Career Advice Job Market Trend Report

Taking on cyber criminals

As businesses embrace fast-changing online capabilities, the need to protect essential data on websites, networks and company systems is a priority. Firms making forays into hi-tech environments face problems with customer data privacy, Wi-fi encryption, phishing (fraudulent data acquisition) and the vulnerabilities of social networking sites.

This has driven the demand for professionals who know about a wide range of security tools.

Kam Poon, vice-president (business market) at Wharf T&T, an information and communication technology firm, and fixed-line service provider, says the lack of security awareness has permeated companies at different levels, creating a hazardous environment.

"Apart from external security threats, organisations need to be aware of the importance of internal security," he says. "Staff members are a weak link when it comes to IT security. Whether deliberately or not, they can somehow disclose confidential information through client devices or cause damage to computer systems."

Another security risk is data leakage from outbound e-mail. Poon asserts that rapid change has created a knowledge gap in the world of social media. Online tools, such as Facebook, are irresistible marketing platforms, but businesses need to be cautious about the risk of applications that extract information.

"The network threat landscape has changed dramatically over the last few years," Poon says. Increasingly, cyber criminals use blended attack strategies to bypass organisations' defences and harm systems or steal sensitive data.

He says organisations should be able to find a way to balance security measures with business needs and deploy IT security measures from various sources, while utilising social media sites. To tighten IT security, Wharf T&T has IT security service products for companies.

They are recruiting professionals with an understanding of internet security solutions, such as firewalls, cloud-based and desktop security, content control and filtering, and online data back-up.

The company has launched a series of cloud-based security services along with a Fibre-to-the-Desk business broadband service that it claims is automated enough to reduce overheads. While searching for technical experts who are versed in hi-tech products, the greatest challenge, according to Poon, is finding experienced sales personnel and product development planning professionals with updated knowledge. The company offers training on product and sales techniques, and encourages staff to keep abreast of market changes and product development.

David Li, director of human resources and customer services at telecom and data service provider New World Telecommunications (NWT), says the banking and finance sector is paying the greatest attention to IT security.

He stresses the need for data loss prevention and end-to-end security solutions, foreseeing a greater need for portable storage, protection and encryption in mediums such as mobile phones, USBs and memory sticks.

The company believes the industry will soon be more focused on wireless applications and devices, or Wi-fi public networks, as these areas have vulnerable security.

"Intrusion attacks are more common nowadays; people can easily download freeware-attacking tools from the internet," Li says. "As a managed Wi-fi service provider for public exhibitions and conferences, we have found hundreds of denial-of-service and hacking attacks from exhibition visitors."

NWT is looking for professionals with certified security expertise and hands-on experience in infrastructure and software development security.

It requires a sound understanding of network equipment and PC Linux and Unix servers, and Windows and Linux operation systems.

The company has sponsored frontline support staff to gain security training and certification. Staff are trained to become certified information systems security professionals, certified information systems auditors, and certified information security managers.

"Telecom operators will need to provide managed security services along with existing infrastructure services," Li says.