FEATURE: CYBER SECURITY- STAFF & RECRUITMENT
According the Cisco Annual Security Report 2016, there is currently a deficit of one million security practitioners, increasing to 1.5 million by 2019. This major gap in the cyber security skills problem lies in the disconnect between the perception and reality of security preparedness. While many Chief Information Security Officers( CISOs) believe their security processes are optimised- and their security tools are effective – we believe that their security readiness likely needs improvement.
This disconnect, along with rapidly evolving regulatory requirements and networking technology, further widens the cyber security skills gap. Matters don’ t get easier if you throw Internet of Things( IoT) into the mix. As the IoT gains more traction, the lack of basic security standards in IoT devices will exacerbate the security skills gap. This is set to have a compounded impact as customers embrace Internet of Everything( IoE) which represents an unprecedented opportunity to connect people, processes, data and things.
While IoE will create new operating models that drive both efficiency and value, it may also become one of the world’ s most challenging cybersecurity threats. The reason being, customers and businesses will have to bring together IT and operational technology, giving adversaries new targets such as vehicles, buildings, and manufacturing plants.
This blurring of IT and operational technology environments has already resulted in a 250 % spike in industrial automation and control system incidents over the past four years and according to Gartner, the number, scale and sophistication of operational technology attacks will continue to increase, putting connected industrial systems, building control systems, and energy systems at risk. Mitigating advanced persistent threats in OT environments requires people who can bridge IT and OT. Unfortunately, people who can bridge the gap between IT and OT are in extremely short supply.
WITH SO MANY HIGH- PROFILE, HIGH-COST BREACHES, BUSINESS LEADERS ARE BEGINNING TO TAKE NOTICE. EXECUTIVE MANAGEMENT AND BOARDS OF DIRECTORS ARE NOW RECOGNISING THAT CYBER SECURITY IS NOT JUST A TECH PROBLEM. IT’ S A BUSINESS PROBLEM.
Important insights that can help businesses mitigate the cyber security talent shortage:
Cyber security requires cyber strategies: Too many companies today have underperforming security programs because of a failure to define and execute holistic cybersecurity strategies. The lack of a cohesive, enterprise-wide cyber security strategy, one that is based on policy, typically results in improvised security solutions that leave in-house security teams playing whack-a-mole. Internal security teams spend 63 % of their time on security-related tasks, leaving them little time to drive strategic security initiatives.
Security organisations need data scientists with business acumen: With so many high-profile, high-cost breaches, business leaders are beginning to take notice. Executive management and boards of directors are now recognising that cyber security is not just a tech problem. It’ s a business problem. As security discussions move to the boardroom, CISOs and their teams need data science skills to analyse cyber security data and business skills to manage trust( company reputation) and risk( costs). The conversation has
migrated from one of red, yellow, and green vulnerability status checks to financial conversations in which security risk is measured in dollars and cents.
The cyber-talent skills gap will drive enterprises to managed security services: Most organisations are struggling to solidify a cyber security vision supported by an effective strategy that uses new technologies, simplifies their architecture and operations, and strengthens their security team. This is pushing companies to bolster in-house cyber security expertise with professional security services. Using security partners
32 INTELLIGENTCIO www. intelligentcio. com