The advent of 5G and the explosion of the Internet of Things (IoT) is expected to add 20.4 billion connected devices to global networks by next year alone. A hacker’s favorite target, these devices pose an often-overlooked security risk.
Consider the energy sector, a major bull's eye for cyber hackers. A study by IBM and Oxford Economics found that energy and utilities companies invest 7% of their IT budgets in deploying and maintaining IoT technology, yet spend only 1% of that budget on securing them.
IoT isn’t the only risk factor. The report also found that few companies have the knowledge or resources to take proper precautions or keep pace with digital transformation.
A new mindset is needed
While colleges and universities are responding to the demand for cyber skills by offering undergraduate cybersecurity programs, addressing the skills shortage is a complex and multifaceted issue—one that can’t be solved in the classroom alone.
Speaking at the recent Gartner Security and Risk Management Summit, Sam Olyaei, director of the analyst group’s security and risk management team, suggested that the real challenge lies in how security leaders are addressing the issue. "The problem is really our mindset has to be shifted away from thinking about open roles that can be hired out in the market to actually optimizing the security function in ways that can actually help you procure the competencies we need.”
Companies are putting too much weight on certifications, continued Olyaei, or don’t know what security skills they need. There’s also a lack of standardization around job titles, what they mean, and an absence of clear career paths for security professionals. These factors can be remedied, suggests Olyaei, by standardizing titling in security roles according to NIST’s cybersecurity workforce framework and using enticing job titles and descriptions that attract candidates by stressing growth opportunities and flexibility.
Automate security so employees can build new skills
In addition to Olyaei’s recommendations, Gartner’s Beth Schumaecker urged security professionals in growth industries to implement an adaptive automation strategy that allows them to better utilize the skills and people they have. Repetitive operations tasks such as continuous cybersecurity monitoring functions, for example, are prime targets for automation, freeing teams to focus on more strategic work.
Automation can also help free up employees to learn new skills that are critical to keeping your business protected. Today, cyberattacks touch every corner of the organization and security leaders are increasingly being asked to assume the role of security champion and digital risk officer. To be successful in this role, they must break down the silos between the Security Operations Center (SOC) and the boardroom. This requires a new set of “soft”, non-technical competencies, such as the ability to communicate clearly and succinctly, business acumen, and an understanding of corporate goals. Each of these hold the keys to better aligning security practices with the wider objectives of your organization.
Cyber gap closed, talent pool opened
By shifting your organization’s mindset about the ways in which your security function can be optimized and mapping that back to your workforce strategy, you’ll be able to close the cybersecurity skills gap and open the doors to a wider and more diverse talent pool. Going the extra mile and supporting this talent with automated cybersecurity practices will help you establish a sound security posture that requires less manual labor. Then, security professionals can put their focus where it counts: proactively safeguarding your business against whatever might be coming next.
Between difficulty communicating with boards and executives, decreasing budgets, and difficulty measuring how exactly risk was being reduced, security leaders are under pressure to change the way they do things. The situation for security...
Cloud computing is not new to the cyber world; it’s here to stay. Web services are common in our everyday lives and workplaces, with things like Facebook, Salesforce, JIRA, Adobe, and GSuite all falling into the cloud-based category. But...
In the cybersecurity industry we deal with news of breaches or potential threats nearly every day, but when you really think about it, it’s bizarrely rare how little these events impact our everyday lives. Yes, they impact the professional...