Without skilled and trained staff to analyse security threats and keep the organisational infrastructure protected, even the best security tools in the world wouldn't be fully effective, making businesses 'sitting ducks' for cyber-criminals.
There's no denying there is a cyber-security skills shortage: for the past six years, the sector has been identified as the top ‘problematic shortage' area across all of IT. Similarly, Cybersecurity Ventures has predicted there will by 3.5 million unfilled cyber-security positions by 2021. In that same period, cyber-crime costs are expected to double from US$ 3 trillion to US$ 6 trillion (£2.2 trillion to £4.4 trillion). Given the spate of high-profile breaches in 2017 alone, this shortage is causing a big impact on a security team's ability to deal with the rising volume of threats.
There are several ways in which this skills shortage is impacting businesses, most notably when it comes to maintaining a strong security programme. Without skilled and trained staff to analyse security threats and keep the organisational infrastructure protected, even the best security tools in the world wouldn't be fully effective, essentially making businesses ‘sitting ducks' for cyber-criminals. This is particularly concerning in light of the news that over 60 percent of small companies that suffer a cyber-attack go out of business within six months.
Salary supply vs. demand
Cyber-security expertise is in high demand and there are greater costs associated with retaining talent with this highly specialised skill set. Not only are many individuals able to name their price, but organisations must often pay to train a new security team hire. This cost then amplifies when you consider that a strong security team consists of several members such as security analysts, incident responders and forensic investigators.
With all industries affected by the skills gap, and as organisations scramble to recruit, it's imperative that organisations have the tools in place to make cyber-security processes as simple as possible so ‘unskilled' personnel can take on more tasks. The simplicity of the toolset is important, and draws on Gartner's ideas on the convergence of IT and operational technology, bringing together the process of prevention, detection, migration, forensics and remediation in one platform. The added benefits of this are that it only requires one set of training for one workflow, rather than having to organise multiple solutions, training and specialist expertise. With a single, holistic solution, companies can also effectively bypass the high salary demands of skilled cyber security professionals.
The next generation
Much has been said on the cyber-security skills shortage as it remains a serious – and global – issue. Cyber-security is a demanding profession and the imbalance between supply and demand means organisations are facing a continued struggle to protect themselves. It's no secret that the industry is hugely under-resourced when it comes to skilled people, and it could be a long time before it is at the capacity required. In the meantime, organisations need to augment their security team's efforts and improve the efficiency of their current toolsets to protect their most valuable data. Intelligent automation can help complete some of the more mundane tasks whilst streamlining tools to remove any overlap in functionality.
The skills shortage is an existential threat, as it impacts everything an organisation does to safeguard its data and other assets. We need to encourage the younger generations to actively consider working within cyber-security. It's an industry which, no matter how we automate job roles, will always require a human element. A system can be as artificially intelligent as possible, but only a human can think as obscurely and awkwardly as another human. And it's the humans that organisations are ultimately having to protect themselves from.
Contributed by Patrice Puichard, senior director EMEA, SentinelOne
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.