Over the years, cybersecurity has grown to become a global issue. The latest PWC 2018 CEO survey has listed cyber threats as one of the top four threats to business growth prospects alongside terrorism, geopolitical uncertainty, and over-regulation. However, there is a bigger problem to solve!
The rapid rise in cyber-attacks seems inversely proportional to the available cybersecurity workforce. The cybersecurity skill shortage situation is bordering on becoming a full-blown crisis. According to recent estimates, there will be as many as 3.5 million unfilled positions in the industry by 2021. According to Dark Reading, only 14% of IT security managers feel there are currently enough cybersecurity professionals in the field with the needed skills to hunt down and respond to threats.
On one side, we see enterprises and government institutions being hacked on a daily basis. Converged networks have created new pathways for cybercriminals to launch malicious attacks – attacks that can take months to detect. The increasingly complex and sophisticated nature of attacks requires security experts to be all the more diligent and proactive in their approach. Opposing this onslaught is an industry facing a widening cybersecurity skills shortage.
Modern security landscape and the evolution of the security role
There is a need for dedicated, well-trained and fast-learning teams of cybersecurity professionals to tackle these new-age security problems. Looking at the nature of attacks, it’s evident that the traditional approach of securing perimeters, monitoring alerts, looking at logs and so forth is just not enough. Today’s security professionals need to be aware not only of hardware systems and security products, but also the domain, political landscape, and financial implications to name a few.
It is evident that the modern generation of cybersecurity professionals has to continually train themselves, start thinking beyond traditional means of security, and adopt a comprehensive and holistic approach to secure their organization’s systems, data, and repute.
The security role has evolved from being infrastructure focused to a pivotal business aligned function. Security leaders have a broader mandate – building a cyber-resilient and cyber-aware culture within the organization.
With the existing skill gap and current security dynamics, there is a real need to attract, retain, and groom talent to build highly proactive security teams. The industry, including private and public sectors as well as academia, needs to collaborate to solve this challenge. A significant investment in training is essential to help team members keep pace with the evolving threat landscape. Grooming existing team members to take on new security roles can be a productive step forward toward achieving the goal.
Time for a technology rethink!
Is skill shortage merely a human interface challenge? Can technology usher in the much-needed respite?
Given the rapid rise in the number and nature of malware attacks, it is clear that traditional detection-based layered security technologies are simply unable to prevent the modern, sophisticated type of attacks. To add to this, the reactive layered security approach keeps the security teams constantly busy analyzing multiple alerts – to sort the real versus the fake. At 80% false positive alerts, this continuous cycle of chase strains the limited security resources and doesn’t ensure complete protection against attacks.
There is a need for a simple and effective security approach: one that is easy to deploy, manage and ensures protection. A proactive security approach based on isolation-based security can be an ideal solution. It doesn’t follow the reactive detect and prevent protocol. Rather, a malware isolation approach simply isolates all the web-content in a VM container away from the enterprise endpoint. Then by transforming the web-content into a benign, malware-free format before delivering it to the end user- it helps overcome the problem of chasing alerts.
Thus the proactive isolation-based security model could help address the growing cyber skill shortage, as it helps in freeing up security resources for strategic initiatives along with ensuring complete freedom from sophisticated web-based malware.