Hiring IT and Cybersecurity Staff? Make Sure to Screen Before Employment

July 21, 2021 | Shannon Shoemaker

In today’s age, experiencing forms of cyber infiltration in a firm is almost a given. Information security experts know best that the greatest threat while securing core systems and data has changed. No longer is the battlefront at the network perimeter; today, the biggest risks come from within the enterprise, inside the network.

“There are only two types of companies: those that have been hacked, and those that will be” states Robert Mueller, Former-FBI Director.

The validity of this notion holds true as incidents of cyber-attacks continue to evidence itself across Asia-Pacific. In 2018, Singapore experienced its largest data breach in history caused by IT gaps, staff missteps and insider threats. The breach affected 1.5 million people that had visited popular health clinic branches in Singapore, including the Singaporean Prime Minister and several other officials. Personal information stolen included patient names, national registration identity card numbers, addresses, dates of birth, and medicine records. It took six days to detect and halt the ordeal as clinic staff (including cybersecurity personnel) were initially unaware that data had been stolen, reflecting the severe shortfalls in the ability to monitor and detect cyber threats. The Personal Data Protection Commission, a local regulatory body in Singapore, concluded that the healthcare companies were liable for failing to establish adequate IT security arrangements to protect their clients’ personal data and were fined 1 million SGD altogether due to the magnitude of the breach.

In view of the increasingly hefty fines imposed on firms that breach laws due to their poor security measures, the honeymoon period for noncompliance in Asia is clearly over.

Growing cases of cyber-attacks highlight the need for more firms to strengthen their recruitment measures when hiring cybersecurity and IT job candidates. Not only are IT experts tasked with safeguarding vital networks, devices, and sensitive data, but also have great responsibility and power at their disposal given the easy access to core systems in a company. As such, employers must ensure that the cybersecurity applicants they hire are qualified enough to perform their duties effectively, while being trustworthy enough to not abuse internal systems. If background checks are not already part of your recruitment process, your clients and employees may be exposed to an unnecessary degree of risk.

Disruption to the work landscape due to COVID-19 has additionally brought an unprecedented level of cybersecurity threats to the forefront. Given its ever-evolving nature, cyber-attacks have become increasingly pervasive and dangerous; rendering its effects as costlier and harder to combat in recent years. With high costs at stake and the consideration that maintaining data privacy is a legality across most jurisdictions and industries, employers must conduct robust screening on their candidates that will be responsible for handling important data in their firm(s) upon employment. Work from home initiatives and hybrid working environments have also increased the urgency for hiring more IT workers that can help manage and improve cyber protections against hacks or leaks whilst working remotely. However, the demand for such professionals far outstrips supply as the global cybersecurity workforce fell short by 3.12 million people last year; with Asia-Pacific dominating the global gap by an estimated 2.045 million people according to (ISC)²’s 2020 Cybersecurity Workforce Study. Shortages in the cybersecurity workforce may compel some hiring managers to overlook red flags in a resume and compromise in an effort to hire essential IT staff. Given the growing cases of cyberattacks, it is imperative that firms screen all of their candidates prior to commencing employment.

Findings from the 2021 Interpol ASEAN Cyberthreat Assessment have revealed that experiencing cyber-attack-related incidents (e.g., phishing scams, malware) often lead to detrimental financial loss due to disruption of daily business activities and hefty fines/penalties imposed on firms for contravening data privacy laws (regardless of whether contravention is committed knowingly or unknowingly). Background verification can help mitigate such risks early on by determining whether your job candidate’s past (e.g., criminal record) may compromise their ability to work in your firm, or potentially put your mission-critical IT and data at risk.

It also allows you to find the most suitable candidate for the role. Let’s say you have two candidates with almost identical credentials. Running background checks on both will help you identify whether one of the candidates has overinflated their resume, fabricated their work experience (allowing you to gauge if he/she is untrustworthy) or other adverse findings that can allow you to make informed hiring decisions. Conversely, failing to conduct checks and employing candidates based on unverified details may likely subject your organization to numerous vulnerabilities.

Irrespective of whether a cyber-attack is committed intentionally or unintentionally, loss of credibility, bad publicity and reputation damage are among the many dangers that arise from failing to undertake sufficient due diligence. As your employees are the best line of defense against such risks, having total confidence in every hire you make is crucial.

Looking to strengthen your recruitment measures and protect your firm from employee-related risks? Start conducting accurate, robust, and efficient background checks by working with Cisive today.

 

Subscribe to the Cisive Newsletter

Supported By WordPress.org Customer Service