The only way enterprises can close the cybersecurity skills gap is to deploy technologies that enable security staff to effectively do more with less.
Every organization today is locked in a constant cybersecurity battle. It’s not just a battle to keep attackers out and protect corporate data, it’s also a fight to attract and retain employees with the skills required to successfully defend the enterprise. Without the right people on board who have the training to help the company proactively stay ahead of threats, the effort to keep data and systems secure is lost before it even begins.
Consider recent research from specialty technology recruitment firm Stott and May in their publication, The Stott and May Cyber Security in Focus Survey. This survey sheds considerable light on how challenging it is today for enterprises to find and keep the security talent they need. According to the survey, 76% of respondents said that they believed there is a shortage of cybersecurity skills in job candidates, and 72% said they find it challenging to find such skills in potential employees.
Survey respondents said that this lack of skills represents the most significant inhibitor to effectively execute their cybersecurity strategy.
How do organizations better meet the challenge of this cybersecurity skills gap? While there is plenty of sound advice out there suggesting that enterprises should expand their pool of potential hires to be more diverse, to train from within, and provide competitive compensation, there is still an area that’s often overlooked entirely: leveraging the right security technologies that enable existing security staff to become as efficient as possible.
In fact, finding and using the right technological toolset to help security staff extend their capabilities is essential today. That’s because closing, or at least shrinking, the cybersecurity skills gap is imperative, as the number of enterprise endpoints that must be secured will only continue to grow in years and decades to come.
Consider the number of Internet-enabled devices today: not just the standard office equipment of printers, desktop computers and scanners, but also VoIP phones, building automation, software robotic process automations, commercial vehicle fleets – all this in addition to staff ‘BYOD’ devices. This eruption of enterprise-connected endpoints not only dramatically proliferates the number of attack points within an enterprise but also increases company security complexity considerably.
Consider this: According to a new report from the market research firm Frost and Sullivan, endpoints are the entry point for attackers in 97% of breaches. Because all these new and emerging endpoints are networked, in one way or another, to enterprise assets, cybersecurity staff are going to be pressed as they work to secure all these new ingress and egress points, in addition to monitoring existing networks, applications, email, and cloud services. The only way cybersecurity staff can succeed, in the face of the current (and likely ongoing) cybersecurity skills shortage, is to deploy technologies that enable them to effectively do more with less.
That doesn’t mean buying and deploying additional security products and then hoping security staff can use them to magically become more productive. Oftentimes, the more security solutions an organization has, the more overburdened staff become, as they have to train on each new technology and then switch between them constantly. A far better tactic is for enterprises to leverage choice security technologies to help close their cybersecurity skills gaps.
What Makes an Effective Security Platform?
An effective security platform should enable staff to centrally manage the growing number of corporate endpoints while also reducing management and maintenance burdens. By selecting comprehensive platforms, the number of security consoles that teams must use will be consolidated; then, security analysts and managers can turn to one source for everything they need to flag threats, monitor corporate endpoints, and more swiftly defend their systems. By centralizing these security technologies, security event information can be efficiently acted upon by fewer staff, and small teams will be equipped with everything they need to effectively defend their networks.
In short, corporations should pick tools that will increase security team productivity. As an additional benefit, reducing the number of vendors of such platforms will reduce costs.
Another worthwhile strategy is to provide IT staff with cybersecurity products that utilize powerful new technologies like machine learning and artificial intelligence in order to extend their capabilities to effectively monitor and secure complex environments. Staff are, after all, only human, with limited attention spans and a set number of hours in their day to monitor the entire organization. They can’t be everywhere at once, but a company-wide deployment of a choice security tool can.
By shifting some of that burden over to security products powered by machine learning, small security teams can benefit from the insights gleaned by mature math models, which are trained over many years of development to tell ‘good’ files and file behaviors from ‘bad’ ones, and automatically shut the more nefarious ones down in real-time, pre-execution, before anything bad can escape onto the company network or infect even a single endpoint.
Finally, an organization should automate everything that can be automated effectively and in a cost-effective fashion. Areas where many organizations still rely on manual activities include incident response, endpoint response and forensics, identity management, and security configurations. The more security-related tasks that can be intelligently automated, the more time a security team has to focus on more strategic efforts.
When technology is used in a way that augments security staff – by using platforms that unify mobile and endpoint management, artificial intelligence, and automation – smaller security teams can truly manage to more effectively defend their systems using the resources they have on-hand. In the years ahead, as security threats grow and the cybersecurity skills gap continues to widen, using such technologies as leverage may be the only way to successfully keep up.