Finding cybersecurity equilibrium in the midst of a skills shortage

When building or retaining your cybersecurity teams, if you haven’t yet felt the symptoms of the cyber “skills shortage” transpire, then it’s likely that given the vast media attention surrounding it, you’ve been made aware of this issue that many companies are facing.

As with many much-discussed subjects, the numerous opinions on the size and effect of the skills famine vary, but the general consensus is that the problem is getting worse. An analysis from the Australian Cyber Security Growth Network (released in November) states that Australia is already short some 2,300 workers and this number is expected to grow to a massive 17,600 workers by 2026.

IT as we know is advancing at a rapid rate with a growing use of technologies and applications, as well as the increasing exchange of digital information. In order to empower businesses to evolve and run more effectively, as well as to safeguard data, it is imperative that there are enough people with the relevant skill sets to do so.

It’s great to see that a lot of emphasis is currently being put into shrinking the shortage through efforts like spreading industry awareness, educating people and enabling new certification and training pathways. This brings me to the company that I’m proud to represent, Trend Micro. We have programs in place to upskill young people from outside the industry, with no prior knowledge or experience, in order to give them a chance that they may not have otherwise had and to ready them for careers in cybersecurity. While these initiatives have proven to be very successful, these approaches take time.

Now, time is not a luxury that organisations can afford with the contrasting increase in quantity, complexity and economic impact of cyberthreats. So what can the savvy organisations do to find equilibrium? Whilst there are many approaches, in this article, I’m going to focus on two areas that have been very successful for organisations whom I work with to secure – Automation and Managed Response.

Whether due to the skills shortage, insufficient funding or just the size of an organisation, typically, by the time cybersecurity teams have created and managed policies, educated users, installed controls and responded to changing business needs, there is little or no time left to categorise and respond to the plethora of alerts that those tools, processes and users are generating. In many of the high profile breaches, notifications or IOCs’ (Indicators of Compromise) for the breach were in fact present well before the breach was discovered! The prime example of this is started with the Target breach many years ago and continues to be demonstrated. The simple truth is that, for the most part, the security teams simply did not have the capacity to view, assess and respond to these alerts.

Utilising automation can drastically reduce this exposure.  Automation means that your security controls either natively provide automated detection and prevention to newly identified threats or security automation tools are used to achieve the same result.

Not only does this mitigate risk of serious breaches due to a skills shortage, but it also reduces management costs by automating repetitive and resource intensive security tasks, reducing false-positive security alerts, and enabling a workflow of security incident response.

Of course, automation is never the singular answer to everything – something that appears benign to automation can lead to a larger issue. For this blind spot, having 24×7 Managed Detection and Response can provide the analysis, investigation and the ‘human view’ on alerts that your organisation needs to be able to stop a threat before it becomes a breach or financially impacting outage.

I’m pleased to be presenting on this subject at each of the Data^#3 JuiceIT events and look forward to providing more actionable information and ideas on this subject during my presentation.