How to do More With Less in Cybersecurity

The chasm between supply and demand for cybersecurity expertise is widening at an alarming rate. Frost & Sullivan forecasts a shortfall of 1.5 million IT security staff by 2020 which, if realized, could seriously impair cybersecurity defenses and lead to a spike in data breaches.

Meanwhile, hackers are becoming more adept and better-funded, continuing to wreak havoc and cause enormous financial damage to organizations worldwide. Security teams around the UK are under-resourced and over-pressured, while also dealing with the looming reality of increased regulation when the General Data Protection Regulation (GDPR) comes into effect in May. So how can teams cope with the current crisis, and learn to do more with less?

Finding the right staff
The latest studies do not bode well for the cybersecurity industry, with (ISC)2 predicting that by 2022, there will be a shortage of 1.8 million information security workers. However, while the skills shortage may be a reality, it’s also possible to find creative ways to respond to this problem.

For instance, for any role, it’s important to define exactly which skills are required and to what level. For example, do you really need to hire someone with a Master’s degree or PhD in cybersecurity to architect the security requirements for a new hybrid cloud environment – or might it be a better option to move a technician that has three years of hands-on networking experience into this role?

Organizations should always take advantage of opportunities to promote from within the broader IT department, and train staff up to the required levels, so that they can bypass the need to recruit skilled cybersecurity professionals.

Another option is to outsource some of your security workflow to an external organization. When you are dealing with time restraints or a severe lack of personnel available to monitor data and alerts, then working with a managed security service provider (MSSP) or a managed detection and response (MDR) provider could help to reduce some of the pressure on the internal team. 

Dealing with the here and now 
While technology doesn’t replace the need for skilled security staff, selecting the right tools and making sure that they work effectively can also help to ease some of the burden. Whichever tools are used by your organization, it’s vital to optimize them so that you can streamline your processes and routines. This should start with mapping out your organization’s environment to identify both its most important assets and any existing vulnerabilities that could put them at risk. Alerts can then be set up to inform you immediately if these critical resources are threatened.

Optimizing technologies used by your organization will also help ensure that the level of alerts you receive is manageable. The final step is to have a process in place to ensure that your solution is working to its full potential. This could include running tests to make sure back-up systems are working, and to check that alerts are being generated at the appropriate time.

Choosing the right tools for the job
Choosing the right technology is like cooking a meal; enterprises have different tastes and needs, so it’s important to invest in a solution that fits your unique requirements. Organizations often make the common mistake of investing in multiple products to target specific problems. These can be difficult and costly to deploy, forcing companies to spend even more time and budget trying to manage multiple solutions, or worse, abandon these expensive solutions entirely.

A more effective approach is to look for tools that combine threat detection and response capabilities, so that less personnel is required to manage their security.

Living off the land
When resources are tight, there are a wide variety of free resources that can help security teams harness the power of the crowd. For example, open source threat sharing networks, like AlienVault’s Open Threat Exchange, allow security teams to discuss threat trends with a broad community of security teams around the world. This can help you stay aware of potential threats in the wider landscape and understand how they can be mitigated. 

Making yourself heard
One of the most important things that any security team can do is help all employees understand the importance of security best practices. This will not only increase the efficiency of security initiatives but also enable the entire organization to become more resilient. 

For example, if you decide to roll out two-factor authentication, security teams could organize a coffee morning to explain why the change is being made, and what the overall strategy is. Linking it back to the wider aims of the organization will help people to understand why a new process is being implemented, and increase its chances of success.

So even though it might seem like a momentous task, security teams can still learn to cope better with the current climate. The strategies outlined here can help to streamline workflows and improve efficiency, allowing security staff to augment their team’s efforts and still achieve a strong cybersecurity posture.

What’s Hot on Infosecurity Magazine?