Bridging the cyber security skills gap

It’s common knowledge that there is a large and widening gap between the skills and expertise needed to protect the world from cyber-attacks, and what’s actually available. And in a global environment where attacks are becoming more frequent, more sophisticated and more damaging, it’s one of the biggest challenges the IT world is facing.

The (sort of) reassuring news is that IT decision-makers are starting to fully appreciate the scale and consequences of the skills shortage. In a survey conducted by Ponemon, the lack of competent in-house staff was singled out as the threat that’s worrying CISOs and IT security pros more than any other in 2018.

Major organisations and governments are taking action to address the problem. For example, the UK government’s Department for Digital, Culture, Media and Sport will soon beginning a £20million training programme for cyber security skills, aimed at attracting and developing students aged between 14 and 18. But while initiatives like these will help solve the problem long-term, there’s no time to lose in improving cyber security in the short-term.

So in this blog, we’ll look at four ways that cyber security skills and expertise can be improved for today’s needs, whether that’s for service providers like you, or the enterprise clients you support.

 

Look at new areas for new expertise

With cyber security job vacancies proving to be increasingly difficult to fill, many organisations are starting to look beyond traditional career paths. And in their quest to uncover people who may have transferable skills, one particular group of people has stood out – gamers.

A McAfee study has found that more than 90 per cent of security managers and professionals surveyed believe that gamers generally possess the right skill-set for effective cyber security work. That’s because the perseverance, endurance and problem-solving skills required to succeed in many modern games can all be useful attributes in the fight against cyber-crime. As attacks and malicious activities become more and more complex, the different ways of thinking found in those that have been gaming from a very early age could be helpful in combatting even the most invincible-looking malware.

 

Invest in people throughout your organisation

It’s important to take a wider view beyond your IT security team. Every single person in an organisation, whatever their department, has a role to play in keeping data and devices protected. Having the best security experts in the world at your disposal is pointless if the rest of the company’s lack of awareness leads to vulnerabilities through human errors.

That’s why breeding a strong security culture through a workforce is so valuable. Even if it consists of basic and seemingly obvious training like good password practice or taking better care of USB drives, or more detailed education like spotting fake emails or securing BYOD devices, it can help cut down on preventable attacks in the short and long-term.

 

Organise permissions and access privileges

There is another way to clamp down on vulnerabilities and errors made by non-security staff, one that takes a technological approach instead of a human one. In a modern world where computing-based business operations are more complex than ever, it’s never been more critical to make sure that the right people have the right access to the right parts of an infrastructure.

Managing different levels of access and permissions for large numbers of staff can be hugely time-consuming, especially when evolving IT infrastructures and business needs mean that requirements for individual employees are constantly changing. This is where security management systems come into play, making changes to individuals’ permissions possible in just a few clicks, whether for an on-premise terminal or for a mobile device.

 

Use unified cloud security to reduce complexity

While the vast majority of organisations are now using the cloud for at least some of their computing needs, many are finding that the cloud brings with it a whole new set of security implications. In fact, such is the level of concern that 40 per cent of IT professionals say that the lack of cybersecurity expertise available is delaying their cloud migration plans.

As we’ve already established, this shortage of human resource isn’t going to be solved overnight. However, enterprises and service providers alike can reduce the security risk to their cloud data by using a single unified management tool across all the clouds they use. This can vastly reduce complexity and allow standardised, strong security policies to be applied all the data within an organisation’s footprint.

Protect your clients’ data and complement your cyber-security team with the unified endpoint management of MaaS360, in partnership with IBM.

Watch this video to learn more
Back to top