Half of cyber-pros believe they’re losing the war against the bad guys: 46% of those surveyed by security giant McAfee believe that in the next year they will either struggle to deal with the increase of cyber-threats or that it will be impossible to defend against them.
According to McAfee’s report, Winning the Game, this is mainly due to a lack of skills and talent. Most organizations (84%) admit it is difficult to attract cyber-professionals – and 31% say they do not actively do anything to attract new talent). Retention is an issue as well, with 52% reporting full staff turnover annually. Only a third (35%) of the pros themselves said they are extremely satisfied in their current jobs, and nearly all (89%) would consider leaving their roles if offered the right types of incentives.
This comes as organizations also report needing to increase their security staff by 24% to adequately manage cyber-threats.
“With cybersecurity breaches being the norm for organizations, we have to create a workplace that empowers cybersecurity responders to do their best work,” said Grant Bourzikas, chief information security officer at McAfee. “Consider that nearly a quarter of respondents say that to do their job well they need to increase their teams by a quarter, keeping our workforce engaged, educated and satisfied at work is critical to ensuring organizations do not increase complexity in the already high-stakes game against cybercrime.”
To solve the challenge, the report, which surveyed 300 senior security managers and 650 security professionals in public- and private-sector organizations with 500 or more employees in the US, UK, Germany, France, Singapore, Australia and Japan, concludes that companies have to prioritize automation in the security operations center (SOC). A majority of respondents (81%) believe cybersecurity would be more successful if greater automation were implemented.
Ironically, 32% of those not investing in automation say it is due to lack of in-house skills.
Businesses can also explore a new pool of potential employees – gamers – to fill the skills gap, and they can invest in employee training via gamification; a full 72% of respondents agree that hiring experienced video gamers into the IT department seems like a good idea. Nearly all (92%) respondents believe that gaming affords players experience and skills critical to cybersecurity threat hunting: logic, perseverance, an understanding of how to approach adversaries and a fresh outlook compared to traditional cybersecurity hires.
Three-quarters of senior managers say they would consider hiring a gamer even if that person had no specific cybersecurity training or experience; and more than three-quarters (78%) of respondents say the current generation entering the workforce, who have been raised playing video games, are stronger candidates for cybersecurity roles than traditional hires.
Meanwhile, gamification, the concept of applying elements of game playing to nongame activities, is growing in importance. Within organizations that hold gamification exercises like hackathons, capture the flag, red team–blue team or bug-bounty programs, 96% report seeing benefits. In fact, respondents who report they are extremely satisfied with their jobs are most likely to work for an organization that runs games or competitions multiple times per year.
More than half (57%) report that using games increases awareness and IT staff knowledge of how breaches can occur, while 43% say gamification enforces a teamwork culture needed for quick and effective cybersecurity. Further, 77% of senior managers agree that their organization would be safer if they leveraged more gamification.