If you’re concerned that your security team may be suffering from fatigue, lacking motivation, or feeling overwhelmed… you’re not wrong. The industry is facing a dearth of qualified cybersecurity professionals, and that skills shortage is causing problems for organizations large and small, as the barrage of cyber threats grows ever more constant.
According to (ISC)’s 2020 Cybersecurity Workforce Study, the security industry lacks about 3 million cybersecurity workers. That shortage is not going unnoticed. Of the professionals surveyed for the study, 64% say their organization has been impacted by the talent gap, leaving more than half (56%) at extreme or moderate security risk.
And it’s getting harder to fill those positions. When compared to other IT jobs, on average, cybersecurity roles take 21% longer to fill.
Of course, the industry talent shortage isn’t a new development. In 2019, Cybercrime Magazine predicted a gap of 3.5 million unfilled cybersecurity jobs globally by 2021, up from one million positions in 2014. Unsurprisingly, they attributed this to the pace of cybercrime far exceeding the pipeline of available security talent.
Much of the shortage can be attributed to aging, inflexible views on what makes a “qualified” security professional. Too many companies refuse to consider any candidate who lacks a four-year degree. And while there is much to be gained from a traditional university education, the cybersecurity field moves and evolves so quickly that colleges often cannot keep up, and default to teaching theory-based curriculum with outdated information.
The COVID-19 pandemic, which dramatically increased the number of remote workers, the use of cloud-based applications, and by extension, the security risks, has only exacerbated the situation. Data from the (ISC)2 survey revealed that over the past year, many cybersecurity workers were reassigned to assist with other IT-related tasks, including equipping and enabling their mobile workforces. Others retained their security roles in addition to taking on extra responsibilities.
In the meantime, security threats have remained all too real, with phishers and other perpetrators finding creatively deceptive ways to use the pandemic to their advantage. Cyber criminals are shockingly well funded and show no signs of letting up in their attacks. In fact, one-quarter of the (ISC)2 survey respondents revealed that incidents had increased since their organizations had transitioned to remote work, with some estimating the number had doubled.
While remote working has enabled much of the business world to continue operating over the past 14 months, it’s put an extra, arguably unfair burden on security teams. As barriers between work and home degrade, many cybersecurity employees have become de facto on-demand workers, expected to be available as needed, adding to an already stressful situation.
The result? Companies are left with overworked, understaffed security teams trying to manage a myriad of different security technologies to keep up with the ongoing (and growing) threats so they can defend an employer who thinks they should be on-call 24x7. It’s no wonder motivation is in short supply these days.
The ongoing shortage of human intelligence has helped artificial intelligence (AI) emerge as a potential solution. Together with machine learning (ML), AI can analyze millions of events, and from that analysis quickly identify potential security threats. And because both technologies retain and learn from analyzed data, over time they can detect cyber attacks even faster.
Without question, AI and ML are the cool new kids on the security block. Their promise has been touted for years, but only recently has it begun to prove effective. Only time will indicate the long-term value AI and ML can bring to the cybersecurity universe.
The danger is that some organizations will rely prematurely and completely on automation. Though the capabilities are impressive and the benefits potentially significant, there is still great value in a human analysis of data indicating criminal activity. A truly optimal security solution requires a partnership between humans and machines, one that leverages the critical thinking skills of the former with the efficiency and scale of the latter.
Solving the cybersecurity talent shortage will take time, flexibility, a willingness to compromise, the adoption of new technologies, and the development of new employees. It will also require creative thinking.
At IRONSCALES, we’ve taken a unique approach to finding the human/machine balance. Crowdsourcing, until recently considered largely a method for business-to-consumer idea exchange, has now entered the cybersecurity arena. We’ve invited our community of customers — thousands of security teams strong — to contribute to intelligence gathering and sharing. Working together, our real-time intelligence, taken directly from the front lines, helps “train” our AI systems while at the same time enabling a sort of “herd immunity” across our entire customer base.
Learn more about our collaborative approach to intelligence gathering, and how we can help protect your organization against sophisticated phishing attacks. Contact us or visit www.ironscales.com to learn more and request a free trial.