How governments can plug the cybersecurity skills gap
By Bassam Khan
Bassam Khan, VP of Product and Technical Marketing at Gigamon, analyses the findings of the 2019 Cyberthreat Defense Report.
The lack of cybersecurity talent ranks among the top five key findings of the 2019 Cyberthreat Defense Report, which surveyed 1,200 IT security decision makers and specialists from 17 countries. Personnel shortage was one of the top three reasons that respondents cited as standing in the way of defending against cyber threats.
What does this mean for governments in the region? Security teams have to adapt so that they can still keep sensitive public sector systems secure and resilient.
What is the challenge?
The cybersecurity skills gap is growing, and fast. 84 percent of the surveyed organisations are experiencing a skills shortage, an increase of 3 percent from 2018. Singapore is among the top three countries most affected, the report says.
IT security administrator positions, which typically require a broader depth of experience and expertise, are the most difficult to recruit. Interestingly, the report also points out that the government sector appears to be the least affected by the shortage when compared to others - but given that almost 82 percent of government respondents say they face this shortage, that is still a big number.
What is most worrying is that the skills shortage is expected to “persist into the foreseeable future”. 2.9 million cybersecurity roles remain unfulfilled globally as of 2018. Education systems struggle to offer adequate cybersecurity courses, which exacerbates things, Forbes reported recently. At the same time, the bad guys are constantly coming up with new and creative ways to disrupt systems and launch sophisticated attacks.
The skills gap is directly impacting organisations’ security all over the world, weakening their defences. This is why many are resorting to methods that do not actually require humans to do the job.
What can your agency do?
The report notes that ‘too much data to analyse’ has been consistently in the top few obstacles that respondents cite as barriers to strong cybersecurity. Here, security analytics tools can help by rigorously analysing heaps of data flowing through an organisation’s systems. This way, IT folks are able to ‘cut through the noise’ and pick out potential threats.
One approach is using “security orchestration, automation, and response”, or SOAR tools. They help organisations to bring automation, speed and accuracy into how they conduct security operations - ranging from managing vulnerabilities to responding to security incidents.
The report findings reveal how organisations have mainly been using the SOAR tools to improve how they manage cyber threats. This typically includes collecting data on suspicious activity, validating and prioritising these data, and responding to the incidents that have been confirmed as threats.
[blockquote]Over 90 percent of surveyed organisations have invested in either artificial intelligence, machine learning, or both, in their efforts to fight advanced cyber threats.
[/blockquote]Another approach that is gaining traction in the cybersecurity circles is AI. Over 90 percent of surveyed organisations have invested in either artificial intelligence, machine learning, or both, in their efforts to fight advanced cyber threats.
Of these, over 80 percent are “already seeing a difference” from using AI and ML technologies as part of their security strategy, the report says. Based on these figures, such technologies could even be indispensable to an organisation’s ability to detect advanced threats.
A better way to decrypt network data
Because of the ever-increasing amount of encrypted traffic, decryption tools are rising in prominence as well. Almost 60 percent of organisations say that they use these tools in their current security strategies, and almost 30 percent are keen to procure decryption tools.
However, the “perceived adequacy” of decryption tools is low. 73.9 percent of respondents agree that “efficiently decrypting network traffic remains a challenge”. What’s more, hard-to-monitor blind spots persist around the infrastructure, respondents believe.
To fix this, security teams need centralised data decryption solutions, such as those offered by Gigamon. A decryption tool works by observing all traffic, whether in and out or within their network, keeping an eye out for any suspicious activity from a central location.
This tool will only pass relevant decrypted data to specific cybersecurity tools. It provides total visibility into traffic; helps reduce overall load on an agency’s security infrastructure; and also supports security teams who are struggling to analyse the onslaught of data coming into their systems.
The lack of the right cybersecurity talent can be devastating to any agency or organisation. But security strategies can evolve, enhanced by technology. What is clear is that if you have total visibility into all your systems, you are one step closer to much stronger cybersecurity.
Bassam Khan serves as Gigamon Vice President of Product and Technical Marketing Engineering, responsible for positioning and promoting the company’s products and solutions, as well as corporate and go-to-market strategy. Bassam brings a strong track record of more than 20 years managing products and marketing for security, cloud and collaboration technology companies.