud Computing Security Excellence Award for providing exceptional security for cloud applications.
  • American Security Today’s 2018 ASTORS Award, which is considered  one of the preeminent U.S. homeland security awards programs, recognized RedSeal as the “Best Network Security Solution,” for its cutting-edge and forward-thinking approach. This builds on the company’s two ASTOR wins in 2017.

“Our cyber risk modeling platform plays a critical role in helping organizations validate their security posture and accelerate investigation, as well as improve the productivity of their network and security teams,” said Ray Rothrock, chairman and CEO at RedSeal. “Maintaining digital resilience is critical for every organization, regardless of its size. These awards are a direct reflection of our team’s dedication and ingenuity.”

RedSeal Announces Equity Investment from STG Partners

STG expands into cybersecurity space with majority stake in RedSeal, the leader in cyber risk modeling for hybrid environments

SAN JOSE, Calif. – April 10, 2019 – RedSeal, the leader in cyber risk modeling for hybrid environments announced today a growth equity investment from Symphony Technology Group (STG). Funding from the investment will support and accelerate RedSeal’s strong growth and market momentum.

More than 220 Global 2000 corporations and mission-critical government agencies, including all branches of the U.S. military, as well as power grid companies and the world’s most trusted financial institutions, depend on RedSeal. Its award-winning cyber risk modeling platform helps validate an organization’s security posture, accelerate investigation and improve productivity of network and security teams.

STG selected RedSeal because of the company’s innovative approach, proven track record, experienced leadership team, and passionate customer and employee base. Globally, organizations’ cyber terrain is increasingly complex, and they need end-to-end visibility across their network infrastructures to be resilient. Only RedSeal models the entire hybrid data center – including public cloud, private cloud, and physical networks. Its powerful analytics help security teams better prepare for and contain cyber risks within minutes and not days.

“The RedSeal platform is a truly differentiated offering and a must-have for all enterprises, public or private,” said STG Managing Director J.T. Treadwell. “The scale and depth of RedSeal’s modeling and analytic capabilities are unique in the market, and they create meaningful insights to inform and empower today’s overmatched security teams. The force multiplying that customers experience with RedSeal is the definition of using insights and understanding to optimize effort for impact, a vision that STG has pursued in many of our most successful investments. Given this shared mission of using real-time insights at scale to drive impact, RedSeal was a strategic choice for our firm’s first investment into cybersecurity, and we are thrilled to partner with Ray Rothrock and the leadership team to help them accelerate their growth.”

“We have found a growth partner in STG,” said Ray Rothrock, chairman and CEO of RedSeal. “They are aligned with our digital resilience strategy, and the enormous value that understanding your cyber terrain has on driving down your cybersecurity risks and exposure. STG’s collaboration and investment will help us further strengthen our position in the industry, expand and pursue growth opportunities, and drive increasing value to our customers.”

Atlas Technology Group acted as financial advisor and Paul Hastings acted as legal advisor to STG. Wilson, Sonsini Goodrich and Rosati (WSGR) acted as legal advisor to RedSeal.

About RedSeal

RedSeal’s cyber risk modeling platform for hybrid environments is the foundation for enabling enterprises to be resilient to cyber events across public cloud, private cloud and physical network environments. RedSeal helps customers understand their network from the inside out – providing actionable intelligence, situational awareness and a Digital Resilience Score to help enterprises measure and improve their resilience. Government agencies and Global 2000 companies around the world rely on RedSeal to help them validate their overall security posture, accelerate investigation and improve the productivity of their security and network teams. RedSeal is headquartered in San Jose, California. Follow RedSeal on Twitter and LinkedIn.

About STG
STG is the private equity partner for market-leading data, software and analytics companies. The firm brings expertise, flexibility, and resources to build strategic value and unlock the potential of innovative companies. Partnering to build customer-centric, market-winning portfolio companies, STG creates sustainable foundations for growth that bring value to all existing and future stakeholders. The firm is dedicated to transforming and building outstanding technology companies in partnership with world-class management teams. STG’s expansive portfolio has consisted of more than 30 global companies. For more information, please visit www.stgpartners.com.