This article has been authored by Avi Corfas, VP (Asia-Pacific and Latin America), Skybox Security
The worldwide cybersecurity skills shortage has reached epic proportions. According to the 2015 “Global Information Security Workforce Study” (GISWS) from the (ISC)² Foundation, the information security workforce will reach a 1.5 million-man shortfall by 2020. At the same time, changes in technology including virtualisation and IoT are making networks more complex to manage, and attackers have more tools, targets and funding than ever before.
The situation remains equally turbulent in India where, according to an ISACA’s survey, around 30 percent of the respondents expected their organisations to witness a cyberattack, while a majority (92 percent) of respondents believed that cyberattacks ranked among the top three threats organisations face today.
While the Indian government is leaving no stone unturned to propel the adoption of digital technologies in the country, a fear of security breach amid the digital business transformation remains a major barrier to the initiative.
The survey also highlighted that about 87 percent of the respondents agreed to the fact that India faces a major shortage of skilled cybersecurity professionals.
This should be a recipe for disaster. But changes in security technologies are helping organisations rise to the challenge, and businesses are willing to buy in. Gartner predicted 2016 would see worldwide information security spending reach $81.6 billion. Cybersecurity Ventures also projects that by 2021, $1 trillion will be spend globally on cybersecurity, according to their Q3 2016 Market Report.
Where is all this spending going? What types of tools are becoming vital to security management and effective enough to prove its worth in security budgets?
The most obvious response to a skills drought is to offload certain security functions to automated solutions. This reduces the resource burden of time-consuming yet necessary security tasks, and allows people-power to be used for strategic roles.
While automation is well-suited for data collection, normalisation and analysis, CISOs are often reluctant to automate high-skill, high-stakes functions like vulnerability remediation or firewall change provisioning. In these complex processes, if automation is left to run without proper checks and balances, it can potentially compound operational issues and compromise security. Intelligent automation exists under a larger framework that considers the context of the attack surface – all the ways in which IT networks and systems are vulnerable to attacks. Context brings an understanding of how complex, automated processes could impact access, compliance and vulnerabilities, among other security concerns. Intelligently automated tasks and workflows not only reduce initial resource burdens; they also produce downstream time-saving by avoiding rework due to human error or unforeseen security issues.
Program Over Product
Enterprise security programs are rife with point products that address a specific security need. But there are several problems inherent with point products: their data exists in silos, requiring it to be normalised and correlated with other solutions to understand security status; and they require niche talent to operate.
Evolved security programs are increasingly turning toward integrated security analytic solutions capable of increasing the intelligence gained from deployed products and the ROI of past purchases.
A fundamental aspect of integrated security analytic solutions is that they collect vast amounts of data from network and security products and services, then perform the data normalisation, correlation and analysis to build contextual intelligence from the actual security environment. Instead of relying on niche talent to translate data from the point product they oversee, security programs using integrated security analytics can centralise management and source talent from a broader pool. What’s more, that talent can be used in strategic roles rather than data administration.
Security Through Visibility
The cybersecurity skills shortage is not just a hiring problem – it’s an attack readiness problem. Without the proper personnel, cyberthreats can slip through the cracks. In lieu of robust staffs, security programs need solutions that translate complex data into a visual medium that can be digested quickly, informing proactive action and rapid threat response.
Attack surface visualisation solutions provide a picture of an organisation’s network topology and connections. But more than a network map, these model-driven solutions can utilise indicators of exposure (IOEs) to visualise and contextualise risk.
IOEs serve as early warning signs of security issues most likely to be exploited by an attacker, and include items like new, exposed or concentrations of vulnerabilities, unsecure network configurations and risky access paths. By unifying traditionally disparate areas of risk under a common language, IOEs help security programs improve efficiency, communication and collaboration across teams; displaying them in a consistent visualisation that can be used for a variety of security processes further increases these benefits.
Taking the approach of security through visibility; emphasising holistic strategy over dependence on point products; and utilising contextualised, intelligently automated solutions, organisations can bridge the cybersecurity skills gap with a program built to tackle the security challenges of today and into the future.