Warning: What You Need To Know About The Security Workforce Crisis
Is the shortage of trained security people the greatest vulnerability?
By Candace Worley, vice president of enterprise solutions, Intel Security
Organizations of all types and sizes are facing constantly increasing cybersecurity threats, from phishing to ransomware. Security operations are working overtime to defend their data and mitigate the increasing risks of our connected world. Is the lack of trained security personnel the biggest vulnerability?
More than 80 percent of professionals describe a shortage of security skills in their company and in their country, especially in advanced areas such as intrusion detection and attack mitigation. Insufficient security staff and skills have led directly to the loss of data from cyberattacks for 25 percent of these organizations, according to a recent research study by Intel Security and the Center for Strategic and International Studies.
Root Causes, Long-Term Solutions
The root causes of this global scarcity are mostly on the supply side. The majority of people in the study identified insufficient government spending and deficient cybersecurity education as the core problem. Many nations, including the U.S., are responding with prioritized investments aimed at addressing the problem. Educational reforms have begun to update the curriculum and modify instructional methods to better meet the needs of employers. Security vendors are enhancing their products and services to automate workflows and reduce the amount of human intervention required. Almost 90 percent of organizations believe cybersecurity technology will help compensate for skill shortages, and over half think these enhancements will be sufficient to cover the majority of their security needs in five years. However, what can be done to help organizations now?
Augment Internal Staff With Managed Security Services Providers
As a result of the skills shortage, many companies are augmenting their security operations with external resources. When asking organizations about their use of managed security services to reinforce or assist their internal resources, the primary areas of interest they mention are expanding coverage for security monitoring, improving advanced threat detection, and helping with investigations. Service providers and other companies in the cybersecurity ecosystem can add value for current and potential customers by creating services offerings that address these areas of interest and need.
Immediate Actions To Mitigate Security Risks
There are three primary actions companies can take, and service providers can help with, to augment security personnel and improve security posture: increase the use of automation, implement cross-training, and look for product integration and openness.
Increase The Use Of Automation
Many security vendors are committed to developing and enhancing tools to automate entire workflows. Provide your security vendors with input on what you would like to see automated and you may be surprised at what they can do. Although full automation will take a long time, there are automations they may be able to turn around quickly. There are also smaller projects that can deliver a quick gain in capacity and are directly within your organization’s control. One example is automating patch testing and deployment, to shorten the time to get patches applied to production workloads. Given the fact that a significant amount of malware leverages software vulnerabilities to penetrate corporate environments, automating the patch process can be a big win – you have fewer people on the task and you accelerate time to protection. There are a number of other repetitive daily duties that can be addressed this way including signature testing, security report generation, automated event response, and policy based security actions, to name a few. Automating these can be quickly leveraged to reduce the amount of time that IT staff spend on repetitive and resource-intensive tasks freeing them up to focus on critical security issues.
Implement Cross-Training
Retaining trained security staff is important all the time but when there is a security skills gap it rises to the top of the management queue. Aggressive recruiting is pretty common and only gets worse with a talent shortage, making it difficult to know who may leave the team next. Cross training, within your functional group and across adjacent groups, can mitigate risks that result from attrition. For example, teach desktop security experts how to do incident response, or security ops how to do desktop security. Not only does this provide immediate coverage if someone leaves the group, it also makes it easier to cover ebbs and flows in work demand. Extending this, consider rotating people through a variety of roles, even outside of their core area, to expand expertise within the organization. Organizationally this is a win/win – you get a more agile workforce and your employees increase their knowledge and skill set. Service providers can help here by providing training, job shadowing opportunities, and even brief internships to extend their customers’ knowledge levels and team agility.
Seek Out Integrated, Open Solutions
Finally, look for security solutions that are integrated and open. Part of the challenge in security is working with multiple products, multiple consoles, different training, and incompatible skill sets, all of which rob the organization of capacity. If there are solutions that meet project requirements but are integrated and part of an open platform, whether from the same company or from partners who work together, they should have priority. For example, common communications buses are being leveraged by multiple security vendors to share threat intelligence, status, and responses across vendor boundaries. This reduces the amount of time staff has to spend learning, managing, and updating tools. Embracing integration and platform openness will allow security vendors and customers alike to increase capacity while they simultaneously increase their success rate against a wide range of adversaries.
There is no doubt that the scarcity of security personnel and shortage of key skills is directly impacting companies, making them targets for hackers and increasing their risk of reputational damage and data loss. While finding a long-term solution to this challenge will take time, there are immediate actions which companies, and their security partners, can take to alleviate short-term effects and put themselves on a better security footing. Although the short term may be challenging as we balance the shortage in cyber talent with corporate demand for increased security team capacity, these challenges have raised awareness of an issue the industry has been “admiring” for quite some time. The current situation is driving action and collaboration across security vendors, educational organizations, and governments to create a sustainable security talent pipeline. Staying focused on this goal will allow the entire security ecosystem to exit the current cyber talent crisis stronger and better able to secure our digital world.