Almost all organisations are struggling to manage all of their cybersecurity needs, 96% of them are struggling with staffing their security teams due to the critical skills gap, and IT security teams at 85% of organisations are already understaffed, research by Tripwire has revealed.
A couple of years ago, based on a global survey of IT security professionals, information security certification body (ISC)2 forecasted that the overall cyber-security skills shortage could rise to 350,000 workers in Europe by 2022 due to a shortage of talent, high salary demands, high staff turnover, and a mismatch between what organisations are looking for and the expectations of cyber-security professionals.
To prevent this from happening, Jarad Carleton, Principal Consultant, Frost & Sullivan urged business leaders in Europe to increase investments in training and development programmes for their workforces. Doing so would not only improve their cyber resilience but would also prevent the skills gap from becoming much more acute in the coming years.
Almost all organisations struggling to stay on top of cyber threats
A recent report from Tripwire suggests that businesses have already started suffering from the consequences of the rising skills gap. A survey of 336 IT security professionals commissioned by Tripwire revealed that a vast majority of them are either struggling to fulfill all their cyber security needs, are struggling to fill security teams, or are already plagued with understaffed security teams.
"The skills gap issue continues to worsen, which is troubling, since cybersecurity threats only continue to grow. Additionally, security teams are in search of new skill sets to deal with evolving attacks and more complex attack surfaces as they include a mix of physical, virtual, cloud, DevOps and operational technology environments. It's becoming more difficult to maintain critical security controls, and there are fewer people available to do it," said David Meltzer, chief technology officer at Tripwire.
Because of understaffed security teams or of their organisations' inability to hire more security personnel, 68% of IT security professionals fear their organisation may lose the ability to stay on top of vulnerabilities, 60% fear they won't be able to identify and respond to issues in a timely manner and stay on top of emerging threats, and 53% fear they will lose their ability to manage and secure configurations properly.
Because of the lack of cyber security talent, 94% of organisations are now open to investing in managed services for security, 71% are willing to obtain external help for carrying out security assessments, 53% for penetration testing, and 51% for vulnerability management. At the same time, IT security professionals at 93% of organisations think they would benefit from security help outside of their organisations.
"Because security teams are stretched thin, it’s going to be more important than ever to build strong partnerships. Organisations can collaborate with trusted vendors to take pressure off their in-house resources. Approaches could include more automation of security tasks and support through managed service to ensure that no critical security controls are dropped," said Lamar Bailey, senior director of security research at Tripwire.
Businesses need to diversify and pool resources
Writing for TEISS, Kevin J Smith, Senior VP at Ivanti, wrote last year that in order to cover for the critical skills gap, organisations need to work together and pool their resources to leverage the collective wisdom of the business and should encourage all employees to receive some technical training with the incentive of high-level career progression.
"If a cybersecurity team is having to deal with 10,000 security incidents, they are more likely to miss a data breach already in progress. However, if automated EDRS is dealing with the more trivial and common threats, the security team are able to better use their limited resources on proactively defending against, and defeating, the more complex, damaging threats.
"Ultimately, the digital skills gap issue cannot be solved in a day. There needs to be a structured plan in place that forces organisations to begin to change their internal cultures. Technical roles need to be seen as stepping stones to leadership, businesses need to diversify and make a conscious effort to attract women into digital teams, and organisations need to embrace the power of technology to help them succeed in our increasingly digital world," he added.