Recent surveys carried out by the Ponemon Institute and Juniper Networks have found that 65% of organizations lack adequate numbers of security staff to deal with cyber-attacks. The survey suggests that part of the reason why this is the case could be attributed to a lack of security talent on offer and a lack of security training provided by organizations.
Unfortunately, the same survey states that this lack of security staff is a prime reason for the increase we are seeing in the volume of data breaches each year.
Lack of Training and Getting Left Behind
57% of respondents to the survey reported that they struggled to find the appropriate staff to deal with cyber-attacks (whether this be from within the organization or hiring externally). This could be down to several reasons, including the fact that the operational differences between IT and security departments are becoming fewer. As the roles change and become more security focused, many IT staff are being left behind without the appropriate training in place.
To address this, organizations should encourage their technical staff to be more flexible in their skillsets and evolve in accordance with technology. To assist with this, organizations should restructure to place the focus more on data security and offer the appropriate training and targets for IT staff that are transitioning into the role.
Training should not just be limited to IT or security staff either. The C-suite, including CEOs, CISOs, CTOs and others, need to have a good level of technical knowledge themselves. IT security should become an organization-wide issue, not just the responsibility of one department.
This will take time. In the meantime, what can you be doing to ensure that the lack of security staff in your organization doesn’t lead to a significant data breach going unnoticed?
How Automation Can Manage the Skills Gap
Defending against cybercrime is a complex task that requires you to have a multi-tiered approach in order to be effective. This can include (but is not limited to) patching, password policies, software updates, proactive data security and awareness training.
To implement a multi-tiered cybersecurity strategy using the current manpower most organizations have would be incredibly difficult. This is where technology and automation are looking to bridge the gap.
Cybersecurity technology is beneficial in numerous ways, not least in helping to maximize productivity and automate threat detection. The fact that this technology can run uninterrupted and proactively monitor cybersecurity threats means that it essentially acts as an omnipotent member of the security team.
Generally, the market agrees that automation is the way to bridge this gap, as 70% of the survey participants held the view that automation was essential to security their business. However, a staggering 63% of respondents indicated that they had difficulties installing automated security software.
I’m not surprised by that last statistic, as many security vendors provide overly complex software that can take an age and a whole team to install and implement. Automated security software should be simple to install, easy to manage and provide instant, valuable insight into the data security posture of your organization. Such solutions should be so simple yet powerful that the C-suite, for which security is quickly becoming a primary concern, can instantly see the business value.
That’s the dream anyway.
LepideAuditor is a data-centric audit and protection solution that has been designed to act as a fully functional member of your security team. More than that, LepideAuditor will be working night and day, continuously monitoring the security of your data and alerting you if it spots anything unusual.
We think it’s a false economy to focus your security efforts on endpoints, systems and overall IT infrastructure. After all, it’s the data that you’re trying to protect, so why not put data security first.
LepideAuditor helps you do just that by ensuring that you can discover and classify sensitive data, identify who has access to it and spot whenever changes are taking place to it (or the systems surrounding it). It requires very little, if no training at all to get value from and you get it up and running in just a few hours (far less time than it would take you to train up a new member of staff!).