The global pool of security professionals needs to grow 65% to defend organisations’ critical assets – so how can we plug the cybersecurity skills gap?
Globally, (ISC)² approximates that the cybersecurity workforce will expand significantly by adding 464,000 new professionals in 2022, marking a stark 11.1% increase in the 2021 employment pool.
This is no doubt positive news, yet the increase is way off the levels that are required. Interestingly, the cybersecurity workforce gap grew well over twice the rate of the workforce, up 26.2% year-over-year.
These figures are a reminder of just how rapidly cybersecurity requirements are expanding. Unfortunately, organisations looking to attract and retain cybersecurity professionals will face an uphill battle in 2023.
Indeed, (ISC)² estimates that the global pool of security professionals needs to grow 65% to defend organisations’ critical assets effectively. In contrast, the Department for Digital, Culture, Media and Sport (DCMS) estimates that nearly 700,000 enterprises (51%) have a basic skills gap.
The public sector is no exception to this. From schools to hospitals and many ministerial departments in between, central public pillars of our society house vast amounts of highly sensitive data such as personally identifiable information (PII) and classified documents – data that is highly attractive to threat actors.
Worryingly (but entirely unsurprisingly), any organisation facing a cyber skill gap is much more susceptible to breaches. Indeed, industry body ISACA found that 69% of those organisations that have suffered a cyber-attack in the past year were somewhat or significantly understaffed.
What truly compounds these concerns, however, is the potential impact that breaches can have. According to IBM’s Cost of a Data Breach Report 2022, the average total cost of a data breach is now $4.35 million.
This combination of statistics is undoubtedly anxiety-inducing. However, attacks aren’t a lost cause or an inevitability which simply can’t be prevented. Today, there are many supportive technologies which can be leveraged to help organisations of all shapes and sizes – public and private alike – turn the tide on the threats they face.
Understanding the value of automation
The (ISC)² study reveals that more than half (57%) of organisations are now automating aspects of their security, while a further quarter (26%) intend to do so in the near future.
It should be noted that, at least in most cases, organisations are not doing this to eliminate the need for cybersecurity workers altogether. Artificial intelligence is nowhere near the level of sophistication required to achieve this in a security context. And really, it’s unlikely that human input won’t ever be required, at least in some capacity.
What we’re seeing today is organisations leveraging technologies to automate repeatable processes and free up security professionals, enabling them to focus on higher-value tasks.
The idea centres around empowering the limited number of professionals organisations can get their hands on with the best possible toolkits to optimise their expertise and contributions. Not only does this approach empower professionals to work efficiently and effectively, but it also improves the employee’s experience, making it easier to retain talent and mitigate the issues associated with staffing shortages.
So, how exactly should organisations automate their security processes to alleviate the pressures on their security teams? Here, we’ll outline three key tools to consider.
UEBA works by building baselines for normal behaviour for every user
First, we have user and entity behaviour analytics (UEBA) which works by building baselines for normal behaviour for every user, peer group, and entity in a corporate network; the technology then automatically identifies, flags and scores any potentially risky activities that stray outside of these ‘normal’ parameters.
This ultimately helps analysts by doing much of the heavy lifting in threat hunting, pointing them directly towards those threats that genuinely require remediation.
Automated event interrogation
Successful security relies on the ability of organisations to understand their vulnerabilities and mitigate the corresponding threats. While indicators of risk can be difficult to identify, and preparing for every new threat is impossible, tapping into varied threat intelligence data can help security professionals to prioritise threats better and protect themselves accordingly. Be it security vendors, intelligence groups or other connections, compiling information from various sources can help proactively identify trends.
Of course, manually trawling through large data feeds to try and find new threats can feel like searching for a needle in a haystack. Therefore, automation is key.
Specifically, we recommend that analysts automate event interrogation, screening various indications of compromise (IOCs) across various internal and external intelligence feeds to correlate key threat indicators.
SOAR is an incident detection and response technology
Thirdly, we have security orchestration, automation and response (SOAR) – an incident detection and response technology focused on alert aggregation and prioritisation. Specifically designed to help guide security professionals towards consistent and optimal responses, it accelerates threat investigation and remediation by automatically correlating and analysing data.
In doing so, all contextual information and intelligence can be presented transparently, enabling security teams to respond efficiently and effectively in an informed manner. Critically, this dramatically reduces response times, helping SOC teams identify and resolve incidents fast.
Embracing a converged security solution
Indeed, a combination of the right technologies will be required to build an effective, highly automated security strategy. However, the extent to which solutions are leveraged must be carefully considered.
It can be tempting to acquire each and every shiny new tech on the market. Still, such an approach can actually undermine any efforts to support already limited and pressurised security professionals. If an organisation insists on using 20 or 30 tools, security professionals will have to spend a considerable amount of time learning and navigating each platform.
Equally, acquiring an expansive range of automated solutions will be expensive, and that’s not attractive nor feasible given the current economic climate – particularly for many cash-strapped public sector departments.
For this reason, we recommend that government organisations adopt a converged security solution that meets their specific needs.
With a converged solution, multiple tools are combined into a single platform. Given that complexity in IT and security operations can often be attributed to integrations, technology evolution and changes to scope, this is key. Indeed, using a single platform comprising a broad set of features will limit complexity, cost and friction.
Not only that, but performance can also improve in such setups. Indeed, the combination of SIEM centralised monitoring with automation, workflows and a case management system will provide security teams with the data they need to deliver transparently.
Equally, the total cost of ownership becomes much clearer. Typically, converged security solutions are built on predictable licensing models that ensure customers know exactly what they are paying for.
For public sector organisations, this can be game-changing. Not only will a converged security setup fit neatly within limited budgets, but it will also improve performance while making the lives of security professionals easier – attributes that have never been more important given the skills gap that needs to be bridged.
Written by Tim Wallen, Regional Director, UKI & BeNeLux, for Logpoint
Editor's Recommended Articles
Must Read >> Will Rishi Sunak reassess UK cybersecurity policies?