Allen McNaughton, Systems Engineering Director for Infoblox Public Sector, explains how to meet increasing challenges of the cybersecurity jobs.
It’s no secret that the cybersecurity industry is in something of a talent crisis. The need for cybersecurity experts greatly outpaces the supply.
These professionals underpin the security and integrity of networks and data, manage a company’s security stack, and have the skills to identify, react to and remediate security risks.
Over the past year, this talent pool has faced unprecedented demands as the pandemic forced understaffed cybersecurity teams to extend security to cover the blending of corporate and home technologies as millions of employees worked remotely—all while adjusting to the challenges of remote work themselves.
To compound these difficulties, malicious actors have pounced, preying on these new work arrangements, hastily set-up network architectures, and fears of the pandemic to launch a growing number of cyber-attacks.
All of this has culminated in a cybersecurity workforce that is stretched out, overburdened, and burnt out.
The novelty of this situation has forced organizations to rethink how they attract talent, train employees, and educate those inside and outside the organization to better understand the different threats they face. Organizations are raising pay, recruiting from underserved communities, and making cybersecurity careers more accessible to students without a traditional degree.
These solutions are helping but not filling the entire gap. This challenge did not arise overnight and will require long-term strategic thinking to overcome.
And unfortunately, time is a luxury. Malicious actors are not good sports, waiting for the cybersecurity community to transform itself before launching an attack.
The cybersecurity industry needs to act now and follow the lead of the fast food industry and small businesses that have addressed skill shortages by leveraging technology to help manage work, increase productivity, and reduce burnout.
First, look for technology solutions that prioritize automation. Technology that automates lower-order tasks is relatively easy to deploy, frees up workers’ valuable time and also removes the potential for any human error combing through different risks.
Second, recognize the power of context. In cybersecurity, context can help workers better understand the threats they face and enable them to make better, more accurate, and faster decisions.
Not all threats are the same, so it’s important that context follows automation so that security teams do not waste hours chasing down the most basic of threats that can easily be remediated via technology.
Third, look for technology solutions that leverage the expertise you already have. While context is key for understanding a single threat, it’s also valuable for cybersecurity teams who need to make decisions about which threats to prioritize. Workflow prioritization can help identify and remediate the most dangerous, time-consuming threats instead of randomly remediating threats based on when they’re discovered.
Many solutions already exist that can provide this kind of automation, orchestration and context. For example, if you are monitoring the DNS traffic of your network and your DNS Firewall blocks a request to a malicious site, solutions that can automatically trigger a response to the Network Access Control system to quarantine that user into a sandbox until it can be further researched by an analyst can dramatically reduce the time and effort needed to track down and isolate infected devices. At the same time, systems that automatically send additional context about that user and the request (Who is the user? What kind of machine are they using? Where was the request sent?) to the analyst can give them a head start into researching and ultimately mitigating the threat.
Vulnerability scanners are also a point of note. Oftentimes, they only scan networks at a given interval (once a day, week, or even month. Yes, monthly scans are a thing). Organizations can quickly, easily, and automatically improve their security posture by scanning a device as soon as it connects to the network by leveraging an orchestration flow where the DHCP server automatically identifies the new machine and triggers the scan.
These and other technology solutions that leverage automation, context, and the skills your team already has are not merely a bridge between now and a fully-staffed cybersecurity industry of the future. They are a critical part of a robust cybersecurity platform today, one that both improves network security and extends the capabilities of the team you already have.