I’ve been writing about the pervasive IT security skills shortage for the last few years and will continue to do so in 2013. I don’t know why this critical issue doesn’t receive more attention – you can mass produce antivirus software but until we can clone CISSPs, the security skills shortage will have an increasing impact on the state of cybersecurity. Here is an example of the scope of the security skills shortage. ESG research asked 257 security professionals working at enterprise organizations (i.e. more than 1,000 employees) to identify their biggest incident detection challenges. Here are a few of the results: • 39% said that their biggest incident detection challenge was a lack of adequate staffing in the security operations/incident detection/response teams • 28% said that their biggest incident detection challenge was that sophisticated security events have become too hard for us to detect (i.e. lack of the right skills) • 28% said that their biggest incident detection challenge was that their organizations lack the right level of security analysis skills needed. So many enterprises don’t have enough security professionals, or their existing security staff lacks the necessary level of security skills, or both. Any one of these issues will undoubtedly increase the time it takes to detect and respond to security events. Yikes! Since this problem is bound to get worse, CISOs need appropriate compensating controls and strategies. Incident detection must be anchored by massive data collection along with greater security technology intelligence, automation, and integration. These capabilities must replace today’s dependence on manual processes and security analyst brain power alone. Given the increasingly dangerous threat landscape, highly effective incident detection and response processes, technologies and skills are mission-critical. This is why the security skills shortage and its ramifications increase security risk for all of us.
Enterprises need to improve security intelligence, analytics, and automation to address skills deficits
Cybersecurity New Year’s Resolutions for All PC UsersNext Post
Kingpin: A great read for those interested in cybersecurity
The FCC on Tuesday warned that it will no longer tolerate hotels, convention centers or others to...
Its cloud business is now half the size of Salesforce, and the gap is closing quickly.
Buyers of the earthly explanation for whatever fell from the sky in Roswell, N.M. back in 1947 are...
Sponsored by AT&T
Sponsored by Brocade
Amazon Web Services today launched a new product to its expansive service catalog in the cloud:...
Years in the making, network upgrade enables Florida county to improve services while saving a bundle
It wasn't just Apple's best quarter ever. It was the best quarter any company has ever had, ever.
Social Engineers work on multiple levels. The key to their success is to target human nature and...