Security skills shortage remains an issue across the globeBy Dónal Munnelly,
A combination of security skills shortages and increasingly sophisticated cyber threats are keeping CISO’s awake at night and it’s hard to see how it’s going to change. The importance of security talent has long been recognised as integral to running network and IT services, but supply has struggled to keep up with demand, leaving many mid-size enterprises and large corporates with roles to fill and businesses exposed. A recent study by the ISSA showed that 70% of their members believed their organisation was impacted by the global cybersecurity skills shortage*.
Part of it is a cultural problem. Security professionals want to work at the leading edge which is never going to be a business that is constantly firefighting, trying to keep its firewalls and antivirus up to date. Many start out in the IT department of a business. When they identify a career path that’s focussed on cybersecurity, they go looking for qualifications and accreditations to advance their skills. When they get them, their value goes up and they leave.
Talent in even shorter supply
One problem is that they’re not always missed. As ambitious businesses look to extend their reach through digital and cloud technologies, the inhouse security expert is often seen as the sensible voice who wants to talk about ‘mitigating risk exposure’. Crazy as it seems, there are executives who don’t really want to hear about what it’ll take to make their ambitious strategies secure, and what it’ll cost is just more bad news. Security professionals are drawn o organisations where they’re valued and listened to.
Another challenge for companies trying to recruit and retain security experts is identifying the type of expert they need. Skills are so broad and varied you’ll need to know exactly want you want – which isn’t easy if you don’t have any security experts in-house to guide your decision
You might have to decide whether you need a security engineer who actually builds out solutions, a security analyst who can stand over the approach. Or perhaps you need a network security engineer who specialises in connectivity. Maybe you’re a multinational looking for an information security manager to run a security operations centre.
You’ll discover these people are hard to find and expensive to retain, as attacks evolve this issue will become a harder one to handle. The up-and-coming area of AI-driven cybersecurity is going to demand cross-trained talent, experts in data science – as well as security.
Of course, as technology evolves the problem will become more complex. Companies are moving more applications and services to public clouds, where big name providers like Amazon and Microsoft are providing cloud services to companies who want to move from on premise hardware. This journey isn’t always straightforward. Responsibility for security mainly lies with the customer and their chosen configuration or service level, and once your data is in the cloud you need to be sure that you have the right people ensuring it’s secure.
Securing your journey to the cloud is a primary customer journey at BT. We leverage decades of expertise and investment to give our clients levels of cybersecurity that they would find difficult to achieve on their own. We process 6.5 billion events every second on our security platform, protect against 4,000 cyberattacks every day and in the last year alone we blocked 230 million connections to malware sites.
We wrap this security expertise into our Managed Service propositions, including the management of specific threats like DDoS, an area of outsourced security services that IDC predicts will grow 20% by 2023.
The great news is, we’re one of the companies that security professional gravitate towards because they know they’ll be working at the leading edge of their profession. We employ 3,000 security professionals worldwide. The good news is that you can avail of their services as one of our customers. Like every managed service, security is about accessing third party expertise so you can focus your time and resources on what’s core to your business.
While security is fundamental, and you need capability to secure your business in everything you do, resourcing it all internally is a rabbit hole you really don’t want to go down.
*ESG-ISSA The Life and times of Cybersecurity Professionals 2020