Fallstrick Kompetenzlücken: So schaffen Sie eine auf Cybersicherheit basierende Kultur
Editor’s note: Elad Schulman is the co-founder and CEO of Segasec, and a speaker at the Cyber Resilience Summit in Dallas, October 28-30.
Awareness of the cyber skills gap has grown in lockstep with the gap itself in recent years.
A global study by ESG and ISSA reported that 53% of organizations have what they call a “problematic shortage” of skilled workers in 2019, up from 42% in 2016. In fact, the study suggests “the cybersecurity skills shortage is exacerbating the number of data breaches,” with the top two contributing factors to security incidents being a lack of adequate training of non-technical employees (31%) and a lack of adequate cybersecurity staff (22%).
However, leaders should take solace in knowing the skills gap challenge is one of the great equalizers in business, affecting all organizations from government organizations to SMBs to large enterprises.
Think about the largest names in the business and finance world. They are prime targets for cybercrime, and have large, dynamic attack surfaces that often spread across a heterogeneous environment. As such, they have overwhelming security needs, and must employ the best technology and security professionals. As a result, they must allocate large portions of their budget to acquiring the best talent right out of university, or employing recruitment and head-hunting professionals to manage this task. This is a driving factor of the skills gap.
Now consider the less attractive organizations, perhaps outside of the financial world, located in a less prime area, or with fewer column inches to their names. If the famous names are struggling with finding the right talent in-house for their growing needs, where does this leave the next rung down the ladder?
On the other end of the scale, SMBs with cyber awareness knowledge and standards often have a small budget for security, and will likely be unable to compete with large organizations to attract talent. With only a handful of security employees, these companies are just trying to improve their security posture to stay safe.
Recruiting Cybersecurity Talent: Create Cyber Awareness Standards for the Future
To understand how to solve this wide-reaching skills gap, we need to look at where the talent is migrating to, and how the security industry is changing as a whole.
The truth is, as attacks become more sophisticated, and threats change and evolve, intelligent and forward-thinking employees want to be on the front lines of innovation. It stands to reason that the top talent wants to be working directly for security companies, not simply in the security department of an organization – however large.
After all, cybersecurity professionals working for a dedicated security vendor will be building solutions to tomorrow’s problems, not putting out today’s fires, and they will be creating cyber awareness standards for businesses worldwide. This is one of the reasons that organizations are seeing a rise in third-party solutions to beat today’s security challenges.
There are simply too many potential risks out there, coming from too many directions.
Security experts realize that even the largest companies cannot be the best at protecting themselves in-house against all of the latest threats and the creative new ways attackers attempt to gain access to valuable data. If SOCs within the biggest names in finance and business are overwhelmed with the volume or variety of threats, this only becomes a more defined, apparent problem in smaller organizations’ SOCs.
The Security Landscape is Changing. You Need to Change, Too
When companies understand this new reality, that the strongest and most innovative cyber solutions and talent are often external, they can begin to reap the benefits of this model. Instead of feeling overwhelmed by all the areas involved in staying secure, or struggling to attract talent in-house with expensive compensation or recruitment, large enterprises can turn to managed third-party solutions to take the hard work off their hands altogether. For SMBs, who will always struggle to compete with the big names in business, outsourcing security levels the playing field, providing the same quality of protection, even on a budget.
As the skills gap widens, running after in-house talent is yesterday’s game. By embracing the future of security with third-party solutions, you can avoid heavy in-house costs, and ensure that you’re working with the best-in-breed technology and talent.
Want more great articles like this?Subscribe to our blog.
Get all the latest news, tips and articles delivered right to your inbox
You will receive an email shortly