According to a study by the Center for Cyber Safety and (ISC)² 66% of enterprises don’t have the security skills or cybersecurity experts to address current digital threats. According to a survey by the University of Phoenix, 80% of U.S. adults have never considered a career in cybersecurity. Up to 50% had never heard of major cybersecurity roles like penetration tester. So it seems the security skills shortage plaguing enterprises across the world will continue for quite some time to come.
So what can your enterprise do to solve the security skills shortage in your own enterprise?
Build Employee Involvement
The security skills shortage can equally apply to dedicated IT professionals and to ordinary, non-IT employees. While the worries about the potentially 3.5 million unfilled cybersecurity jobs by 2021 are certainly pressing, even the most dedicated expert will need to work with other employees.
Without some knowledge of cybersecurity best practices, your security team will be fighting an uphill battle. This adds additional stress and responsibilities to their workloads, possibly increasing the burnout rate.
Instead, you need to get employees involved in bridging the security skills shortage. Your enterprise can start by building awareness of how their actions can influence your enterprise’s security posture. You can and should provide engaging, work-integrated training programs at regular intervals to instruct your employees on best practices.
The security skills shortage is already a struggle. Don’t compound it by keeping your other employees in the dark.
Put Security Skills on the Board
We’ve written previously about how C-Suite executives can often face the chopping block as a result of a data breach in their enterprise. Increasingly, enterprises’ board of directors have begun to adopted cybersecurity as an interest of focus—part of the ordinary business processes they already handle.
However, this isn’t happening nearly fast enough or widely enough for comfort. You board may not have the security skills necessary to understand cybersecurity in depth—to understand endpoint security is different from antivirus—but they can still bridge the shortage.
First, if there isn’t one already, a Chief Information Security Officer (CISO) should be appointed to the board of your enterprise. That individual can make sure new initiatives and current business process comply with cybersecurity best practices.
Secondly, C-Suite executives have to understand cybersecurity only works as well as the resources allocated to it. Simply having a legacy antivirus on your network isn’t enough, especially because legacy antivirus cannot keep up with the deluge of modern digital threats. Time, energy, and resources need to be devoted to keeping your cybersecurity platform up-to-date and supported with human expertise.
If All Else Fails, Find Security Skills Elsewhere
By which we mean find a managed security services provider (MSSP) best suited to your individual business needs and budget. MSSPs can provide greater perimeter monitoring, threat intelligence, and alert evaluation than any enterprise could perform with their security team alone. If finding human expertise is proving difficult for your business, it’s time to find outside help.
- Best Books for Defending the Digital Perimeter - September 14, 2021
- Apple Vulnerability Places All of Apple iOS at Risk - September 14, 2021
- CrowdStrike Releases 2021 Threat Hunting Report from Falcon OverWatch - September 13, 2021