Simplifying security operations as skills shortages create strain
What can be done to solve the cybersecurity skills crisis?
The UK Government reports that the ongoing cybersecurity is a pressing issue for a third of all UK businesses, Meanwhile, in a survey conducted by SenseOn, 41% of IT decision makers identify a lack of skilled personnel as a primary concern. This significant shortfall places immense pressure on already overburdened security teams, pushing them to the brink of burnout as they strive to secure every endpoint.
Another finding from SenseOn’s study highlights the severity of this issue, revealing that 95% of IT decision makers worry about the impact of stress on employee retention within their organizations. If left unaddressed, this could further exacerbate the already critical skills shortage.
In an effort to fortify their defenses and alleviate pressure on overworked analysts, many businesses are turning to various cybersecurity solutions. However, this approach often backfires, complicating the adoption and effective management of these solutions and leaving behind an array of disconnected tools, overburdened teams and a cycle of inefficiencies intensifying the skills gap.
Founder and CEO of Senseon.
A complex and fragmented ecosystem
The majority of IT decision makers wrongly subscribe to the belief that more cybersecurity tools means greater protection. But, the adoption of new tools is a lengthy process, averaging 2.4 months, and is further complicated by the lack of integration among the increasing number of suppliers and vendors. Amidst these challenges, security professionals, already stretched thin, face additional demands on their resources.
Organizations must adopt a strategic approach to cybersecurity, simplifying its management to alleviate the pressure on overburdened teams while addressing the skills gap.
The burden of false positive alerts
A major drain on resources is the high volume of false positive alerts from endpoint detection and response (EDR) systems, which constitute nearly half (45%) of all alerts. Many of the events that look like potential threats are, in fact, totally benign.
One of the ways EDRs work is by looking at “normal” endpoint behavior and flagging anything that deviates. However, in the real world, abnormal is the real normal. This EDR limitation would be acceptable if only a handful of devices were connected to an EDR system, but enterprise environments often have dozens to thousands of endpoints and a diverse user base.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
In environments with numerous endpoints, the time required to analyze EDR alerts adds unnecessary strain on security teams as an analyst will always need context around the events that triggered it. An analyst would need to look at each event, then stitch it together with data from other sources to understand exactly whether an actual attack has occurred, or a threat is in progress versus if the alert is a false positive.
Because they only report on and respond to endpoint data, an EDR solution will still leave security teams with blind spots.. To gain context into real threats, analysts need a unified source of data collection that can pull together network, endpoint and user information into a single “case”.
AI‘s role in levelling up cybersecurity
The advent of AI-powered unified cybersecurity platforms offers a solution to the challenges of staffing shortages, false positives and the maintenance of optimal security levels. An AI-powered platform can unify multiple security disciplines under a single unified product.
These tools leverage advanced analytics for precise threat detection and automate the response and remediation process to ensure only legitimate threats are flagged. Personnel at all skill levels are empowered to effectively understand, monitor and manage security threats.
Additionally, these AI-driven capabilities address false positives by ensuring the majority of alerts analysts see are actually incidents they must address, with all the information they need for remediation and threat intelligence in one place. This helps to shield analysts from the relentless cycle of responding to false positive alerts.
What does this mean for the skills gap?
As companies tackle sophisticated threats with a limited workforce, the strain on existing personnel is exacerbated by inefficient processes and the cognitive load of managing false positives, increasing the risk of burnout.
Moreover, the pressure to quickly close the skills gap often leads to a hasty accumulation of poorly integrated security tools, which can paradoxically weaken an organization's security posture. Simplifying security operations through strategic tool adoption and management is a critical step towards nurturing the cybersecurity workforce.
Furthermore, the integration of AI-powered cybersecurity platforms can allow organizations to both address the skills gap and the operational challenges facing their cybersecurity teams. By automating the response to legitimate threats, these platforms can significantly reduce the workload on human analysts. This enables them to engage in more fulfilling and impactful work.
Such a transformation has the potential to make the cybersecurity profession more attractive to both existing and prospective talent. By enhancing job satisfaction, AI-powered solutions can play a crucial role in retaining skilled professionals and attracting new talent to the field, ultimately strengthening the cybersecurity infrastructure of organizations.
We've featured the best website for hiring niche employees.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
David Atkinson is the Founder and CEO of Senseon. He has over fifteen years' experience working within the UK's specialist military units and Government environments where his close work with CISOs enabled him to identify flaws with current cyber defence approaches, highlighting the need for a new technology to deal with the increasing velocity of cyber attacks.