Regardless of discipline, cybersecurity professionals deal with mounting pressure each day to make the right decisions and strategically play the right hand to keep their organisations a step or two ahead of cybercriminals. It can be stressful. And with good reason as the attack surface is wider and more diverse than ever driven by heavy cloud usage, while those who work to exploit it continue to develop new tactics and tools to help expose security weaknesses.
As stressful as it may be at times, cybersecurity continues to offer incredible opportunities for people to advance their careers. We’ve also seen a recent shift in the mentality across boards and senior management at companies who are prioritizing cyber hygiene with more willingness to invest and make sure that an attack doesn’t play out at home. In fact, the more organisations that see the light this way and incorporate cybersecurity into board discussions and business strategy—will be the ones that set themselves up for success. So, even as we continue to see attacks make the news, progress is being made even if there’s still a lot of work to do.
Work being the key here and of course the people who are willing to do it. Believe it or not, the global cybersecurity skills shortfall now stands at 2.7 million workers. It would be difficult to imagine that the pressure faced by cybersecurity teams doesn’t have something to do with the workforce gap. To dive into what’s really going on here, Vectra conducted a research study—Breaking Point: Is mounting pressure creating a ticking time bomb for a health crisis in cybersecurity? Feel free to take a look at the report. In the meantime, I’ve discussed a few of the key points below with a bit of advice for those already in the field or those looking to take the plunge into cybersecurity.
Stress Generated by the Skills Gap
It’s made clear in the report that of the cybersecurity pros who participated in the study, a lot of the pressure they deal with is due to not having enough bandwidth or people on the team to complete all the work. I’ve certainly been there, and I know how challenging it can be to feel like no matter how hard you work, you just can’t stay ahead. On top of that—we all know the stakes are high. Of those surveyed, 67% said they don’t have enough talent on their team.
This is challenging for the practitioner, and the organisation as it puts further strain on both to stay resilient against malicious activity. Addressing this takes time, but there are definitely some actions that can be taken to make sure those who want to work in cyber can stay and be effective and also encourage others who may not even know cybersecurity is a career option. We touch on this quite a bit the report, but here are two that jump out:
- Widen the pool: There are people out there who may not have a university degree, but still have skills that transfer well to a career in cyber and are just waiting for an opportunity.
- Reduce the burden: If you’ve spent time in a SOC, you know there are plenty of time-draining tasks that need to be accomplished. Many of these can be automated with the right tools.
Cloud Adoption Adding to a Mounting Cyber-risk
Not that we needed any more reason to believe that that cloud was creating difficulties for security teams, but 90% of security pros surveyed said that cloud adoption was adding to IT complexity and mounting cyber-risk. A challenge no doubt, and one that may be ever-changing moving forward as many of the technologies that were effective last year, may not be the next time around.
That’s the type of scenario that will make any cyber pro anxious. In fact, any problem we don’t have clarity on will tend to make us anxious, which is often the case in cybersecurity but that doesn’t mean there isn’t a solution. As every aspect of our organisations are potential targets of the next cyberattack, there are a couple things to keep in mind:
- Know the threats: It’s imperative to know which threats pose the biggest risk to your business in order to align a strategy to stopping those high-risk threats.
- Detection and visibility: The cloud puts us beyond preventative security measures. We now need the ability to detect and respond to threats inside the extended enterprise. Prioritize tools that help you do this.
These points are just a small sample of what’s covered in the full report, and while there’s no denying the current skills gap—there are plenty of reasons for optimism. Cybersecurity aside, to solve any challenge always requires a good understanding of the problem first. It’s no different here and while the current threat landscape includes new and seemingly ever-changing territory with the cloud—adapting to change has always been the nature of cybersecurity anyways. There are going to be anxious moments, but we’re also in a place we’ve never experienced with the support gaining from the top of organisations willing to provide the resources necessary to stay resilient from threats and attacks. I am encouraged by innovation and advances we’re seeing in the ability to track down attacker motions and automate workloads for SOCs—it’s still a great time to be in cybersecurity.
Get the full report!