Can Automation Help Bridge The Cyber Skills Gap?

Never has it been more difficult for organisations to attract and retain key cybersecurity staff. Given that the cybersecurity workforce gap expanded by 26.2% in 2022, the global shortfall of cyber professionals now stands at 3.4 million according to (ISC)², leaving many enterprises struggling to hire the experts they need to properly protect themselves against modern cyber threats.

Critically, those facing internal skills shortages become increasingly susceptible to breaches. ISACA found that of those businesses that suffered a cyber attack in the past year, nearly seven in 10 (69%) were somewhat or significantly understaffed.

Further, Fortinet’s 2022 Cybersecurity Skills Gap Research Report reveals that eight in 10 organisations have been subject to at least one breach which could otherwise have been avoided with better cybersecurity skills and/or awareness. 

It is vital that organisations work to prioritise a reduction in breach risk given the potential implications. In 2022, the average cost of a data breach has reached a record high of US$4.35 million, according to the latest Cost of a Data Breach Report by the Ponemon institute. However, impacts are not solely financial.

The IDC previously found that four in five consumers will defect from a business if their information is compromised in a security breach, while another independent study has shown that more than half of office workers would reconsider working for an organisation that had fallen victim to an attack.

The Role Automation Has To Play

Any idea that we can simply “ride out” the skills gap is unrealistic. Something must change. Indeed, without action, the current skills crisis will only continue to grow, leaving businesses increasingly exposed to cyber threats.
Thankfully, organisations are actively looking for workarounds and solutions, with 57% now automating aspects of the job, and a further 26% intending to do so in the near future.

While Artificial Intelligence (AI) continues to advance, technology isn’t likely to completely displace cyber experts anytime soon. What these solutions can instead do is automate repeatable processes, freeing up security teams to focus on higher value tasks. 

But how exactly can security teams embrace automation and machine learning to alleviate the pressures on their security teams? Here, we outline three key solutions to consider:

User & Entity Behaviour Analytics (UEBA)

UEBA is an advanced machine learning-driven solution that works by creating a framework of behavioural norms for each individual network user or entity, enabling it to identify any unusual activity that then strays outside these baselines. In other words, it enables analysts to spot, review and address anomalous actions that may be either malicious or risky and prevent damages and data loss incidents with ease. 

Threat Intelligence

By tapping into information from a wide range of either internal or external sources, be it security vendors, intelligence groups or otherwise, security teams can proactively identify trends and adapt their security strategies accordingly. Of course, trawling through vast amounts of data manually will feel like searching for a needle in a haystack. Therefore, analysts should leverage automation to combine their own intelligence and previous experiences with those of many other organisations into a central feed at speed, providing a single source of truth from which make informed strategic decisions can be made. 

Security Orchestration, Automation & Response (SOAR)

SOAR is a third technology to consider, designed specifically to aggregate and prioritise alerts to accelerate threat investigation and remediation by guiding analysts towards consistent and optimal responses. Underpinned by playbook automation, SOAR pulls all cyber incidents and supporting data together in one place to create structured workflows for day-to-day security analyst tasks that improve response and remediation. Critically, it can use a range of information to recommend an action to a security analyst, enabling them to simply approve or execute a decision.

A Converged Solution Is Key

UEBA, threat intelligence automation and SOAR are just three solutions among a sea of hundreds. However, while it might be tempting to invest in every shiny new solution, such an approach can be detrimental. Not only will a wide collection of automated security tools cost a lot, but it will also make the lives of the security teams that they have been acquired to serve more difficult, leaving them in a position where they must learn to navigate and maximise the use of tens of disparate tools.

To avoid these issues, organisations should look to adopt a converged security solution based on SIEM technology. IT and security complexities often arise from the need to integrate a variety of different technologies that are evolving in scope and functionality all the time.

By combining multiple solutions into one centralised platform, integration demands will ease while transparency into total cost of ownership and performance will improve. 

Without question, UEBA, threat intelligence automation and SOAR can help organisations by empowering security professionals and freeing them up to focus on high value tasks. However, it is the convergence of these technologies that promises to be the real gamechanger in helping businesses to navigate the cyber skills gap thus lowering the barrier to for entry level positions and giving organisations the ability to upskill and train as they see fit. 

Tim Wallen is Regional Director, UKI & BeNeLux for Logpoint

You Might Also Read: 

Simplifying Workflows With Centralized Tools & Automation:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Demystifying Data Privacy Compliance
Microsoft 365 Under Threat From A New Phishing Tool »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

SRI International

SRI International

SRI International is a research institute performing client-sponsored R&D in a broad range of study areas including computing and cybersecurity.

Systancia

Systancia

Systancia offer solutions for the virtualization of applications and VDI, external access security, Privileged Access Management (PAM), Single Sign-On (SSO) and Identity and Access Management (IAM).

SERMA Safety & Security (S3)

SERMA Safety & Security (S3)

SERMA Safety & Security provides a comprehensive cybersecurity offering incorporating Expertise, Evaluation, Consultancy and Training, covering hardware, software and information systems.

Centre for Cyber Security (CFCS) - Denmark

Centre for Cyber Security (CFCS) - Denmark

The Centre for Cyber Security is the Danish national IT security authority, Network Security Service and Centre for Excellence within cyber security.

Swiss CyberSecurity

Swiss CyberSecurity

Swiss CyberSecurity is a non-profit group based in Geneva, set up to provide information and as a forum for discussion of topics related to CyberSecurity.

Tesserent

Tesserent

Tesserent (formerly Pure Security) is a full-service cybersecurity solutions provider. We partner with clients across Australia and New Zealand in the protection of their digital assets.

MazeBolt Technologies

MazeBolt Technologies

Israel-based MazeBolt is an innovation leader in cybersecurity, with over two decades of experience in pioneering DDoS protection solutions.

Cipher

Cipher

Founded in 2000, Cipher is a global cybersecurity company that delivers a wide range of Managed Security Services.

Acmetek Global Solutions

Acmetek Global Solutions

Acmetek is a Global Distributor and a Trusted Advisor of PKI /IOT & SSL Security Products and a Managed Services Company.

Infostream

Infostream

Infostream is a leading integrator of Digital Transformations Solutions (DTS); Public, Private, and Hybrid Cloud; Cybersecurity; Data Integrity; DevOps, DevSecOps, and Infrastructures.

IntegraONE

IntegraONE

IntegraONE is a IT solutions provider offering a full range of networking and technology solutions.

Cyber Suraksa

Cyber Suraksa

We make security simple and hassle-free by offering a sustained and secure IT environment with next-gen cybersecurity solutions through a scalable security-as-a-service model.

Cyclops

Cyclops

Cyclops is the first Contextual Search Platform for cybersecurity.

QEDIT

QEDIT

QEDIT is leading the standardization of Zero-Knowledge Proofs through the ZKProof.org Workshops, and builds production-grade ZKP systems for blockchain.

Sri Lanka CERT

Sri Lanka CERT

Sri Lanka CERT is the National Centre for Cyber Security, which has the national responsibility of protecting the nation’s cyberspace from cyber threats.

SydeLabs

SydeLabs

At SydeLabs, our mission is to ensure the comprehensive security of your AI systems.