Mimic: The ransomware exploiting Windows search
Discover an emerging ransomware family that’s using a legitimate Windows search tool to locate victims’ files before encrypting them.
Read MoreThere are numerous certifications that cybersecurity professionals can acquire if they want to validate their expertise and build trust with customers. But in spite of the availability of certifications, many professionals operate based on their experience in the field, rather than on training and qualifications. And while many governments do regulate cybersecurity businesses and their eligibility to operate, they don’t regulate individual service providers in the same way.
Until recently, that is.
Countries including Ghana, Malaysia, and Singapore are changing this – by introducing mandatory certification and licences, without which cybersecurity professionals are not legally allowed to bill clients.
In Ghana, to obtain a cybersecurity licence, providers have to meet several requirements as detailed by the nation’s Cybersecurity Authority:
Along with administrative requirements including business registration, tax registration, and insurance; and other requirements dependent on the type of business/professional and the services offered.
Malaysia’s new Cybersecurity Bill (tabled for first reading in Malaysian Parliament in March 2024, and passed in April 2024) mandates that any person who provides or advertises cybersecurity services must obtain a licence.
And in Singapore, all cybersecurity providers must now meet certain standards in order to operate legally under Section 5 of the Cybersecurity Act. The licence has two tiers of cost: S$500 for individuals and S$1000 for businesses. And individuals can be refused a licence based on a wide range of conditions, including previous convictions of fraud; judgements against them in civil proceedings relating to fraud or dishonesty; the diagnosis (current or in the past) of a mental disorder; and more.
Serene Kan (Partner in the IP & Technology Practice at Wong & Partners) told Dark Reading:
"We most certainly think that having a bare minimum standard will engender more confidence across the ecosystem as there will be assurance that — among others — penetration testing, security audits, and incident response services to be provided are on par with industry expectations and evolving technologies.”
But licence requirements for individual cybersecurity professionals haven’t been warmly welcomed by everyone in the sector; with concerns raised about a lack of protections for free speech, excessive control over digital services, and a lack of accountability for governments when it comes to the control they’re exercising.
For organisations hiring cybersecurity professionals, licensing could reduce the level of risk involved in appointing someone who isn’t capable of managing the threats that organisation faces. And this is becoming more important as the attack surface grows, and cyberattacks become increasingly frequent and costly. Another layer of assurance that the professional you’re hiring understands the work they’re promising to do may improve cyber resilience.
That being said, if a licence is granted based on certain certifications, there’s still no guarantee that a professional will have the capabilities to address the specific problems faced by a particular organisation. There is always nuance in cybersecurity – and the most effective professionals are adept at understanding the complexities of human psychology and communication, as well as technical skills.
We want your perspective. Is licensing a positive step for the cybersecurity space, and should more countries embrace this approach – or will it restrict the flow of talented cybersecurity professionals into the organisations that need them? Let us know your thoughts and leave a comment below.
Join us at Black Hat MEA 2024 to immerse yourself in the global cybersecurity community. Pre-Register now.
Join the newsletter to receive the latest updates in your inbox.
Discover an emerging ransomware family that’s using a legitimate Windows search tool to locate victims’ files before encrypting them.
Read MoreWhat are non-human identities (NHIs) and why are they driving a paradigm shift in identity security?
Read MoreNew research shows that a growing number of organisations view cybersecurity as a strategic priority.
Read More