Cybersecurity: Is your company 100% secured?

"In the below article, we would try and understand the current scenario of workforce in the space of cybersecurity and the perform an analysis of where our organization stands in terms of security."

Estimated read time: 3.5 Minutes

“It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.” – Stephane Nappo

A shortage in the global cybersecurity workforce continues to be a problem for companies in all industries and of all sizes.

In an era of high-profile data breaches and devastating cyber attacks, cybersecurity impacts every individual and every organization. Thus, there is always a need to have a stronger setup and a better team working to keep your company secured from cyber attacks.

But is it easy to have a great team which is balanced across all the categories of jobs under cybersecurity and is adequately staffed?

The answer based on the data comes out to be “NO”.

Currently in US itself there is a need to increase the workforce for cybersecurity by 62%. Speaking globally, the scenario is still worse as it demands a growth of nearly 150% in the current workforce. In the present-day scenario US has the maximum workforce in the field of cybersecurity which comes around 804,700 followed by Brazil, Mexico, UK and South Korea with 486,000, 341,000, 289,000 & 201,000 resources respectively. Despite having the highest workforce, we are still running behind by nearly 500,000 skilled resources to work in the job roles related to cybersecurity in US and the demands seems to be increasing rapidly as per the forecasts.

The question which arises at this point of time is that, would the traditional in-house hiring techniques suffice to find the best candidates to work for you?

In this year’s study, 65% of organizations represented have a shortage of staff dedicated to cybersecurity. That lack of skilled/experienced cybersecurity personnel is the top concern among survey respondents—even more of a concern than a lack of resources to do their jobs effectively. In addition, 51% of cybersecurity professionals say their organization is at moderate or extreme risk due to cybersecurity staff shortage.

With such shortage of resources in the market, the situation demands to be looking at alternative options, the specialists, who can get you the skilled candidates in adequate numbers.

On taking a closer look on the cybersecurity teams of the companies across US, it was observed that Cybersecurity initiatives at most of the represented organizations are led by a Chief Information Security Officer (CISO). That’s particularly common in organizations with 500 or more employees. Among those organizations, 62% are led by a CISO, with 27% being led by a senior IT executive.

Among smaller organizations, the split is closer to 50% led by a CISO and 30% led by a senior IT executive. Organizations are distributing key roles and responsibilities across their cybersecurity teams in a way that closely aligns with respondents’ ideal team structures. More emphasis is given to roles like security operations, security administration, risk management and compliance, with cybersecurity teams allocating 63% of their resources to these roles. Specialized cybersecurity roles like Operational Technology Security, Secure Software Development, Penetration Testing and Forensics accounts nearly 37% of cybersecurity team resources, on average.

As per a study published by (ISC)2 in 2019, smaller organizations are currently doing a solid job at staffing and distributing roles on their cybersecurity teams, however, they could potentially look to reduce or reallocate risk management roles/resources to other areas that may need focus.

Mid-sized organizations are also doing a good job staffing roles on their cybersecurity teams but could potentially create more security operations and operational technology security roles on their teams.

While large companies may have the most resources in terms of staffing, they may need to take a closer look at how those resources are currently allocated across roles on their cybersecurity teams. Roles that may be currently understaffed include security operations, security administration, risk management and penetration testing. Roles that may be currently overstaffed include compliance, forensics and operational technology security.

Thus, there is an urgent need for organizations in every sector of revenue bifurcation to strengthen their current teams. Keeping sole dependence on the current vendor pool or overly pressurizing the existing internal team might not help.

Upgrading your current employees in these skill set can appear to be a good option, however considering the time frame it might take and the number of attacks happening across the globe, this strategy might find it hard to keep up with the pace of rise in demands.

A good option which can be worked out is partnering with someone who can deliver you the entire team of resources or highly skilled resources as per your exact need in the right number at the shortest duration of time.

A knowledge sharing session always works well in this kind of situation for identifying the right challenges and solve them. Let’s connect for a discussion if you have any suggestions for a better approach to this problem or if you would want to discuss more about your current setup for security and get some suggestions about solutions that can improve the security setup of your company.

Everyone is most welcomed to share their feedback or any queries. I can be reached at [email protected] and I would be happy to have healthy discussion where we can try to identify the best suitable solutions for the queries and can bring in help from my in-house experts and consultants across the globe.