As we all know, rising cybercrime levels are a widely recognised challenge in themselves. But now they’re fuelling a new, equally widespread challenge that’s capable of impacting all cybersecurity leaders and their operational outputs. Namely, a lack of skills.
IN THIS PIECE, ELLEN SUNDRA, CHIEF CUSTOMER OFFICER AT FORESCOUT, DELVES INTO WHAT COMPANIES CAN DO TO TACKLE THE SKILLS GAP IN A TIME WHEN CYBERCRIME IS SPIKING.
During her time at Forescout, Ellen has excelled in multiple roles such as SVP of Systems Engineering and Enablement. Ellen brings over 25 years of experience in the cybersecurity industry and was recently named one of the Top 25 Women in Cyber, by Cyber Defense Magazine.
Prior to joining Forescout, Ellen worked as a network architect and security advisor with iPass, UUNet and WorldCom. She also holds a BA in Computer Science from Rollins College and is a Certified Information Systems Security Professional (CISSP).
RECRUITING AND RETAINING TALENT IS A MAJOR ISSUE, WITH DEMAND CONTINUING TO OUTPACE SUPPLY WITHIN THE RAPIDLY EVOLVING CYBERSECURITY SPACE AS IT PRE-EMPTS AND RESPONDS TO INCREASINGLY SOPHISTICATED CYBER-ATTACKS.
Furthermore, the number and types of cyber assets has exploded in recent years, the vast majority being IoT and OT, which aren’t designed to be supported using traditional IT methods, such as patching. Today, even the smallest of hardware or software developments can pose multi-faceted risk and challenges, further exacerbating the need to have the right skillset in place.
As for cybersecurity’s skills shortage, insight from over the years and current research all reflect the same outlook – it’s here to stay for the foreseeable future, with some referring to it as a crisis. According to the Government’s latest Cyber Security Skills in the UK Labour Market Report, there was an annual shortfall of 14,100 cybersecurity employees last year – 4,100 more than the previous year.
In terms of how this figure translates into everyday business operations, the same report revealed that 51% of businesses have basic cyber security skills gaps. For example, being capable of setting up configured firewalls, storing or transferring personal data and detecting and removing malware.
Meanwhile, 33% have more advanced skill gaps in areas such as penetration testing, forensic analysis, and security architecture. OT expertise falls into this more advanced category due to the need for cybersecurity professionals to not just safeguard but navigate their way around the many complexities posed by legacy systems, or out-dated equipment and software that no longer receives security updates. Scanning the systems can cause risks to operations and applying patches requires taking these systems offline for maintenance, which is not only expensive, but disruptive to critical operations.
For existing cybersecurity teams, the impact of this talent shortage means growing workloads that can potentially lead to burnout. And for cybersecurity leaders, there’s the constant headache of having to find new talent, recruit, onboard, and crucially, retain employees.
Furthermore, research conducted by cybersecurity and IT security certifications and training provider, (ISC)², found that eight in ten organisations have suffered at least one breach caused by a lack of cybersecurity skills or awareness. Their research also revealed that 64% of global organisations had already experienced breaches that resulted in loss of revenue, recovery costs and/or fines.
With the impact of the skills gap being felt far and wide, cybersecurity leaders and teams are re-evaluating their existing processes and swiftly adopting new measures to secure the expertise they need to continue to operate. These measures include:
AUTOMATING TASKS
Automated cybersecurity enables Security Operation Centre (SOC) teams to enforce device compliance, reduce the attack surface and rapidly respond to incidents. It arms teams, applications and networks with the ability to respond immediately when risks and threats are identified. As a result, tasks that usually take multiple people hours to perform per asset can be completed in bulk or real-time, or on an interval basis.
PROMOTING EXISTING STAFF
Organisations are starting to promote in-house staff with an OT background to security officers and architects. The advantage of this is that these employees already know the OT sites and the organisation’s way-of-working and will often collaborate with the IT security teams to implement larger projects.
UTILISING EXTERNAL EXPERTISE
Some companies are leaning more heavily on external contractors to advise and build their ICS/OT security frameworks or run incident response/security operations. Seeing as the nature of this work can be lengthy, it’s an approach that’s recognised as being an effective way of helping free up in-house resource. It also means companies have access to the specific ICS/OT skills they need.
COLLABORATING WITH MANAGED SERVICE PROVIDERS (MSPS)
Given the growing market of data analysis and incident response solutions, the challenge lies in shifting from technology to management processes for efficient incident response. In turn, some organisations are leaning into sharing their SOC capabilities with MSPs to help bridge the skills shortage gap.
EMBRACING PLATFORM-BASED SOLUTIONS
Managing multiple point solutions with minimal staff is a key factor in relation to organisations struggling to incorporate enterprise-wide cybersecurity. Shifting from standalone to platform-based solutions or tools that easily integrate with others is increasingly being recognised as the solution.
INVESTING IN WORKFORCES
Upskilling existing employees into OT/ICS professionals is widely recognised as being beneficial in relation to retaining talent within companies, and the industry, and gaining access to skills sooner. Some organisations, including Forescout, have implemented dedicated training programmes that are designed to fast-track staff into more experienced or specialist roles.
The ripple effect of the skills shortage will continue to be felt for many years to come. However, there are several proactive measures cybersecurity leaders can take to access the skills they need and deliver on their workloads. While technological advancements can potentially expose organisations to cybercrime, they can also be leveraged to provide pioneering solutions to many challenges, including the current OT/ICS skills gap, and deliver wider benefits at the same time.
Post Views: 411
How to tackle the skills gap when cybercrime is spiking & cyber security skills are scarce
ARTICLE SUMMARY
As we all know, rising cybercrime levels are a widely recognised challenge in themselves. But now they’re fuelling a new, equally widespread challenge that’s capable of impacting all cybersecurity leaders and their operational outputs. Namely, a lack of skills.
IN THIS PIECE, ELLEN SUNDRA, CHIEF CUSTOMER OFFICER AT FORESCOUT, DELVES INTO WHAT COMPANIES CAN DO TO TACKLE THE SKILLS GAP IN A TIME WHEN CYBERCRIME IS SPIKING.
During her time at Forescout, Ellen has excelled in multiple roles such as SVP of Systems Engineering and Enablement. Ellen brings over 25 years of experience in the cybersecurity industry and was recently named one of the Top 25 Women in Cyber, by Cyber Defense Magazine.
Prior to joining Forescout, Ellen worked as a network architect and security advisor with iPass, UUNet and WorldCom. She also holds a BA in Computer Science from Rollins College and is a Certified Information Systems Security Professional (CISSP).
RECRUITING AND RETAINING TALENT IS A MAJOR ISSUE, WITH DEMAND CONTINUING TO OUTPACE SUPPLY WITHIN THE RAPIDLY EVOLVING CYBERSECURITY SPACE AS IT PRE-EMPTS AND RESPONDS TO INCREASINGLY SOPHISTICATED CYBER-ATTACKS.
Furthermore, the number and types of cyber assets has exploded in recent years, the vast majority being IoT and OT, which aren’t designed to be supported using traditional IT methods, such as patching. Today, even the smallest of hardware or software developments can pose multi-faceted risk and challenges, further exacerbating the need to have the right skillset in place.
As for cybersecurity’s skills shortage, insight from over the years and current research all reflect the same outlook – it’s here to stay for the foreseeable future, with some referring to it as a crisis. According to the Government’s latest Cyber Security Skills in the UK Labour Market Report, there was an annual shortfall of 14,100 cybersecurity employees last year – 4,100 more than the previous year.
In terms of how this figure translates into everyday business operations, the same report revealed that 51% of businesses have basic cyber security skills gaps. For example, being capable of setting up configured firewalls, storing or transferring personal data and detecting and removing malware.
Meanwhile, 33% have more advanced skill gaps in areas such as penetration testing, forensic analysis, and security architecture. OT expertise falls into this more advanced category due to the need for cybersecurity professionals to not just safeguard but navigate their way around the many complexities posed by legacy systems, or out-dated equipment and software that no longer receives security updates. Scanning the systems can cause risks to operations and applying patches requires taking these systems offline for maintenance, which is not only expensive, but disruptive to critical operations.
For existing cybersecurity teams, the impact of this talent shortage means growing workloads that can potentially lead to burnout. And for cybersecurity leaders, there’s the constant headache of having to find new talent, recruit, onboard, and crucially, retain employees.
Furthermore, research conducted by cybersecurity and IT security certifications and training provider, (ISC)², found that eight in ten organisations have suffered at least one breach caused by a lack of cybersecurity skills or awareness. Their research also revealed that 64% of global organisations had already experienced breaches that resulted in loss of revenue, recovery costs and/or fines.
With the impact of the skills gap being felt far and wide, cybersecurity leaders and teams are re-evaluating their existing processes and swiftly adopting new measures to secure the expertise they need to continue to operate. These measures include:
AUTOMATING TASKS
Automated cybersecurity enables Security Operation Centre (SOC) teams to enforce device compliance, reduce the attack surface and rapidly respond to incidents. It arms teams, applications and networks with the ability to respond immediately when risks and threats are identified. As a result, tasks that usually take multiple people hours to perform per asset can be completed in bulk or real-time, or on an interval basis.
PROMOTING EXISTING STAFF
Organisations are starting to promote in-house staff with an OT background to security officers and architects. The advantage of this is that these employees already know the OT sites and the organisation’s way-of-working and will often collaborate with the IT security teams to implement larger projects.
UTILISING EXTERNAL EXPERTISE
Some companies are leaning more heavily on external contractors to advise and build their ICS/OT security frameworks or run incident response/security operations. Seeing as the nature of this work can be lengthy, it’s an approach that’s recognised as being an effective way of helping free up in-house resource. It also means companies have access to the specific ICS/OT skills they need.
COLLABORATING WITH MANAGED SERVICE PROVIDERS (MSPS)
Given the growing market of data analysis and incident response solutions, the challenge lies in shifting from technology to management processes for efficient incident response. In turn, some organisations are leaning into sharing their SOC capabilities with MSPs to help bridge the skills shortage gap.
EMBRACING PLATFORM-BASED SOLUTIONS
Managing multiple point solutions with minimal staff is a key factor in relation to organisations struggling to incorporate enterprise-wide cybersecurity. Shifting from standalone to platform-based solutions or tools that easily integrate with others is increasingly being recognised as the solution.
INVESTING IN WORKFORCES
Upskilling existing employees into OT/ICS professionals is widely recognised as being beneficial in relation to retaining talent within companies, and the industry, and gaining access to skills sooner. Some organisations, including Forescout, have implemented dedicated training programmes that are designed to fast-track staff into more experienced or specialist roles.
The ripple effect of the skills shortage will continue to be felt for many years to come. However, there are several proactive measures cybersecurity leaders can take to access the skills they need and deliver on their workloads. While technological advancements can potentially expose organisations to cybercrime, they can also be leveraged to provide pioneering solutions to many challenges, including the current OT/ICS skills gap, and deliver wider benefits at the same time.
Is addressing the cybersecurity skills shortage a Herculean task?
Are female graduates ‘business ready’? The importance of closing the technical skills gap
Why financial institutions need more women in Cybersecurity roles
Recruitment
Security
RELATED ARTICLES