Arctic Wolf’s The State of Cybersecurity: 2023 Trends report revealed a painful, yet unsurprising statistic: 68% of organizations identified staffing-related issues as their number one threat to achieving their security objectives. Breaking that down further, 32% of organizations are having difficulty with hiring and retaining staff. The remaining 36% feel their existing security team lacks the necessary expertise.
This leaves less than one-third of organizations satisfied with both the number of security experts they have on staff and the experience and expertise of that staff.
The cybersecurity industry has been in the grip of a skills shortage for years now. There are not enough trained professionals, the ones that are available cost too much, and cybercriminals are taking advantage of the gap. Vulnerabilities are on the rise, as are zero-day exploits, and there’s not enough people available to do the active vulnerability patching and proactive cybersecurity modern organizations need. Not to mention that a lack of staff means no one to respond if an internal tool detects a threat.
A lack of qualified staff results in breaches. 50% of organizations surveyed have suffered a breach in the past 12 months. But that doesn’t mean the other 50% were spared, it just means they didn’t identify a breach. In fact, Arctic Wolf finds latent threats in the environments in 42% of new customers. It’s safe to say that, today, facing an active cyber attack is a matter of when not if for organizations.
Taken as a whole, it paints a grim picture for organizations looking to attract, train, and retain enough security experts to effectively monitor, detect, and respond to modern cyber attacks. But there’s one thing working in these organizations’ favor, and it’s not something you might expect, given the current macroeconomic climate.
Cybersecurity Budgets Are Growing
The economic outlook for the business world isn’t inspiring much confidence at the moment. Rising inflation, supply-chain issues, and an extended pandemic recovery have led to rising profits for some companies, layoffs and cutbacks for others. The headwinds are so challenging that there’s a common refrain among the departments of many organizations; it’s time to reduce spending.
Yet IT and security teams seem to be largely immune from these organizational cuts. In a finding that may, at first glance, seem counterintuitive, our survey revealed that, in an environment where most organizations are drastically reducing their budgets, 57% plan to increase spending on cybersecurity. 15% of those organizations plan to increase spending by more than half. Even if they’re not increasing budgets, the remaining 43% of organizations expect to maintain their current level of security spending, meaning almost no organization we surveyed plans to cut their cybersecurity budget.
After decades of seeing the damage a cyber attack can do, organizations are realizing that it’s more cost-effective to increase spending now on proactive security efforts, than to pay the fiscal and reputational costs incurred post-breach.
This means that the money for proactive cybersecurity is there. The question that remains is, how should organizations allocate those funds? By finding your own team of in-house security experts and giving them the technology and processes they need to thrive in their roles.
How To Find Cybersecurity Experts
True, we spent the opening paragraphs of this piece outlining just how difficult this is to do. But there are ways to ensure you’re getting the top-tier talent that organizations undertaking more traditional hiring tactics might miss.
When it comes to staffing your security team, you need to rethink the way you recruit and evaluate candidates. With such a shortage of experienced professionals, and with so many organizations looking to hire them, you’re unlikely to find fully formed candidates who totally align with your culture and have the training and skills you need.
Turns out, that’s a good thing.
People are broad and deep and interesting. They have varied experiences and come from different backgrounds. Your key identifier in hiring security staff should be curiosity. How do candidates think about the world? What are their critical thinking skills? You can train them in your tools and technology, you can teach them your processes — what you need them to have walking in the door is empathy and curiosity.
This means you should relax your required qualifications. It’s nice to have candidates with a security or tech background, but it shouldn’t be a dealbreaker if they don’t. Look for early-stage career people who seem engaged and curious and willing to learn. Consider internal hires from other departments who already understand what your organization does and how it operates and have expressed an interest in security.
It’s about getting the right people on the bus first, and then figuring out where everyone should sit. Organizations have had great success transitioning everyone from lawyers to mechanics to baristas into security roles. By valuing a breadth of experience and a variety of thought in your security team, you make your team more effective.
Recruitment, however, is just the first hurdle — retention is just as big a struggle. It’s not uncommon for security professionals to leave their employers after just a few months. The 2022 Arctic Wolf Trends Report found 65% of cybersecurity employees are actively considering leaving their current position. How can you keep this from happening in your organization? By reducing or eliminating alert fatigue and providing opportunities for continued growth and advancement.
How To Manage Your Security Staff’s Workload
Managing a team like this is more an art than a science. It involves creating a culture of collaboration. You want your employees to feel that they can voice any concern, no matter how trivial, and offer any idea, no matter how blue sky, left-field, or half-cocked it is. Listen to what your team has to say, make them feel heard, and be honest with feedback.
Building a robust culture where team members feel heard and valued is crucial to success. However, no culture — no matter how strong and positive — is enough to stop a cyber attack.
Continuous improvement is the key. Cybercriminals are constantly evolving their attacks, so your methods to detect and prevent them should be no different. However, not everyone feels safe in this type of shifting environment. Security professionals, especially those with less experience, may find this kind of environment challenging or even upsetting.
Your team of passionate, curious, but inexperienced security professionals can quickly find themselves facing the business end of thousands or even tens of thousands of alerts each day. Tasked with responding to each one, they will quickly fall victim to alert fatigue, a daily working environment where analysts find it impossible to distinguish important alerts from false positives.
Alert fatigue is not just an overwhelming annoyance, it can be a major risk for your entire organization. Alert fatigue has real, quantifiable impacts on an organization’s finances, staffing, and security. Constant alert triage takes your team away from the challenging, meaningful work that drew them to the field in the first place. Security professionals can end up feeling drained and unsatisfied in their roles, and the exhaustion can cause them to ignore or outright miss alerts.
According to IBM, the average cost of a data breach in 2022 climbed to an all-time high of $4.35 million. With costs this high, organizations cannot afford to ignore a single alert. Yet, when a security team is impacted by alert fatigue, more than a quarter of alerts get ignored — every week.
This, coupled with the challenge of finding analysts in the first place, as well as the costs incurred by staffing and building your tech stack, leads many organizations to abandon efforts to build an in-house security operations center and, instead, partner with managed solutions provider.
The Benefits of Managed Security Operations
Managed Detection and Response (MDR) solutions combine the human element with technology to provide continuous monitoring as well as threat detection and response in organizations’ digital environments. MDR solutions work as a third party for an organization, allowing them to rapidly detect and respond to cyber threats without needing additional internal staff. MDR can be a force multiplier for your existing IT team, helping you gain 24×7 monitoring, detection, and response at a predictable monthly price.
MDR offers holistic visibility into a customer’s entire security environment. This increased visibility enables analysts to launch investigations quickly and correlate data from multiple indication sources, helping organizations better identify false positives and only alerting on real, actionable malicious activity.
However, not every MDR solution provider is equal. Find a provider who offers proactive protection to keep you safe from breaches, named security engineers dedicated to advancing you on your organization’s security journey, and robust remediation and incident response capabilities should the worst occur.
Some providers even offer security operations warranties and incident response retainers to help keep your costs of a breach low and your proactive protection high.
Additional Resources
- Dive deeper into managed solutions with our Comprehensive Guide to Security Operations.
- Learn how security teams are using MDR providers and the ways their expectations are evolving in ESG Survey: What Security Teams Want from MDR Providers.
- Leverage the expertise of leading analyst Gartner® to help you determine what model of security operations center is right for you with their SOC Model Guide.
