There are few verticals that can boast a 0% unemployment rate, but cybersecurity is one of them. There are far more job openings than there are skilled professionals to fill them. This is despite many efforts to train, upskill and reskill people to close this talent gap. With almost three million unfilled cybersecurity positions around the world, the industry needs to come to grips with the serious nature of this skills gap.
The speed at which the threat landscape is evolving is one of the primary contributors to the increasing skills gap. The number of threats being thrown at security analysts is increasing daily, as is the number of successful breaches against businesses worldwide. In 2017, IBM estimated that organisations receive 200,000 security events each day – an impossible number for any human analyst to keep up with. Just imagine how much that figure has grown since then.
Too much work, not enough workers
The impact on security analysts is significant. They suffer from mental fatigue as they spend countless hours monitoring vast numbers of alerts looking for that needle in a haystack. This has led to a generation of security analysts who are drained, stressed and frustrated. A research study by Enterprise Strategy Group and the Information Systems Security Association International revealed that as staffing shortages create a larger workload, security professionals spend more time fighting fires than performing more high-value and engaging work – a recipe for burnout.
This situation is not inevitable, but it does require a new strategy to remediate. While education and training programs are extremely important in fostering critical IT knowledge and skills needed both today and tomorrow, the talent shortage is no longer something humans can fix. It’s time the industry realised that we can’t educate ourselves out of the skills gap crisis and instead look at feasible alternative solutions, in collaboration with machines.
Getting an assist from machines
If security professionals are to proactively protect their organisation, their cybersecurity strategy needs to find the right balance of human and machine by marrying analysts with automation.
Security analysts will be able to save a huge amount of time if they are able to integrate automation into a company’s network, endpoint and intrusion monitoring workflow. The mundane, repetitive tasks like monitoring will be left to machines, decreasing the burdens placed on security teams and simplifying their tech stack. This will increase the effectiveness and efficiency of the entire security team, empowering analysts to thrive in their roles.
Cyber threats are evolving so quickly that to keep up with them, intelligent security solutions need to do more than automate tasks – they need to support decision making, too. That’s where robotic decision automation (RDA) comes into play.
RDA is different from robotic process automation (RPA), which merely automates specific steps in a process. RDA leverages probability theory provides advanced machine learning and uses the judgement and reasoning of a seasoned human analyst to make actionable decisions faster than ever before. RDA monitors, analyses, decides and learns with the scale, speed and depth of consistent analysis found only in software.
With RDA’s expert decision-making capabilities on board, the human members of security teams can proactively hunt threats, putting their skills and their time to good use. What’s more, RDA simplifies the security tech stack and improves analyst job satisfaction by arming SecOps teams with the right software to work smarter, not harder.
Successful security: Five tips
Even if you don’t have a huge budget, there are five tips for managing a successful security program:
- Create a value-based asset hierarchy: If you notice high-value assets and accounts in alerts, it certainly make the alerts worthier of analysis and can increase the likelihood of an actual attack. Similarly, vulnerability data and intelligence aid in understanding what could be an attack and what is likely not an attack
- Rank your sources of security data: Instead of getting overwhelmed by the tsunami of data types, focus on alerting technologies that provide better indications of compromise than others. The two primary technologies here are Network Intrusion Detection and Prevention and Endpoint Detection and Response
- Deploy machine automation: By eliminating the need to perform many of the manual tasks performed over the last several decades, machine automation has changed the game. The right automation solution increases security capacity and capability while reducing operating costs
- Demonstrate success with metrics: There are three operational metrics you should use to gain optimum visibility into your security programs’ performance and track improvements: coverage, Time to Detection and Time to Resolution
- Platforms over applications: Avoid platforms that are complex and require extensive configuration. Avoid software that requires consultants or project plans or that lack scalability
Security through automation
The volume of security alerts today exceeds human analytical capability. Security analysts are hard to come by, so chronically understaffed organisations watch their analysts work long hours at tedious tasks and, eventually, burn out. But it doesn’t have to go this way if organisations put the right technology in place – technology that automates security analysis and relieves the burden. This makes for happier analysts who are freed to pursue more interesting, higher-value work and a more secure network, as well.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, Cyber Security & Cloud Expo and 5G Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.