How to Beat The Cybersecurity Skills Gap
There were 3.5 million cybersecurity positions which remained unfilled early last year, continuing what has been a perennial problem for several years now. Since the cybersecurity skills gap is clearly not going away anytime soon, it’s important to find ways to meet the issue head on. In this post, we’ll look into an approach you can use even while the talent shortage rages on.
Why It’s Now Imperative To Address the Cybersecurity Skills Gap
As implied earlier, the cybersecurity skills gap has been around for quite some time. However, the need to address this issue has never been more critical than it is now. Here are 5 major reasons why.
1) Growing sophistication among cyber threats
In today’s cyber threat landscape, your adversaries are no longer just script kiddies, hacktivists and cybercrime gangs. Yes, these adversaries are still there. But in addition, you now also have to face nation state threat actors who have infinitely greater resources than your average cybercriminal. In the 2022 Microsoft Digital Defense Report, cyber attacks from nation state threat groups are said to have grown more sophisticated.
Complicating matters even more is the rise of Ransomware as a Service (RaaS), Zero-day attacks, and Artificial Intelligence/Machine Learning (AI/ML)-enabled cyber threats. RaaS lowers the barrier-to-entry into the cybercrime space; 0-days render several threat detection solutions useless; and AI/ML enables threat actors to infiltrate your network with greater precision and efficiency. You can’t expect an IT generalist to face these threats. To counter threats with these levels of sophistication, you need threat analysts, incident responders, threat hunters, forensic investigators—basically people with highly specialized skill sets.
2) Increasing Attack Surface
Increased adoption of not just cloud-based services, but also multi-cloud and hybrid cloud environments are extending your business’ attack surface. Today, your security responsibilities are no longer limited to your on-premises IT environment; you’d also need to deal with your cloud-based assets.
Not only that, you also have to take into account those users who need to access your assets (both on-prem and cloud-based) from outside your corporate firewall, some even from another continent. Indeed, the normalization of remote work and mobile device usage is widening your attack surface as well. You now have substantially more assets to secure, and some in geographically separate locations. Again, you need people, good cybersecurity people.
3) Security Staff Overload
Let’s say you’re fortunate enough to have assembled a small cybersecurity team a couple of years back and they’re still with you now. Remember that, in addition to their usual security operations responsibilities such as managing your security infrastructure and responding to security alerts, your team may have to handle compliance reporting requirements too. With the threat landscape’s growing sophistication and the increasing attack surface of your organization, your small team will soon be inundated with work.
What could happen if working conditions become unbearable? Well, last year, 50.5 million US workers quit their jobs, breaking the previous year’s record of 47.8 million along the way. People are calling this trend the Great Resignation. The moment stress levels reach their limits and an opportunity to move to a better work environment presents itself, some of your security staff will not hesitate to leave. Since a cybersecurity talent shortage is upon us, what will you do if that happens?
4) Cybercrime’s Immunity to Recession
We’re supposed to be approaching a global recession. And yet, while tech stocks are plunging and tech businesses are laying off employees by the thousands, cybercriminals seem to be unaffected by the economic downturn. In fact, global cyber attacks grew by 38% compared to 2021. If your adversary continues to attack, you must continue to defend. Otherwise, you have to be prepared to suffer the consequences, which can translate to millions of dollars. Let’s talk about that next.
5) Expensive Data Breach Costs
Last year, the average cost of a data breach amounted to USD 4.35 million. Depending on the country, this may include the cost of business disruption, customer churn, revenue loss, breach notification activities, digital forensic activities, crisis management, legal expenses, regulatory fines, and many others.
Some countries have more established legal and regulatory requirements and penalties with regards to data protection and cyber incidents. That’s why if you suffer a data breach in the US, for example, expect your costs to be much higher. The average cost in the US is $9.4M. I’m pretty sure you’d rather hire people who can mitigate that risk.
All these issues, i.e., growing sophistication among cyber threats, increasing attack surface, and so on, are affecting all data and IT-dependent businesses across the globe. These businesses of course know they can resolve these issues by hiring the right cybersecurity talent.
But who will you hire if no one is available? Sometimes, you just have to play the hand you’re dealt. Here’s one approach you might want to consider.
Beating the Cybersecurity Skills Gap Through Complexity Reduction
Remember that Great Resignation phenomenon I talked about earlier? You need to deal with that. Since the current cybersecurity talent shortage will make it difficult to replace a cybersecurity staffer who resigns, you need to keep your staff happy or at least minimize factors that might make them unhappy.
In a survey conducted at last year’s RSA Conference, 43% of respondents indicated that their number one challenge with regards to threat detection and remediation—two of the most critical roles in security operations—is the overabundance of security tools. Having too many tools, especially if they aren’t integrated properly, can cause confusion during threat detection and delay in threat remediation.
You need to make your cybersecurity team’s job easier. Since the overabundance of tools has been identified as a source of consternation, you need to do something about that. One way to address this issue is by consolidating multiple security tools and tasks into fewer solutions. Let me give you a simplified example.
Almost every organization that wants to implement some form of cybersecurity starts with a firewall. That makes perfect sense. When configured properly, a firewall can block a wide range of threats. It can keep undesirable traffic out and prevent malicious files and processes from communicating with a C2 server.
Of course, your firewall will only be as good as the rules you configure it with. For example, if you don’t know the IP addresses associated with malicious servers, there’s no way you’ll be able to configure your firewall to block outbound connections to those IPs.
So what do you do? Well, you can get a threat intelligence platform (TIP). A TIP will not only collect and aggregate malicious IP addresses, but also other indicators of compromise (IOCs) such as recent cyber attacks, emerging threats, exploitation techniques, 0-days, and so on.
A TIP usually only collects external TI data. To make sure you don’t end up blocking legitimate traffic, you have to correlate that data with other information found in your environment (e.g., log data from various devices and tools in your network). Companies usually deploy a security information and event management (SIEM) to do that.
Firewalls, TIPs, and SIEMs complement each other, but you need people who can manage these tools as well as make them work together. You need to monitor the alerts generated by your TIP and SIEM, analyze the data, extract actionable information, and then feed that into your firewall. Basically, you need a team of threat analysts.
This is just a simplified example. Some organizations also deploy other tools like SOAR, IDPS, XDR, and so on. In many instances, you really won’t need all these tools.
Many of the functions and tasks associated with the environment described above are already supported by Intrusion Shield. Instead of accumulating an assortment of disparate security tools and increasing complexity in your environment, you can eliminate some of these tools and use Intrusion Shield.
Of course, not all security environments are the same. If you want to know how Intrusion Shield can reduce complexity in your specific cybersecurity environment, contact us. We’ll be happy to look into your specific case and explain how you can best integrate Intrusion Shield into it.