Article

Security management witnessing critical skill shortage in India

The global cyber security skills shortage has reached epic proportions

This article has been authored by Avi Corfas, VP (Asia-Pacific and Latin America), Skybox Security

The worldwide cyber security skills shortage has reached epic proportions. According to the 2015 “Global Information Security Workforce Study” (GISWS) from the (ISC)² Foundation, the information security workforce will reach a 1.5 million-man shortfall by 2020. At the same time, changes in technology including virtualization and IoT are making networks more complex to manage, and attackers have more tools, targets, and funding than ever before.

The situation remains equally turbulent in India where, according to an ISACA’s survey, around 30 percent of the respondents expected their organizations to witness a cyber attack, while a majority (92 percent) of respondents believed that cyber attacks ranked among the top three threats organizations face today.

While the Indian government is leaving no stone unturned to propel the adoption of digital technologies in the country, a fear of security breach amid the digital business transformation remains a major barrier to the initiative.

The survey also highlighted that about 87 percent of the respondents agreed to the fact that India faces a major shortage of skilled cyber security professionals.

This should be a recipe for disaster. But changes in security technologies are helping organizations rise to the challenge, and businesses are willing to buy in. Gartner predicted 2016 would see worldwide information security spending reach $81.6 billion. Cybersecurity Ventures also projects that by 2021, $1 trillion will be spent globally on cybersecurity, according to their Q3 2016 Market Report.

Where is all this spending going? What types of tools are becoming vital to security management and effective enough to prove its worth in security budgets?

Intelligently Automated

The most obvious response to a skills drought is to offload certain security functions to automated solutions. This reduces the resource burden of time-consuming yet necessary security tasks and allows people-power to be used for strategic roles.

While automation is well-suited for data collection, normalization, and analysis, CISOs are often reluctant to automate high-skill, high-stakes functions like vulnerability remediation or firewall change provisioning. In these complex processes, if automation is left to run without proper checks and balances, it can potentially compound operational issues and compromise security. Intelligent automation exists under a larger framework that considers the context of the attack surface – all the ways in which IT networks and systems are vulnerable to attacks. Context brings an understanding of how complex, automated processes could impact access, compliance, and vulnerabilities, among other security concerns. Intelligently automated tasks and workflows not only reduce initial resource burdens; they also produce downstream time-saving by avoiding rework due to human error or unforeseen security issues.

Program Over Product

Enterprise security programs are rife with point products that address a specific security need. But there are several problems inherent with point products: their data exists in silos, requiring it to be normalized and correlated with other solutions to understand security status; and they require niche talent to operate.

Evolved security programs are increasingly turning toward integrated security analytic solutions capable of increasing the intelligence gained from deployed products and the ROI of past purchases.

A fundamental aspect of integrated security analytic solutions is that they collect vast amounts of data from network and security products and services, then perform the data normalization, correlation and analysis to build contextual intelligence from the actual security environment. Instead of relying on niche talent to translate data from the point product they oversee, security programs using integrated security analytics can centralize management and source talent from a broader pool. What’s more, that talent can be used in strategic roles rather than data administration.

Security Through Visibility

The cyber security skills shortage is not just a hiring problem – it’s an attack readiness problem. Without the proper personnel, cyber threats can slip through the cracks. In lieu of robust staffs, security programs need solutions that translate complex data into a visual medium that can be digested quickly, informing proactive action and rapid threat response.

Attack surface visualization solutions provide a picture of an organization’s network topology and connections. But more than a network map, these model-driven solutions can utilize indicators of exposure (IOEs) to visualize and contextualize risk.

IOEs serve as early warning signs of security issues most likely to be exploited by an attacker and include items like new, exposed or concentrations of vulnerabilities, unsecured network configurations and risky access paths. By unifying traditionally disparate areas of risk under a common language, IOEs help security programs improve efficiency, communication, and collaboration across teams; displaying them in a consistent visualization that can be used for a variety of security processes further increases these benefits.

Taking the approach of security through visibility; emphasizing holistic strategy over dependence on point products; and utilizing contextualized, intelligently automated solutions, organizations can bridge the cyber security skills gap with a program built to tackle the security challenges of today and into the future.

Most Popular

The Red Mark has been established as a news portal to act as a conduit between the booming startup economy and the established, traditional players. Today's startups are tomorrow's small and medium business or large enterprise and we believe that no one can afford to be an island; if both work in tandem they can learn a lot from each other.

Contact Us

Address : 570, first floor, sector 22B , Gurgaon - 122015

Contact No. : 0124-4377494

For Any Query Please write below


Editorial : karma@theredmark.net

Advertisement : hem@theredmark.net

Subscribe to Our Newsletter





CAPTCHA


copy the digits from the image into this box

Copyright © 2016-2017 The Red Mark. All Rights Reserved.

To Top