HOME
NEWS

Skills Shortage Makes Business Vulnerable To Data Breach


By VARINDIA - 2018-03-07
Skills Shortage Makes Business Vulnerable To Data Breach

As the list of organizations falling prey to attackers increases with each passing year, the critical shortage of security experts is both widespread and alarming. Its time institutes prepare students to fuel the current demand. Companies are facing an uphill task in managing risks and threats owing to the paucity of skill, talent and staff, despite their increase in security spending.

 

Chaos rules when organizations attempt to make do with half-hearted measures that pass as business apathy. These measures have led to increasing workload on existing security staff, who spend most of the time fire-fighting emergency issues rather than proactively preparing the defences. The upshot of such exigent procedures is the rise in cybersecurity incidents.

 

FACTORS CONTRIBUTING TO RISING SECURITY INCIDENTS

 

Late last year, ESG and Information Systems Security Association (ISSA) undertook a research to study the contributing factors behind the constant wave of security events experienced by large and small organizations. Among other things, the survey revealed that negligible training and inadequate staffing were the root cause behind security events. The survey goes further than simply focusing on the jobs deficit; it also highlighted the wide-ranging impact that skills shortage is having on the organization. For instance, the survey respondents identified the following factors behind the increasing number of security events:

 

* Lack of training for non-technical employees has given rise to increased incidents. People simply do not understand the ramifications involved in opening a rogue attachment, clicking a malicious link, etc.

 

* Organizations have not sufficiently increased the security team’s strength to keep pace with business growth. In fact, organizations do not spare resources for even routine capacity building within the establishment, such as nurturing talent, etc.

 

* Management tends to narrowly view security as a compliance issue, a cost centre, and a business exigency. They are overlooking their responsibilities relating to data privacy and security.

 

* Increased workload and competing priorities continues to relegate the responsibilities of the security team to a lower level.

 

Skills deficit: The widening gap

 

Breach detection, threat mitigation, and incident response are only as good as the people tasked with handling them. These are people-intensive processes that depend on advanced skills, planning, and strategy. The top three roles mostly affected by the skills shortfall include the following:

 

* Security analysts and investigators, responsible for detecting and responding to security events

 

* Application security specialists, responsible for addressing all security issues in the development phase of an application

 

* Cybersecurity professionals, responsible for data privacy and safety in an enterprise’s cloud environment

 

It is interesting to note how organizations are trying to endure with the crisis on hand. They are offloading more work to the security pros, overwhelming them with new compliance details and checkpoints. Organizations are also finding it prudent to outsource certain security functions, such as risk assessment and mitigation, network monitoring and access management. Skills shortage has forced some organizations to train their junior staff wholesale, although this may not always be a productive effort considering the need at hand. As for the cyber teams, they are pushed to spend a disproportionate amount of time on high-priority issues and incident response. In what is perceived as an example of business apathy, crucial tasks such as planning, strategy, or training takes a back seat. Moreover, businesses have not been forthcoming with proactive measures to improve cybersecurity, streamline operations, or mitigate risk. More importance is given to responding to risks rather than proactively setting up the defence mechanism.

 

Addressing the shortfall

 

As the skills shortage only exacerbates the data security-business gap, organizations must align cybersecurity with business processes and work collaboratively with the security team. In the face of lacing resources, many CISOs are following the advice of leading Security Vendors, addressing cybersecurity requirements by undertaking these measures to alleviate pressures. These measures include:

 

* Reducing the attack surface by using advanced technologies that support micro-segmentation, identity-based access controls, threat intelligence gateways, encryption, and secure DNS services

* Automating processes such as data collection, event lifecycle management, and process workflow, after assessing the current requirements

* Investigating, evaluating, and deploying security solutions based on artificial intelligence (AI) so that threat detection can be seamless

* Constantly assessing the skill level of staff, and expeditiously training them to meet the new security demands

* Leveraging managed service and SaaS providers to address specific requirements that are beyond the capability of their organization

 

According to one estimate, total global cybersecurity spending will be more than $100 billion over the next four to five years.[i] The past couple of years witnessed massive security breaches world over; even the most secure of establishments had to bear the ignominy of losing data. Things are getting a lot more complicated with the enforcement of stringent regulations; EU GDPR is here to stay and so are the many other conventions of different industries, states, and economic blocs. The time is now for organizations to make haste and take remedial action rather than suffer a fate that weighs heavily on cost, business continuity, and organizational reputation.

 

Rahul Kumar
Country Manager, WinMagic

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA