The cyber threat to enterprises is escalating. How much your company will pay for a cybersecurity specialist?

The number of hacker attacks during the COVID-19 pandemic and after the outbreak of war in Ukraine had increased significantly. The victims are not only state institutions, but also businesses, i.e. their HR departments.

The number of hacker attacks during the COVID-19 pandemic and after the outbreak of war in Ukraine had increased significantly. The victims are not only state institutions, but also businesses, i.e. their HR departments. This is one of the reasons why cybersecurity nowadays constitutes a guarantee of company’s stability. Underestimating this issue may lead to serious consequences. How to build functional cybersecurity systems? How to hire specialists? Where should you look for them? Is it necessary to create an individual cybersecurity department? Could outsourcing of the IT specialists be of any help also in such case?

According to the research by Coro, the number of cyberattacks aimed at businesses increased by as much as 14 in the last 3 years. In 2019, companies with up to 1,000 employees were exposed to an average of 6,300 attacks per year. It was recently estimated that businesses employing up to 1,000 people could expect as many as 86,000 attack attempts this year. That means that each day, a single company could be exposed to 235 attempts to compromise its IT infrastructure. The sectors that have seen the largest increase in attacks since 2020 until the end of 2021 are transportation (195% increase), healthcare (178%), retail (149%), manufacturing (131%), professional services (119%), and education (97%). Nevertheless, anyone can be the victim of an attack, not only the most significant players in the market.

Small and medium-sized businesses at risk

– During the COVID-19 pandemic, there was a lot of activity carried out by cybercriminals. One of the types of such attacks, for example, were „watering hole” attacks, during which the criminals created sites containing data such as the number of coronavirus infections. Then, they planted malware, which infected the computers of users visiting the page. Another common way of attacking, which was particularly harmful for small and medium-sized enterprises in Poland, were phishing attacks. In that case, e-mails were used to fake, for instance, application forms for the Anti-Crisis Shield– explains Piotr Borkowski, CEO at CYBER@RMS and head of the Red Team in one of the global banks.

Smaller companies are in a particularly difficult position. According to Coro, only in the last two years, the number of attacks on businesses with up to 1000 employees increased by 150%, and many indicate that this is just the beginning of the problems. According to Avanan, after February 27 this year, there was an 8-fold increase during just 24 hours in the number of e-mail attacks originating from Russia. The targets were manufacturing companies, as well as international shipping and transportation businesses in the US and Europe. Due to the war in Ukraine, business should focus on cyber security issues.

– From a geopolitical perspective, a dynamic increase in the number of economic sanctions can be observed. Cooperation agreements are being broken, therefore, the level of competition (especially unfair competition) is increasing. The importance of data on companies in specific market segments has also grown tremendously. During the war in Ukraine, the attacks have intensified substantially. The overall level of cyber threats is escalating. At this point, the so-called „targeted” attacks no longer affect only critical infrastructure or state bodies, but also many companies. It is important to keep an eye on what is going on, as reactions in the „real” world often have a significant impact on the „virtual” world. For example, in connection with the widely discussed potential crisis related to food supply, companies from this industry may be of particular interest to the hackers – explains Piotr Borkowski.

HR departments – a popular target of attacks

According to the European Cyber Security Agency ENISA Thrate Landscape report, the most important cyber threats identified between April 2020 and July 2021 include, i.a. ransomware – malware attacks on networks and blocking data, followed by ransom demands; malware; risk connected to using email; data breaches or data leaks; blocking access to services by artificially generating increased traffic; disinformation – fake news; as well as attacks on supply chains.

HR departments very often become the target of hacker attacks, as they communicate with the outside world, making it easier for criminals to „infiltrate” the entire company’s infrastructure via this route. – HR employees send and receive emails, often with various attachments (which is normal). They communicate via LinkedIn, etc. Therefore, they are often targeted by cybercriminals as a potential convenient attack vector. In addition, the HR department can also be a „tool” of attack when criminals impersonate recruitment cells and create fake profiles of recruitment companies – explains Piotr Borkowski.

That is why it is important to have security monitoring, threat analysis, and systems security tested by the best experts in the field. Where to look for employees? The IT job market is still experiencing a shortage of qualified programmers, and companies that are looking for employees in this industry are not facing an easy task. How to deal with the recruitment of IT employees in the field of cybersecurity?

– In large companies, having their own IT department, it is possible to retrain, or supplement the skills of the already employed programmers. Another option is to hire a person specializing in IT cyber security to be responsible for this area in the company. There is also a third option – to hire an IT specialist on the basis of outsourcing, which allows the company to provide the right level of IT services, but only for the time necessary, without the additional costs of paying for a full-time position – says Paweł Olejniczak, VP Sales at RITS Professional Services.

Outsourcing of IT specialists

As stated by Michał Fila, Community Manager at Just Join IT – the website with job offers from the best companies in the IT industry – there are as many as 17,500 positions for cybersecurity specialists. Recently, the service has observed a more than 50 percent increase in published advertisements and a several hundred percent increase in submitted applications in this segment of the IT market.

Looking for cybersecurity specialist on your own can be really challenging. The more so because, in the face of strong competition in the labor market, salaries are high, and candidates have many offers to choose from – both in the context of the employer itself, working conditions, as well as in terms of the form of employment.

According to the Just Join IT data for the first quarter of 2022, the average monthly salary for cybersecurity specialists working on a basis of a contract of employment is PLN 7,975 for a Junior, PLN 14,230 for a Mid and PLN 22,135 for a Senior. When it comes to B2B contract, the figures are as follows: PLN 14,525 net for a Junior, PLN 19,336 for a mid and PLN 24,734 for a Senior.

On the industry websites with IT job offers, companies offer two solutions: a contract of employment and a civil contract, the so-called B2B contract.

– Employment contract is clearly associated with the entry of the employee into the organization. The person becomes a staff member, which is subject to the professional hierarchy. In the case of employment contract, liability can be enforced under the labor code. On the other hand, a B2B contract or other civil law contract means that in terms of billing we are dealing with a subcontractor who issues an invoice. However, from a legal perspective, it is an equivalent entity, a contractor who is bound by the provisions of the contract – explains Małgorzata Kurowska, partner at Maruta Wachta Law Firm.

Małgorzata Kurowska emphasizes that the level of independence of the cybersecurity specialist and the appropriate employment model for the organization should also be determined. – In the case of a B2B contract, it needs to be structured accordingly – the lawyer advises.

The third option – outsourcing of specialists, which means renting the IT professionals from an outside company.

– We observe a growing interest in cybersecurity specialists. The companies come for our help, as they realize that hiring such experts on a full time position is not necessary – smaller scope of cooperation is enough. Outsourcing them is also more effective when it comes to the costs. There are many tools that can be used to monitor the company’s security online and, therefore, the cybersecurity specialists are certainly needed on the stage of project implementation. When the system is finally implemented and parameterized – the company’s support is more effective in the Managed Services model, with defined KPIs in the area of security level and SLA for availability and response time – adds Paweł Olejniczak.

  Warsaw, July 4, 2022 RITS PRESS OFFICE

More news

Poland’s ICT sector: Insights from the latest Computerworld TOP200 report

Meet RITS Sailing Team: two starts, two podium finishes in the Tricity Sailing League

Want your business to be as agile as an athlete? Discover how integrating digital systems can unlock your agility potential

RITS Professional Services new address

New headquarters address for two RITS Group companies

Arkadiusz Seredyn, RITS Professional Services

Arkadiusz Seredyn joins RITS Professional Services Board and will lead the emerging capital group

RITS received The Diversity Equity Inclusion Workplace™ certificate

Diversity, Equity, Inclusion: key to innovation at RITS, certified with DEI Workplace™

Let’s meet at The Perspektywy Women in Tech Summit: RITS joins this technological celebration again

The spring power of regeneration: planting our first RITS Forest

Interview: How did RITS create effective operating models in the technology market?

RITS’ Women Power: discover the perspectives of OUR eight extraordinary women

Latest trends in web application development: overview for 2024

Why are Managed Services a strategic imperative for business performance and innovation?

RITS Professional Services listed on the prestigious The Global Outsourcing 100®

Interview: I can’t imagine working outside of a software house anymore

RITS Professional Services among Forbes Diamonds 2024

Why the manufacturing industry need a strong data analysis and processing team?

EU AI Act: what we need to know

What makes cloud computing crucial for the fintech sector?

Watch out for scammers!

What is the migration of IT systems to the cloud, and what are the benefits for business?

New brand RITS US Corp.

Top 10 technology trends for next years by Gartner

RITS Professional Services Preferred Digital Services Provider for BSH in Poland

Strong Woman in IT is in the RITS Team!

See you in Krakow, Warsaw and Las Vegas

We talk about outsourcing of IT professionals in the USA market

Where does the Polish ICT industry stand?

Reach for knowledge from our experts – watch the webinar

Let’s meet in London and Warsaw

RITS has joined ABSL

RITS in the Polish IT Community Report

RITS with a branch in Denmark

RITS co-organizes the Women in Tech Summit Community meetup

RITS on tour

IT outsourcing in the time of the coming recession

New RITS office in Wrocław

The cyber threat to enterprises is escalating. How much your company will pay for a cybersecurity specialist?

RITS in Clutch100

IT Specialists from Ukraine – in what ways the war changed the labor market?

„Outsourcing of IT employees”

Change of the name and legal form of Relyon IT Services

Regatta for the RITS Cup

Windows to Liberia

Awaiting corrections

What’s the secret of cooperation with IT Specialists at RITS

Polish Programmers worth their weight in gold

Staff Augmentation, Managed Services, Team Leasing

A special award granted to the RITS team from a Swiss bank

New threats and new technologies

Scroll to Top