Recent research indicates that the cyber security skills shortage is now approaching 3 million professionals globally.
This blog examines the statistics and explains how, by outsourcing security needs to a specialist provider, organisations can overcome mounting resourcing challenges and improve cyber maturity.
The (ISC)² Cybersecurity Workforce Study, conducted annually, is designed to assess the current state of the global cyber security profession, quantify the skills gap and analyse its impact on organisations around the world. The 2018 report surveyed 1,500 cyber security and IT professionals.
The widening skills gap
The (ISC)² 2018 report places the estimated global skills shortage at 2.93 million, with approximately 142,000 unfilled jobs in Europe.
Image source: (ISC)² Cybersecurity Workforce Study 2018
While these statistics alone are sobering, the real-world impact of these shortages is of greatest concern. 63% of respondents reported that they lacked the necessary cyber security expertise, with 59% reporting that they are at moderate or extreme risk as a result of these shortages.
While 48% of respondents expect their companies to hire more security experts in the coming year, 34% expect either no change or even a reduction in staffing. Beyond the increased business risk, the report’s findings also suggest that the skills shortage is affecting morale.
The cyber security skills gap now tops the list of job concerns among IT and security professionals, outweighing top concerns from previous years including lack of time and work-life balance. 60% of respondents felt cyber security should be a higher budget priority, while 70% expect their eventual security budget to be insufficient. Over 30% of respondents also believed careers in cybersecurity were being hindered by poor organisation-wide security awareness.
“The lack of skilled cybersecurity personnel is doing more than putting companies at risk; it’s affecting
the job satisfaction of their existing staff” – (ISC)² Cybersecurity Workforce Study 2018
The challenges of security monitoring
The global skills shortage has made it time-consuming and expensive to recruit, train and retain qualified security personnel. In many cases, the security burden falls on overstretched IT personnel, who lack specialist security training and are forced to balance security considerations with other day-to-day operations.
Security monitoring technologies such as SIEM, IDS, vulnerability scanning, endpoint analytics and behavioural analytics can be hugely valuable for improving threat detection and incident response capabilities, but without the necessary expertise, these systems can quickly become obsolete.
Organisations without a large, dedicated security team are also particularly vulnerable to alert fatigue. Investigating alarms is a 24/7/365 process that demands a team of dedicated professionals trained to analyse and triage alerts as well as respond to security incidents using a combination of detection systems and industry intelligence.
The benefits of an outsourced service
Proactive threat hunting, detection and response can only realistically be achieved through a cyber security operations centre (CSOC), manned 24/7 by security personnel. The cost and complexity of building a CSOC in-house puts the prospect beyond the means of all but the largest enterprises.
An outsourced SOC service is a cost-effective solution for any organisation that lacks the resources to build their own in-house security operation, helping to eliminate alert fatigue, ease the burden on internal IT teams and significantly improve overall security posture.
By deploying, maintaining and managing all selected technologies and hunting for and responding to threats 24/7, an outsourced SOC reduces the complexity of managing disparate security systems and provides the threat notification and remediation advice needed to respond effectively to attacks.
How MDR can help
ThreatDetect™, Redscan’s award-winning Managed Detection and Response service, helps organisations to overcome their security challenges by providing proactive threat hunting and incident response as part of one affordable monthly subscription.
Our red and blue team security experts are trained to the highest professional standards, utilising best-in-class detection technologies and aggregated external and Redscan Labs research to rapidly identify threats and breaches and provide clear advice and remediation guidance.
Find out more about our ThreatDetect service
Read more:
The MITRE ATT&CK framework and the importance of scenario-based testing
Redscan takes home Pen Testing award for second successive year
When and how to report personal data breaches for GDPR compliance