HOME
NEWS

Security Management Witnessing Critical Skill Shortage in India


By VARINDIA - 2017-01-27
Security Management Witnessing Critical Skill Shortage in India

 

 

 

The massive gap in demand vs. supply is driving organisations in the country to deploy automated, integrated security architectures rather than product-driven security management

 

The worldwide cybersecurity skills shortage has reached epic proportions. According to the 2015 “Global Information Security Workforce Study” (GISWS) from the (ISC)² Foundation, the information security workforce will reach a 1.5 million-man shortfall by 2020. At the same time, changes in technology including virtualisation and IoT are making networks more complex to manage, and attackers have more tools, targets and funding than ever before.

 

The situation remains equally turbulent in India where, according to an ISACA’s survey, around 30 percent of the respondents expected their organisations to witness a cyberattack, while a majority (92 percent) of respondents believed that cyberattacks ranked among the top three threats organisations face today.

 

While the Indian government is leaving no stone unturned to propel the adoption of digital technologies in the country, a fear of security breach amid the digital business transformation remains a major barrier to the initiative.

 

The survey also highlighted that about 87 percent of the respondents agreed to the fact that India faces a major shortage of skilled cybersecurity professionals.

 

This should be a recipe for disaster. But changes in security technologies are helping organisations rise to the challenge, and businesses are willing to buy in. Gartner predicted 2016 would see worldwide information security spending reach $81.6 billion. Cybersecurity Ventures also projects that by 2021, $1 trillion will be spend globally on cybersecurity, according to their Q3 2016 Market Report.

 

Where is all this spending going? What types of tools are becoming vital to security management and effective enough to prove its worth in security budgets?

 

Intelligently Automated

 

The most obvious response to a skills drought is to offload certain security functions to automated solutions. This reduces the resource burden of time-consuming yet necessary security tasks, and allows people-power to be used for strategic roles.

 

While automation is well-suited for data collection, normalisation and analysis, CISOs are often reluctant to automate high-skill, high-stakes functions like vulnerability remediation or firewall change provisioning. In these complex processes, if automation is left to run without proper checks and balances, it can potentially compound operational issues and compromise security. Intelligent automation exists under a larger framework that considers the context of the attack

 

surface – all the ways in which IT networks and systems are vulnerable to attacks. Context brings an understanding of how complex, automated processes could impact access, compliance and vulnerabilities, among other security concerns. Intelligently automated tasks and workflows not only reduce initial resource burdens; they also produce downstream time-saving by avoiding rework due to human error or unforeseen security issues.

 

Program Over Product

 

Enterprise security programs are rife with point products that address a specific security need. But there are several problems inherent with point products: their data exists in silos, requiring it to be normalised and correlated with other solutions to understand security status; and they require niche talent to operate.

 

Evolved security programs are increasingly turning toward integrated security analytic solutions capable of increasing the intelligence gained from deployed products and the ROI of past purchases.

 

A fundamental aspect of integrated security analytic solutions is that they collect vast amounts of data from network and security products and services, then perform the data normalisation, correlation and analysis to build contextual intelligence from the actual security environment. Instead of relying on niche talent to translate data from the point product they oversee, security programs using integrated security analytics can centralise management and source talent from a broader pool. What’s more, that talent can be used in strategic roles rather than data administration.

 

Security Through Visibility

 

The cybersecurity skills shortage is not just a hiring problem – it’s an attack readiness problem. Without the proper personnel, cyberthreats can slip through the cracks. In lieu of robust staffs, security programs need solutions that translate complex data into a visual medium that can be digested quickly, informing proactive action and rapid threat response.

 

Attack surface visualisation solutions provide a picture of an organisation’s network topology and connections. But more than a network map, these model-driven solutions can utilise indicators of exposure (IOEs) to visualise and contextualise risk.

 

IOEs serve as early warning signs of security issues most likely to be exploited by an attacker, and include items like new, exposed or concentrations of vulnerabilities, unsecure network configurations and risky access paths. By unifying traditionally disparate areas of risk under a common language, IOEs help security programs improve efficiency, communication and collaboration across teams; displaying them in a consistent visualisation that can be used for a variety of security processes further increases these benefits.

 

Taking the approach of security through visibility; emphasising holistic strategy over dependence on point products; and utilising contextualised, intelligently automated solutions, organisations can bridge the cybersecurity skills gap with a program built to tackle the security challenges of today and into the future.

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA