Despite the fact that cyberthreats have never been more prolific or problematic, the majority of organizations believe they lack the cybersecurity talent needed to stem the flow of cyberattacks. In fact, 82 percent of IT professionals think there is a shortage of cybersecurity expertise.
In a recent webinar, Arctic Wolf Networks noted that this statistic is indicative of security fatigue. The presenter, Sridhar Karnam, argued that IT professionals are overtaxed, and that they’re asked to fill security jobs that are peripheral to their actual roles and expertise. On top of that, a shortage of necessary cybersecurity talent increases the likelihood that network security alerts will fall through the cracks, since an already overburdened IT staff won’t have time to give each event the attention it deserves.
“The existing staff simply can’t keep up with the amount or the volume of information that they have to scan through,” Karnam said. “So there’s a direct correlation of data breaches in the company.”
The last straw, according to Karnam, is that as a result of this shortage, security experts are in high demand. Thus, salaries for security analysts are extremely competitive, and for some organizations, simply impossible to afford.
With all of that having been said, running a security operations center that maintains strong security posture is not a pipe dream. Here are three tips to help manage your security effectively in the face of a skills shortage:
1. Hire IT talent with strong security hygiene
One of the first things that any organization can do to improve security posture is to hire IT experts who have strong security hygiene. These professionals do not have to be security experts, but they should have an understanding of the types of activities that can put an organization at risk. To that end, there’s no shortage of cybersecurity training courses from organizations like SANS, RSA and others that can further refine this security hygiene.
“You can actually make really good security engineers out of IT ops staff,” Karnam said.
For mid-size companies, this isn’t necessarily a be-all, end-all solution, but hiring employees with attributes that lend themselves to security hygiene can be a huge improvement over doing nothing.
2. Establish a security culture
“Security needs to be considered in the business processes, application development – everything,” Karnam says. “Cybersecurity touches almost every single aspect.”Every employee – not just IT ops staff members – has an impact on an organization’s security posture. Instilling security hygiene on all of these professionals, according to Karnam, must come from the top down. Specifically, this is one of the most important roles of the chief information security officer (CISO). This is because the culture of cybersecurity must pervade all business operations.
Adopting this mentality company-wide will ensure that security factors into every decision from the top down, rather than being an inconvenient afterthought.
3. Outsource detection and response functions
Outsourcing cybersecurity functions is not a substitute for the aforementioned recommendations. However, security vendors can fill the void that’s left from not having certified security engineers in house. There are two fundamental models to accomplish this.
- Managed security service provider (MSSP): This involves investing in certain solutions and then having an MSSP manage that solution.
- Managed detection and response (MDR): In this model, tools and technology are provided, and managed by the third-party vendor specifically for the purpose of detecting known and unknown threats.
The latter is primarily concerned with swift detection and response, and the burden of managing the tools for threat monitoring is no longer on the organizations, rather on the MDR provider. Additionally, the provider will offer recommendations for processes to improve the overall security posture based on ongoing, real-time security analysis of the organization’s network topology. As a result, the business ends up with a security solution that is akin to a managed security operations center (SOC) which, paired with the above considerations, will effectively address the issues of product management and alert fatigue without taking shortcuts or breaking the bank.
To hear the rest of the webinar, click here.