How Automation Can Mitigate the Cybersecurity Skills Gap

The cybersecurity skills gap has become a growing issue throughout the United States as The Biden administration has accelerated its efforts to fill over half a million (almost 600,000) vacant cybersecurity positions in the public and private sectors. However, with a lack of talent and the necessary skills, many roles and responsibilities are taking a hit, including protecting the country’s digital infrastructure. This is happening beyond the United States as well and comes just three years after The New York Times reported that Cybersecurity Ventures’ predicted there would be 3.5 million unfilled cybersecurity jobs globally by 2021, an increase of 1 million unfilled positions from 2014. While the industry has worked to address the skills gap, there remain enough open cybersecurity positions in 2021 to fill 50 NFL stadiums.

It is a vulnerable time for the critical government and corporate infrastructure, which have been the targets of ransomware attacks over the past several years. Without IT teams trained on the latest vulnerabilities and prevention practices, hackers’ jobs could be getting easier. Many organizations are turning to automation to prevent future breaches and to keep IT infrastructure secure.

Benefits of Automating Cybersecurity Roles

Organizations that can automate elements of their cybersecurity roles and responsibilities in the interim while they work to hire human talent will better protect themselves against cybersecurity hackers, ransomware attacks and other network threats.

The benefits they will receive from automating include, but are not limited to:

  • Saving money and time - Investing person-hours and budget on automating security processes and protocols might seem daunting. Still, it is an investment that will pay off in time saved and data protected from future cyber-attacks.
  • Mitigating risks and preventing intrusions - Automating security monitoring and other network maintenance can prevent cybersecurity issues from occurring, therefore helping organizations maintain the trust of their customers and maintain the confidentiality of private data and other sensitive information.
  • Maintaining and/or building a positive reputation - Leveraging automation to protect an organization’s and its customers’ sensitive data will help retain and recruit IT and cybersecurity workers and candidates, as the organization will have a responsible and innovative reputation within the industry.

Importance of Automating in 2022

Beyond the benefits of automating cybersecurity roles listed above, recent data reveals the importance attached to ensuring all cybersecurity roles within a company are adequately staffed. A recent Lynx survey of Americans in managerial and executive roles indicated that nearly eight in 10 Americans (77%) believe their company had gaps in its current security tools. This has become more problematic for many organizations during the pandemic, as hybrid working brought the need to manage endpoints outside the company’s physical parameters, raising the risk of a breach.

Additionally, almost one in five (19%) respondents said their company had become less secure since the onset of the pandemic, with 21% reporting that corporate security had remained the same. Furthermore, fewer than seven in 10 (69%) believed their company was equipped to fend off an outside security threat. Companies should take these findings seriously as they consider how automation can augment the human workforce in 2022. It is critical that customers trust in the security of an organization and that the workforce is confident that their colleagues and/or the technology among them will protect sensitive information and the integrity of the infrastructure.

Guidance

The best guidance I can provide around prioritizing and creating smart strategies for implementing automation into a company’s cybersecurity roles include the following tips:

  1. Determine which workloads within the company can be handled by artificial intelligence and, subsequent to that, prioritize those that are the more meaningful projects. This will allow company leaders to know where automation is best deployed and which projects to put budget behind during annual planning. Automating some workloads will also free over-extended humans to work on fewer administrative tasks and put more mindshare toward critical-thinking projects.
  2. Employ automation to determine and defeat cybersecurity threats. Get smart on which automation tools will work best based on the workloads you have identified, and integrate them while training colleagues on how to work best with the new technology.
  3. Don’t just focus on blocking attacks. Plan to be breached and invest in technologies for early recognition of systems being compromised, coupled with a strategy to manage those systems back to a known good safe and secure state
  4. Identify the areas of growth and support cybersecurity awareness training among all staff. While, ultimately, cybersecurity is the domain of IT professionals, all users bear some responsibility to ensure the safety of the organization’s data and corporate assets.

What’s Hot on Infosecurity Magazine?