Closing the Gap
By 2021, there will be an estimated 3.5 million jobs in the cybersecurity industry that do not have trained personnel to staff them. In the same period, cybercrime costs are expected to double from $3 trillion to $6 trillion. With costs this staggering, the lack of trained cybersecurity analysts should alarm any business.
While all industries are affected by the cybersecurity skills gap, there are a few that are being especially targeted by hackers and need a solution sooner. For instance, healthcare has a reputation of being an easy target since doctors and patients require immediate access to data. If a hacker can infiltrate a healthcare network and inject ransomware, hospitals will often pay them so they can access their patient records and not put anyone’s life at risk. We saw this on full display earlier this year when NotPetya wreaked havoc through several healthcare organizations.
Financial services have also been a favorite target for cybercriminals. This is due mostly to the perceived access to money. If hackers lock up a bank system, it seems obvious that the bank would simply pay a ransom to unlock their customer accounts. There’s also the value of all the financial data that the hackers would be able to access by breaching a network.
Government is also a prime target for hacktivism, especially since governmental organizations are often understaffed. It isn’t uncommon to find government websites defaced or email servers hacked and then the information leaked as an act of retaliation. Indeed, governments are the prime target of Advanced Persistent Threats, which is why it has the most need for skilled cybersecurity practitioners.
Impact on Businesses
There are a number of ways that the cybersecurity skills gap is impacting businesses. The biggest way is the lack of a strong security program. Without properly trained staff to analyze security threats and keep the organization infrastructure protected against present and future threats the best security tools in the world will not be effective, essentially making businesses sitting ducks for criminals. In addition, statistics say that over 60 percent of small businesses will not survive longer than six months after they’ve been the victim of a cyber attack, which demonstrates the massive economic risk poor security can present.
The other major impact is staffing costs. Since cybersecurity is a highly demanded, specialized skill set, there is a greater cost to retain top talent in the industry. Often times companies may pay to train a new hire on their security team only to see that same employee hop at the opportunity to take a higher paying job at a larger organization. This cost amplifies itself when you consider a strong security team will include security analysts, incident responders and forensic investigators along with the requirements of larger organizations that need blue and red teams to test their defenses and security training for their staff.
It will be a long time before the industry is at a capacity to protect the businesses that need it. It will require a partnership between governments and educational institutions, as well as businesses themselves, to recognize both micro certifications and major cybersecurity certifications.
In the meantime, organizations need to augment their security team’s efforts and improve the efficiency of their current staff while still effectively protecting their most valuable data. There are several ways in which organizations can accomplish this. One way is through intelligent automation, which will help complete some of the more mundane tasks that would otherwise be taken on by security or IT personnel. A second and often overlooked way organizations can improve the efficiency of their current staff is by auditing their current security tools and seeing if there is any overlap in functionality. If so, it may be a good idea to think about whether having both tools is necessary or if it is just an additional cost that does not provide any true value.
If you want to see how SentinelOne may be able to help improve your existing security team’s efficiency you can request a private demo for your organization by CLICKING HERE.