Cyber security expertise and the global skills gap
securityBy 2019, 1 to 2 million roles within cyber security will be unfulfilled. That's a figure that should strike fear into the heart of even the most stoic of business people. The threat of cyberattacks is growing quickly, and there aren't enough skilled people in place to control the wildfire.
This global cyber security skills crisis isn't exactly a new problem, though. Over the last 2 years, 40% of cyber security roles remained unfulfilled, despite an increase in job postings of over 74%. This is a problem, then, that's been smouldering in the background for a long time, and consequently now has the potential to create some serious destruction.
Although there is a growing understanding of how vital cyber security is, organisations still don't necessarily understand exactly how fundamental it is to the success of their companies. Just look at cyber security budgets, which usually account for only 25-30% of an organisation's total IT spend (according to the IDC.)
With the number of attacks only growing, this is clearly not enough money. Every time a company gives an employee a take-home device, they're exposing themselves to a lot more than 25-30% of the total security threats!
Even if there were enough people applying for cyber security roles, the relatively meagre budget allocated to cyber security by most organisations still wouldn't be sufficient to hire all the cyber security professionals they need.
What with the lack of applicants and budget allocation, many companies are now choosing to outsource their cyber security teams. By the time we get to 2020, it's likely that most organisations won't have their own in-house cyber security skills.
For most companies, the best way to plug the cyber security skills gap is to call in organisations that offer an offsite security service. Even better, they can call in an organisation which provides the cyber security element on top of other useful offerings, like network and virtual data centre services (conveniently).
Going this route is making organisations' total IT spend more efficient.
This is because you don't have to invest in the infrastructure. By outsourcing, you can be flexible with the scope of the estate. You are also going to get better quality responses from analysts because they are keen to make sure you want to maintain the service.
These analysts add an extra dimension to the organisation – you don't have to hire them but they're there. To cut a long story short, if and when the big alarm goes off (and something goes wrong), there's always someone there to help fix it. An outsourced security team is probably going to give your organisation a lot more value than the 25-30% you're currently spending on your IT budgets – their expertise will really give you more bang for your buck.
And crucially, you can switch this service on and off as you wish. The job of a Cyber Security Operations Centre (CSOC) is to be there to protect what really matters - when it matters.
Anyone can buy the tools to offer a cybersecurity service. You can buy a firewall quite easily - just pop onto the internet and order one. But the value lies in knowing what the output means – and which next steps to take. Your recently purchased firewall isn't going to do you much good if you don't know what it's telling you. Therefore, most organisations need to bring in expert cyber security monitoring and advisement in order to get the best use out of their technology. And who wouldn't want to do a better job whilst saving money?