Finding cybersecurity equilibrium in the midst of a skills shortage

When building or retaining your cybersecurity teams, if you haven’t yet felt the symptoms of the cyber “skills shortage” transpire, then it’s likely that given the vast media attention surrounding it, you’ve been made aware of this issue that many companies are facing.

As with many much-discussed subjects, the numerous opinions on the size and effect of the skills famine vary, but the general consensus is that the problem is getting worse. An analysis from the Australian Cyber Security Growth Network (released in November) states that Australia is already short some 2,300 workers and this number is expected to grow to a massive 17,600 workers by 2026.

IT as we know is advancing at a rapid rate with a growing use of technologies and applications, as well as the increasing exchange of digital information. In order to empower businesses to evolve and run more effectively, as well as to safeguard data, it is imperative that there are enough people with the relevant skill sets to do so.

It’s great to see that a lot of emphasis is currently being put into shrinking the shortage through efforts like spreading industry awareness, educating people and enabling new certification and training pathways. This brings me to the company that I’m proud to represent, Trend Micro. We have programs in place to upskill young people from outside the industry, with no prior knowledge or experience, in order to give them a chance that they may not have otherwise had and to ready them for careers in cybersecurity. While these initiatives have proven to be very successful, these approaches take time.

Now, time is not a luxury that organisations can afford with the contrasting increase in quantity, complexity and economic impact of cyberthreats. So what can the savvy organisations do to find equilibrium? Whilst there are many approaches, in this article, I’m going to focus on two areas that have been very successful for organisations whom I work with to secure – Automation and Managed Response.

Whether due to the skills shortage, insufficient funding or just the size of an organisation, typically, by the time cybersecurity teams have created and managed policies, educated users, installed controls and responded to changing business needs, there is little or no time left to categorise and respond to the plethora of alerts that those tools, processes and users are generating. In many of the high profile breaches, notifications or IOCs’ (Indicators of Compromise) for the breach were in fact present well before the breach was discovered! The prime example of this is started with the Target breach many years ago and continues to be demonstrated. The simple truth is that, for the most part, the security teams simply did not have the capacity to view, assess and respond to these alerts.

Utilising automation can drastically reduce this exposure.  Automation means that your security controls either natively provide automated detection and prevention to newly identified threats or security automation tools are used to achieve the same result.

Not only does this mitigate risk of serious breaches due to a skills shortage, but it also reduces management costs by automating repetitive and resource intensive security tasks, reducing false-positive security alerts, and enabling a workflow of security incident response.

Of course, automation is never the singular answer to everything – something that appears benign to automation can lead to a larger issue. For this blind spot, having 24×7 Managed Detection and Response can provide the analysis, investigation and the ‘human view’ on alerts that your organisation needs to be able to stop a threat before it becomes a breach or financially impacting outage.

I’m pleased to be presenting on this subject at each of the Data#3 JuiceIT events and look forward to providing more actionable information and ideas on this subject during my presentation.

Tags: Cybersecurity, JuiceIT 2019, Security, Trend Micro



Data#3 named (HPE) Platinum Partner of the Year and Aruba GreenLake Partner of the Year
Data#3 enjoys double scoops at HPE/Aruba awards night

December 08, 2022; Brisbane, Australia: Leading Australian technology services and solutions provider, Data#3, is proud to announce that it has…

Azure BaaS
Protecting Data in a Cloud World: Will Backup as a Service be what Keeps Your Business Online Through a Crisis?

Very few organisations could run in a technology-free environment, so naturally, strong IT departments put considerable effort into business continuity…

Azure Site Recovery
Beyond Backup: The Role of Azure Site Recovery in Business Continuity

In the first of our Azure Backup blog series, we discussed the value of data, and the critical importance…

Delivering the Digital Future, Securely – for Western Australia
Delivering the Digital Future, Securely – for Western Australia

Data#3, proudly sponsored by Cisco, Microsoft and Palo Alto Networks, are pleased to present to you: Delivering the Digital Future,…

K-12 Video Period
Securing the school network amidst escalating threats

Security threats are now a routine problem for increasingly connected education institutions. The good news is that a new generation…

Protecting Data in a Cloud World: What You Need to Know About Azure Backup

Welcome to part 1 of our 3-part blog series, exploring data protection options and considerations for when you’re operating in…

The Southport School Revisited
The Southport School: Four Years On

How have their investments in wireless networking and security paid off after four years? Download Customer…

Palo Alto Security Growth Partner of the Year
Data#3 Triumphs with Palo Alto Networks Security Award

November 11, 2022; Sydney, Australia: Leading Australian technology services and solutions provider, Data#3, is proud to announce that it has…