It’s no secret that there’s a shortage of qualified personnel in the field of cybersecurity. It’s a problem that has long been noticed and one that is projected to get even worse – to the tune of 1.8 million by 2022.
Despite this massive skills gap on the horizon, the number of breaches appears to be declining. Appearances, however, can be deceiving. As criminals shift their tactics toward new types of threats, such as ransomware, they’re finding ways to do more than merely steal data. Ransomware attacks allow criminals to lock or delete data altogether, which ends up costing organisations more than a traditional data breach – despite it not being quantified by ‘records breached.’
With an expanding pool of threats to deal with and a skills gap of qualified people to address them, how do we tackle this serious problem? The obvious answer is recruiting more qualified people to do the job. But simply increasing our ranks isn’t going to fully resolve the problem. Security professionals need to implement a multi-pronged approach to deal with the different aspects of the ‘threats’ challenge at hand. Here are four major ways we can start better dealing with security threats today:
1. Security by design
All too often, security is an afterthought in design. Unless the product is being specifically designed for security purposes, security features are often tacked on toward the end rather than considered as a key element to the design process.
If we hope to collectively tackle the cybersecurity problem as more IoT devices coming into play, we must make security an integral part of the design process.
2. Drilling down into security in STEM
The deficit of cybersecurity professionals is something we need to start planning for now. The term STEM is now commonly used in many countries with the goal of encouraging kids to take an interest in these fields in hopes of building a greater pool of trained professionals for the future.
While security falls under the STEM bucket, are we doing enough to drive interest at a young age? In the very least, leaders in the security industry must start working more closely with STEM program developers around the world to highlight the severity of the situation and work to close the cyber security gap for future generations.
3. Security awareness in company culture
No software installed on the back end can do its job 100 percent of the time if people aren’t being cautious on the front end. To start, end-users should be looked to as front line troops in the fight against cyber threats. We need to ensure they understand what an important role they play in preventing cyber attacks.
To be successful, organisations should view cybersecurity ‘preparedness’ as being about more than just work. By offering to help employees and their families build out security practices in their homes, it will naturally create an organisation of security awareness.
4. Implement IAM
Another key element organisations can look at is identity access management (IAM). If they are employing IAM solutions, they can limit their risk pool by ensuring that only the right employees have access to the right data at the right times.
It’s evident the cybersecurity threat landscape is evolving, but we aren’t at a complete loss. There are still a few tools left in the proverbial toolbox ready to tackle the challenge presented by the skills gap.
Source: Help Net Security