In our last post, we explained why small to midsize businesses (SMBs) need to have a cybersecurity plan. Cyberattacks targeting SMBs are becoming more frequent and more expensive to remediate. Having a plan in place and following best practices goes a long way toward protecting systems and data.
One of the biggest challenges organizations face when implementing a security plan is the lack of skilled professionals available to assist them. According to the second annual global study by the Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG), the cybersecurity skills shortage is worsening and becoming a rapidly widening business problem.
The in-depth survey of 343 cybersecurity professionals is designed to better understand the staffing and skills shortage and identify impacts to business, IT and the threat landscape. It is the only global survey focused on the careers of security professionals and their opinions about their organizations’ practices as well as the overall state of cybersecurity.
Seventy percent of security professionals surveyed believe that the skills shortage has had an impact on their organizations. Specifically, 31 percent of respondents point to a shortage of security analysis and investigations skills, 31 percent indicate a shortage of application security skills, and 29 percent claim a shortage of cloud computing security skills.
Further, the report confirms that the shortage is exacerbating the number of data breaches. Respondents believe that a lack of adequate training of non-technical employees (31 percent) and a lack of adequate cybersecurity staff (22 percent) are the top two contributing factors to security events.
Five Cybersecurity Fixes for Business
This study offers a warning to organizations that are trying to defend against increasing threats with a security team that is understaffed and lacking advanced skills. The report notes five key actions organizations can take to improve their cybersecurity practices:
- Align Security and Business Goals. The most beneficial action organizations can take is establishing goals for cybersecurity and measuring them against business performance.
- Build Repeatable Processes. Survey respondents say one of the top security challenges is too many manual and informal processes. They recommend that organizations document and formalize all cybersecurity processes.
- Invest in Training. Although organizations are spending more on security, especially in technology, they are investing in the wrong places. Survey respondents say organizations should invest in more training and education at all levels, from non-technical employees to IT and cybersecurity teams to executive management.
- Provide the Right Training. Survey respondents look to specific courses and professional development to build knowledge, skills and abilities, rather than to security certifications. Organizations can also employ continuous training, such as “just-in-time” online courses, and focus on specific skills such as application and cloud security.
- Assume a Perpetual Skills Shortage in Future Planning and Strategy. With no end in sight on this issue, organizations should create aggressive programs for recruiting talent to bridge the cybersecurity skills gap.
SSD Technology Partners has experienced security professionals on staff, and continues to invest in their training and advancement. We have also developed cybersecurity methodologies based on industry best practices that enable us to effectively and efficiently meet our clients’ requirements. Contact us to learn more about the comprehensive security services included in our Assurance program.