Cybersecurity Staffing in Crisis: What Can You Do?
Bad news everyone: the cybersecurity staffing crisis continues to worsen by the day. In fact, the problem seems to worsen faster than anyone expected.
According to the (ISC)² Cybersecurity Workforce Study, the cybersecurity staffing crisis consists of a workforce gap of nearly 3 million professionals around the world. In addition, (ISC)² found:
- 63% of enterprises need more cybersecurity staff.
- 59% of enterprises face increased risk due to the cybersecurity staffing crisis.
- 36% of respondents refer to the skills gap as their top concern.
Unfortunately, enterprise demands for more IT security professionals exceed the number of professionals receiving training or staying in the InfoSec job market. The consequences of an insufficient cybersecurity staff can prove disastrous; according to the National Cyber Security Alliance, 60% of small to midsize businesses close within six months of suffering a data breach. Having a full IT security team can help prevent and mitigate breaches.
So what can your enterprise do to offset the cybersecurity staffing crisis? How can you bring more IT security professionals into your workforce? And how do you retain them after hiring them on? Here are our recommendations:
Don’t Restrict Your Candidate Pool
Many enterprises find it easy to think of cybersecurity professionals as stemming exclusively from the STEM fields. In many ways this makes sense; IT security obviously builds itself on technology and algorithms, which would be second nature to those interested in the hard sciences.
However, being too selective in the security hiring process contributes to the cybersecurity staffing crisis; it means enterprises turn away perfectly qualified candidates for not having the “right” degrees.
STEM skills can strengthen your cybersecurity posture, of course. However, your InfoSec team requires other skills such as collaboration, communication, adaptability, and creativity to be fully well-rounded. What matters in a candidate may not be the knowledge of information technology but the capability of learning about technology in a productive manner.
Additionally, you need to make sure you draw upon a diverse pool of information security professionals. Drawing only from a homogenous pool contributes to the cybersecurity staffing crisis. Women only constitute 11% of the InfoSec workforce, for instance. Not having a diverse security staff not only results in the perpetuation of injustices but a lack of different perspectives when dealing with security events.
Provide Your Cybersecurity Staff With Good Benefits
Burnout continues to plague the InfoSec community. Calling these jobs “stressful” would be an exercise in extreme understatement. IT security professionals have to:
- Participate in threat hunting.
- Analyze security alerts.
- Train employees in security best practices.
- Ensure endpoint protection for all devices, including BYOD.
- Maintain threat detection, EDR, and other monitoring capabilities.
In other words, cybersecurity represents a 24/7, 365-days-a-week job with no end to its demands. That so many employees burn-out under such pressure should not surprise anyone. Moreover, the cybersecurity staffing crisis actually adds to the stress, as it puts more pressure on the staff members you already employ.
Therefore, making the lives of your cybersecurity staff as pleasant as possible should be a high priority. Ensure they are more than adequately paid and receive good benefits, including good vacation policies and sick time. Incentivizing the job will help employees feel valued and will reduce the burnout rate.
Additionally, you should make sure your employees have a good work-life balance, which will help prevent burnout entirely. If you continually demand your employee prioritize your security over their health, eventually their spirit and focus will erode.
Offer Continual Training
Training may appear an obvious suggestion. However, it often ends up neglected in many enterprises, contributing to the cybersecurity staffing crisis. Ensuring your cybersecurity staff has adequate training as they begin their jobs and as technology evolves relieves pressure on your IT staff and reduces burnout. If your staff knows what to do, they can collaborate more effectively and contribute equally.
On the other hand, training your employees reduces the attack surface of your enterprise and reduces the workload on the IT team. In both cases, training should be continuous, engaging, and relevant to your employees and team members.
Above all, the cybersecurity staffing crisis can be solved with sincere effort on the part of enterprises, including yours. Your hiring and employment practices will dictate whether hackers get the upper hand in this digital battle. If you can provide the right staff to work alongside your endpoint security solution, hackers will fear to attack you.