It’s been estimated that the global cybersecurity talent pool needs to grow by 65 per cent to defend organisations’ critical assets. Worryingly, the UK alone is facing a predicted cybersecurity skills shortage of 33,000, leaving organisations in a challenging position when it comes to attracting and retaining skilled employees, says Ryan Sheldrake, Field CTO, EMEA, at cloud security company Lacework.
As software development advances rapidly, the rate of innovation has accelerated in most businesses. But security is struggling to keep up. There are not enough people entering the workforce to safeguard increasingly complex IT environments from malicious actors. Action is being taken to address the problem. The (ISC)2, for example, recently launched a scheme to offer free certification and training to 100,000 potential cybersecurity candidates. Meanwhile, Microsoft announced plans to expand its cybersecurity programme globally.
But what about cybersecurity professionals already in the workforce? Unsurprisingly, burnout is a major problem. In fact, 80pc of security employees admitted they felt stressed and anxious over the course of the pandemic – and this is just the tip of the iceberg.
The expanding threat landscape – which has been exacerbated by the mass move to the cloud amid Covid-19 – combined with the pressure of working on increasingly stretched teams has led to a myriad of issues. Not only has the situation weakened businesses’ security postures, but it has also driven many people to quit or, at the very least, switch roles or organisations.
Compounding the problem is alert fatigue. This is partly caused by the sheer number of security tools being introduced into an organisation’s IT infrastructure, coupled with a huge number of cloud services being readily available. Both factors make it difficult for teams to spot real threats amongst an overwhelming amount of data.
Solving the issue in the shorter-term is a matter of urgency, which is why moving towards a data-driven approach to cybersecurity is critical. With this in place, organisations can prevent potentially damaging data breaches and ease the burden on teams by reducing alert fatigue.
Too many tools x large number of cloud services = drowning in alerts
While technology is fundamental for securing networks and infrastructure, issues arise when organisations implement too many tools. The problem is widespread: on average a business can have more than 45 tools deployed. It’s important to look at the situation from the perspective of an under-resourced security team. Every time a new technology or cloud service is implemented, they need to set aside time to understand exactly how it works. For instance, if a tool requires operators to create custom policies and rules, staff need to learn the right syntax for each rule.
Then, when everything is turned on, there will be a huge number of security alerts, leaving teams unable to keep up. One way to reduce the number of alerts is by easing the rules. Going down this route, however, simply isn’t an option as it leads to increased risk and indications of compromise being missed.
Shifting to a data-driven approach
Security teams are therefore in a challenging position, especially in a time where cyber attacks are at an all time high. More than ever before, they must detect threats across multiple environments, from hybrid cloud to cloud native and containerised environments.
There’s also a high chance that vulnerabilities or misconfigurations have been introduced into a system in the development phase, particularly if DevSecsOps principles have yet to be implemented. Lacework’s Threat Report, for example, found that 72% of cloud environments monitored had insecure configurations. If security teams are unable to work alongside their developer counterparts to proactively identify vulnerabilities before products are pushed into production, it’s only a matter of time before cyber criminals take advantage.
A data-centric approach is vital for safeguarding these complex environments and reducing the load on today’s cybersecurity professionals. Importantly, this method enables organisations to consolidate tools by bringing capabilities into a single platform, which means security teams don’t have to spend as much time learning the specifics of each tool.
It also directly addresses the problem of alert fatigue. Powered by machine learning and automation, the platform can take millions – or even billions – of security signals from cloud accounts and workloads, understand their behavioural patterns, pinpoint a wide range of security issues and mitigate high or critical events on a daily basis.
This is all about removing the heavy lifting of threat hunting and context gathering for security teams, meaning they don’t have to use their precious resources on manual investigative work. A data-driven approach delivers more signal and less noise, which considerably reduces high workloads that can potentially result in burnout. Preventing alert fatigue may also mean security teams can put their time and energy elsewhere, into more fulfilling tasks such as red/purple teaming and capture the flag competitions to drive broader security education – a double win for the overall organisation.
Future-proofing cybersecurity
While cloud innovation is advancing rapidly, organisations must not forget that they are only as strong as their security posture – and this is only as strong as the team behind it.
By implementing a data-centric approach to cybersecurity and automating manual tasks, organisations will not only be in a better position to protect their skilled employees from burnout, but they will be able to strengthen their defences as a result. Evolving cybersecurity practices and technology should be a top priority for future-proofing organisations today; there’s no time to waste.
