The worldwide cybersecurity workforce gap heading into 2022 was 2.72
million. The data suggests that the cybersecurity workforce would have to grow by 65% to effectively defend organizations’ critical assets, according to the 2021 (ISC)² Cybersecurity Workforce Study.1
The ongoing shortage of qualified personnel continues to put pressure on IT and security teams at a time when threats are becoming better funded, more sophisticated and more focused on vulnerabilities exposed by remote and hybrid workers.
Given the reality that the personnel shortage is not likely to change dramatically in the near future, organizations have to develop plans and strategies to do more with less. This article explores some of the ways in which organizations can mitigate the risk of cyber personnel shortages in today’s environment.
Automation and intelligence: Automation, machine learning and artificial intelligence are tools that security analysts and security operations centers (SOCs) must maximize in order to reduce the manual processes involved in threat detection and response. This will not only make your organization less vulnerable to disruption, but also make your personnel far more efficient and capable of responding to the highest priority threats. Extensive use of intelligence and automation enables organizations to mitigate risks more efficiently, stay ahead of evolving threats and scale with resilience to meet the demands of ever-expanding usage models.
End-to-end intrinsic security: Security needs to be built in and not bolted on at every stage. This means security built into devices, services and operational models. It means security at the edge, in the cloud, in on-premises data centers. It means an IT architecture that builds security at every stage of the lifecycle, from silicon root of trust, to zero trust capabilities, to a “shift left” approach that empowers developers and DevOps teams to design security into new products and services during development cycles.
Managed security services, including XDR: Working with a partner that offers managed security services can be a huge relief for beleaguered cybersecurity and SOC teams. A partner can handle all security operations, including a managed SOC, or it can provide specific capabilities, such as extended detection and response (XDR) services or advanced real-time threat intelligence. With Dell Technologies as a partner, you can leverage a third-party cybersecurity assessment to support your existing cybersecurity teams and determine where it may be appropriate to invest in new products or services to reduce manual processes or offload people, processes or technologies to a third-party partner.
A foundation for SASE: As more and more compute and network functions move to the edge, leveraging a holistic, end-to-end security environment that incorporates capabilities for secure access service edge (SASE) can help reduce the workload for both network and security personnel. A SASE solution combines security and networking functionality, enabling increased automation of zero trust, multifactor authentication, malware protection and other capabilities. That means less manual intervention is needed in both initial deployment and lifecycle management.
See related article: Six Steps to a Successful SASE Deployment
Fortify and automate recovery: A successful ransomware attack or other event that causes business disruption can be a black hole when it comes to consuming cybersecurity personnel resources. The more proactive you can be in using fast and comprehensive recovery solutions, the better job you will do in quickly getting your business back after an event and in making recovery much simpler and less time consuming for your IT teams. With a solution such as Dell PowerProtect Cyber Recovery, you not only mitigate the risk of downtime but also make it easier and less time consuming for IT to address critical issues around compliance, backup, governance and audit trails.
Create a resilience-aware culture: The cybersecurity personnel shortage makes it more important than ever to retain the trained security people already in your organization and to create an environment that is attractive to potential new hires. This means building a culture in which cybersecurity awareness is built in, just as intrinsic security is built into your business and IT operations. It means being flexible in where and how people work and extending a culture of cyber awareness, training, basic hygiene and communications across all teams and personnel, including remote and at-home workers and partners across your extended supply chain.
Taking the Next Step
The cybersecurity personnel shortage is not going away. Although the workforce gap shrank slightly in 2021, in actual numbers, it was still a shortfall of more than 2.7 million workers, as noted above. Fortunately, improvements in automation, intelligence, managed service models and new technologies such as XDR and SASE can help organizations mitigate some of the risks of business disruption that the shortfall could precipitate.
Please visit Dell Technologies to learn how an end-to-end, intrinsic and holistic approach to cybersecurity and business resilience can help your organization meet the challenges of the ongoing shortage of qualified cybersecurity personnel.