Four Strategies for Dealing with the Cyber Security Skills Shortage
Cyber security is a rapidly evolving field, due to the many fresh risks created by mobile devices, cloud-connected applications and increasingly sophisticated botnets. At the same time, many IT organizations are struggling to staff up and meet these new challenges:
- According to the "State of Cyber Security 2017" report from ISACA, 55 percent of organizations take at least three months to fill an open cyber security position.
- Over half (55 percent) stated that they thought "practical, hands-on experience" was the most important qualification when hiring for a cyber security role.
- Almost seven out of ten survey takers reported that they would require a cyber security certification (e.g., CompTIA Security+) for a cyber security job.
The pace of change in cyber security - apparent in the constant identification of various data breaches as well as zero-day flaws in software - is perhaps responsible for the ongoing struggle by companies to keep up with their staffing needs. The current situation outlined by ISACA prompts the question: What can IT departments do to stay safe from today's threats? Here are four areas to focus on:
1. Take advantage of machine learning and other forms of automation
With experienced workers often in short supply, an appealing alternative is to divert more tasks to machines. While we are likely years away from fully automated solutions being as reliable as human-supervised ones, there have been some important developments in areas such as analyzing massive sets of unstructured data.
For example, IBM has tested its Watson artificial intelligence solutions - originally built to compete in "Jeopardy!" - as a cybersecurity tool, according to TechCrunch. It may be particularly adept at analyzing numerous cybersecurity documents to understand and detect threats.
This information helps supplement routine readings from endpoints and network traffic to paint a detailed picture of an organization's cybersecurity posture. Be on the lookout for false positives, though, and ensure that someone on your team has the final say on any critical decisions about defense. Data breaches necessitate cyber security expertise, but it is short supply right now.
2. Always update any computer operating systems
Many dot-releases of an operating system - e.g., going from version 9.0 to version 9.0.1 - are primarily security patches designed to close vulnerabilities. Although not packed with tons of obvious new features like one would expect when going from 9.0 to 10.0, these updates are essential for protecting your identity and data. They are low-hanging security fruit, which help shore up an IT department's defenses and prevent potentially serious issues from getting out of control.
Indeed, aging and/or outdated operating systems are almost always less safe than newer ones. Consider the case of Microsoft Windows XP, which remained in widespread usage well over a decade after its original release in 2001. Its enduring popularity created numerous issues for enterprises, especially when it came to embedded systems such as the software inside bank ATMs.
Determined not to let something similar happen with Windows 7, Microsoft recently announced that it would stop supporting the OS in January 2020. The company cited how security requirements had outpaced any updates to Windows 7, which was first released in 2009.
3. Invest in staff training and retention
As the ISACA survey noted, having certification is an important part of performing modern IT work. Being certified in a specific realm such as networking, cyber security or Linux is not just a mark of distinction: It also entails putting in real work in setting up, configuring and troubleshooting hardware and software, often with the goal of understanding their vulnerabilities.
Certification and training can also help tangential (to cybersecurity) IT staff - like network engineers - become more involved in protecting the organization's devices and data. During times when new staffing is difficult, investing more in existing staff is often the smart move. After all, cybersecurity is a company-wide undertaking, making skills development and education into essential ongoing tasks.
"Having certification is an important part of performing modern IT work."
4. Stay up to date with recent threats
The days of worrying mostly or even exclusively about computer viruses are over. Viruses are still a major concern, but they have been joined by many others, including ransomware, record-breaking distributed denial-of-service attacks and exploits within the Internet of Things.
For example, a group of security researchers noticed that Linux malware steadily became more prevalent and sophisticated between October 2016 and January 2017. Although some cutting-edge threats may never directly impact your organization's' systems, it is worthwhile to understand the larger developments in the security world.
With that knowledge, you can make smart decisions about software and personnel. From there, you can reduce your exposure to risk and focus more energy on improving your operations.
What are the next steps for an IT worker interested in cyber security?
Obtaining a cyber security certification is a good first step for any IT worker looking for more opportunities. New Horizons Learning Group can provide you with the training and knowledge you need to stand out from the pack. Join us at one of our 10 locations located across Arizona, California, and Nevada.
- ......Information Security