Subscribe to our newsletter to get the latest scoop right into your inbox.
The worldwide cybersecurity skills shortage has reached epic proportions. The information security workforce will reach a 1.5 million-man shortfall by 2020. These meaty revelations were affirmed in the latest “Global Information Security Workforce Study” (GISWS) from the (ISC)² Foundation.
The changing dynamics of the technology including virtualisation and IoT are making networks more complex to manage, and attackers have more tools, targets and funding than ever before.
The situation remains equally turbulent in India where, according to an ISACA’s survey, around 30 percent of the respondents expected their organisations to witness a cyberattack, while a majority (92 percent) of respondents believed that cyberattacks ranked among the top three threats organisations face today.
Hence, these acute technological changes needs skilled cybersecurity professionals wherein survey highlights that about 87 percent of the respondents shared concerns on the shortage of talent pool.
While the Indian government is leaving no stone unturned to propel the adoption of digital technologies in the country, a fear of security breach amid the digital business transformation remains a major barrier to the initiative.
This should be a recipe for disaster. But changes in security technologies are helping organisations rise to the challenge, and businesses are willing to buy in. Gartner predicted 2016 would see worldwide information security spending reach $81.6 billion. Cybersecurity Ventures also projects that by 2021, $1 trillion will be spend globally on cybersecurity, according to their Q3 2016 Market Report.
Where is all this spending going? What types of tools are becoming vital to security management and effective enough to prove its worth in security budgets?
The most obvious response to a skills drought is to offload certain security functions to automated solutions. This reduces the resource burden of time-consuming yet necessary security tasks, and allows people-power to be used for strategic roles.
While automation is well-suited for data collection, normalisation and analysis, CISOs are often reluctant to automate high-skill, high-stakes functions like vulnerability remediation or firewall change provisioning. In these complex processes, if automation is left to run without proper checks and balances, it can potentially compound operational issues and compromise security. Intelligent automation exists under a larger framework that considers the context of the attack
surface – all the ways in which IT networks and systems are vulnerable to attacks. Context brings an understanding of how complex, automated processes could impact access, compliance and vulnerabilities, among other security concerns. Intelligently automated tasks and workflows not only reduce initial resource burdens; they also produce downstream time-saving by avoiding rework due to human error or unforeseen security issues.
Program Over Product
Enterprise security programs are rife with point products that address a specific security need. But there are several problems inherent with point products: their data exists in silos, requiring it to be normalised and correlated with other solutions to understand security status; and they require niche talent to operate.
Evolved security programs are increasingly turning toward integrated security analytic solutions capable of increasing the intelligence gained from deployed products and the ROI of past purchases.
A fundamental aspect of integrated security analytic solutions is that they collect vast amounts of data from network and security products and services, then perform the data normalisation, correlation and analysis to build contextual intelligence from the actual security environment. Instead of relying on niche talent to translate data from the point product they oversee, security programs using integrated security analytics can centralise management and source talent from a broader pool. What’s more, that talent can be used in strategic roles rather than data administration.
Security Through Visibility
The cybersecurity skills shortage is not just a hiring problem – it’s an attack readiness problem. Without the proper personnel, cyberthreats can slip through the cracks. In lieu of robust staffs, security programs need solutions that translate complex data into a visual medium that can be digested quickly, informing proactive action and rapid threat response.
Attack surface visualisation solutions provide a picture of an organisation’s network topology and connections. But more than a network map, these model-driven solutions can utilise indicators of exposure (IOEs) to visualise and contextualise risk.
IOEs serve as early warning signs of security issues most likely to be exploited by an attacker, and include items like new, exposed or concentrations of vulnerabilities, unsecure network configurations and risky access paths. By unifying traditionally disparate areas of risk under a common language, IOEs help security programs improve efficiency, communication and collaboration across teams; displaying them in a consistent visualisation that can be used for a variety of security processes further increases these benefits.
Taking the approach of security through visibility; emphasising holistic strategy over dependence on point products; and utilising contextualised, intelligently automated solutions, organisations can bridge the cybersecurity skills gap with a program built to tackle the security challenges of today and into the future.
A generic movie-buff, passionate and professional with print journalism, serving editorial verticals on Technical and B2B segments, crude rover and writer on business happenings, spare time playing physical and digital forms of games; a love with philosophy is perennial as trying to archive pebbles from the ocean of literature. Lastly, a connoisseur in making and eating palatable cuisines.
Shibu Paul | Regional Director, India, GCC & SEA |Array Networks
Surendra Singh, Country Director, Forcepoint
Vishal Goyal, Senior Manager - Technical Marketing, Analog and MEMS Group, RF, Sensors and A...
Souma Das, Managing Director, Qlik India
Rajesh Shewani, Head, Technology and Solution Architecture, Teradata India
May 29, 2017
Mar 03, 2017
Jul 27, 2017Designed to meet the long lifecycle needs of COTS contractors Artesyn Embedded Technologies launched a powerful new packet processing and high performance server blade, the ATCA-7540, based on dual Intel Xeon Scalable processors (codename Skylake), which were recently announced. Key Nuggets...
Aug 24, 2017The test included Spirent’s quint-speed 100/50/40/25/10G MX3 traffic modules running at 50G speed Spirent Communications announced that Network...
Jul 20, 2017Limelight Networks announces establishment of three new Points-of-Presence (PoPs) in India panning across Bombay, Chennai and Delhi. The new PoPs is...