Log in
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Dynamic quotes 


SummaryMost relevantAll NewsOther languagesPress ReleasesOfficial PublicationsSector news

The cybersecurity resource problem: 4 ways to get proactive (By Lucy Kerner)

12/16/2020 | 06:55am EDT

By Lucy Kerner, Security Evangelist and Strategist, Red Hat (www.RedHat.com)

Resources have always been a problem when it comes to cybersecurity. You are not always rewarded for doing security the way you are when you develop a new business application quickly. This usually leads to security teams being understaffed and overworked. At the same time, skilled cybersecurity professionals are in high demand, and there is significant turnover in cybersecurity positions.

Download Infographics:https://bit.ly/3gTZnoB

In fact, when it comes to cybersecurity, a lack of resources can be a bigger threat than the criminals who have their sights set on stealing organizations' data, money, time, and reputation. This has long been true, but COVID-19 turned the cybersecurity resource challenge into a full-blown problem, causing security to be overlooked in many cases.

In the best of times-or, at least, more normal times-talented cybersecurity resources are difficult to find, expensive to procure, and hard to retain. The pandemic has exacerbated the cybersecurity skills shortage as organizations' focus and resources have shifted to shoring up, or even building from scratch, work-from-home capabilities. Proactive security has been put on the back burner for many companies, exposing big gaps between the cybersecurity resources.

In a pre-pandemic study (https://bit.ly/3gRamPE) conducted by (ISC)2, an international, nonprofit membership association for information security leaders, the cybersecurity workforce gap in the United States was estimated to be nearly 500,000. By combining its US cybersecurity workforce estimates and gap data, the association found that the cybersecurity workforce needs to grow by 62% in order to meet the demands of US businesses today. Using the workforce estimate of 2.8 million based on the 11 economies it studied and a global gap estimate of 4.07 million, the association estimated that the global workforce needs to grow by 145%.

Indeed, respondents to the survey that was used to develop the study said that a lack of skilled/experienced cybersecurity personnel is their top concern, and that the gap puts their companies at moderate or extreme risk. Research for the Ponemon Institute's 2020 Cost of a Data Breach Report (http://ibm.co/3npvD5I) began months before COVID-19 had widespread impact, but supplemental questions related to the potential impact of remote workforces due to the pandemic revealed that 76% of organizations predict that remote work will make responding to a potential data breach more difficult.

With the Ponemon research estimating that the average total cost of a data breach is $3.86 million, preventing a cybersecurity incident in the first place is critical. But all is not lost. Solving the cybersecurity resource problem outright is not going to happen right away, but there are things that organizations can do beyond adding more security bodies. Here's how to strengthen your cybersecurity position.

1. Establish internal security training and certification programs

Savvy organizations realize that true cybersecurity requires a cultural shift. Essentially, some level of cybersecurity must be part of each employee's responsibility. That's not to say that your marketing director will be on the security front lines, of course, but every employee should take part in security education and certification programs. And that doesn't mean that you can just create a PowerPoint presentation that you force employees to sit through so they can check off a box; it means developing meaningful and relevant programs that engage employees and help them understand the cybersecurity threat and their roles in mitigating it. Think about "lunch and learns," mock breaches, and even escape rooms.

2. Encourage security cross-pollination

If security is everyone's job, then security resources should not be limited to the IT department. Think about ways security can cross-pollinate within the organization. Just as security is infiltrating the development arena through the growing DevSecOps movement, security resources could be integrated into other areas, as well. This will not only develop company-wide understanding of security issues, but it will also encourage cross-collaboration and the opportunity to build security into processes, products, and services from the ground up.

3. Take a hard look at your security tooling

Many organizations have security tools they don't really need or that are out of date and can't support new technologies such as cloud, containers, or Kubernetes. This wastes time and money. For example, many companies are running legacy security tools designed to protect systems that are no longer used.

Companies also often have too many tools to keep track of, leading to redundant tooling and the inability to manage the growing number of tools. Also, many companies aren't making full use of security tools that are already built into existing systems, such as the operating system, container platform, or security tooling provided by the cloud provider. A thorough inventory of existing security tooling will reveal what's needed (and not needed) to address current security concerns.

4. Put a consistent automation strategy in place

With so many moving parts in place, no human or group of humans could ever fill every security hole. Indeed, as IT environments and the world around us become more complex, so do the security events facing IT teams. A consistent automation strategy can help organizations more effectively mitigate risks by reducing human errors, remediate issues, respond quickly to security alerts, and develop repeatable security and compliance workflows.

It's important to note, however, that automation isn't one product or even a collection of products. Organizations should look for an approach that overlays a consistent automation strategy across app dev, infrastructure, security operations, and so on. In fact, Ponemon's Cost of a Data Breach Report noted that organizations with fully deployed automation-versus those with no automation deployed-realize a savings of $3.58 million in average total cost of a data breach.

Is the cybersecurity resource problem unsolvable?

It's true that, realistically, the resource problem can't be completely solved, but it's a problem that you can effectively address and manage with proactive planning, strategic technology implementation, and widespread, ongoing, and engaging security awareness training and collaboration.

Distributed by APO Group on behalf of Red Hat.


(C) 2020 M2 COMMUNICATIONS, source M2 PressWIRE

All news about RED HAT
07/13Red Hat Bolsters Hybrid Cloud Automation with Latest Version of Red Hat Advan..
06/21Red Hat, Inc. Rewrites the Business Automation Playbook with End-to-End Kuber..
06/15Red Hat, Inc., Announces the General Availability of Migration Toolkit
06/03Red Hat Enterprise Linux for SAP« Solutions Now Available on SAP Store
05/05Red Hat, Inc. Unveils its Developer Sandbox for Red Hat OpenShift to Enable O..
05/03Red Hat Makes DevOps a Reality with OpenShift GitOps and OpenShift Pipelines
04/27Leading Organizations Reduce Complexity and Unlock Innovation with Red Hat, I..
04/27Red Hat, Inc. Announces Red Hat OpenShift Platform Plus
04/27Red Hat, Inc. and Boston University Announce Major Partnership to Advance Ope..
04/27Red Hat, Inc. Unveils New Managed Cloud Services to Help Fuel the Next Wave o..
More news
Managers and Directors
Paul J. Cormier President & Chief Executive Officer
Laurie Krebs Chief Financial Officer & Senior Vice President
Michael A. Kelly Chief Information Officer
Chris Wright Chief Technology Officer & Senior Vice President
Stephanie Wonderlick Investor Relations Contact
Sector and Competitors
1st jan.Capi. (M$)
RED HAT0.00%0
SEA LIMITED45.55%151 939