Bridging the Cybersecurity Skills Gap with Managed Detection and Response
By Rena Stern
Editor’s Note: Staffing shortages in cybersecurity are placing businesses and security operations in jeopardy. Download Bridging the Cybersecurity Skills Gap, an eBook offering real-world strategies that you can use today, including managing security operations through staff augmentation, advanced technologies, and risk management frameworks.
It’s an intense world for Security Leaders nowadays. So much so they can’t break away to take much needed time off for holidays, nights, and weekends.
Why? The reasons for the intensity crept up over the last three years. For example, Security Leaders need to be aware of threat intel, attacks, and potential IoCs out in the global landscape.
To recap one news week cycle in January 2022, headlines featured at least eight different ransomware campaigns actively targeting organizations around the world. Combined with the massive shift to hybrid and remote work, the on-going malicious infiltration of businesses by cybercriminals leveraging a constant influx of high-risk vulnerabilities, and rampant ransomware, IT and InfoSec teams have been left understaffed to manage critical daily tasks required for 24/7365 security operations.
If this weren’t enough pressure, CISOs need to continually recruit and hire new security talent. Given the reality that there are an estimated 360K unfilled IT Security Jobs in the U.S and a shortage of almost 3 million cybersecurity practitioners worldwide, staffing mission-critical security operations (SecOps) activities can feel like mission impossible.
A competitive marketplace with high salaries and staff turnover contributes to this perfect storm, creating a risk management nightmare for Security Leaders who need to deliver 24/7 security monitoring, preventing them from taking a day off.
Challenges of Building a SecOps Team and Security Operations Center (SOC)
The new e-book, Bridging the SecOps Skills Gap, examines how the skills shortage—and the numerous issues associated with it—result in increased cyber risk for many organizations.
The factors that are causing the gap to widening include:
- Rapidly evolving threats and constant attacks
- Skills diversification leading to 50+ roles that security professionals can now pursue—each requiring specialized skills and expertise, fragmenting an already limited base of talent, that is often not fully understood or represented accurately by recruiters or HR professionals
- Inability to recruit experienced security staff to fill critical roles, like security event detection, threat hunting, and incident response;
- Expensive costs associated with hiring full-time staff, including a Chief Information Security Officer (CISO), SOC Analyst, and Threat Hunter, leaves little for entry-level positions for new talent to gain on-the-job skills; and,
- Increasing skills requirements to manage Cloud storage, EDR, SIEM AI, and ML technologies securely
- Staffing shortages (both lack of staffing both in quantity and skill level)
- Increasing security compliance and risk requirements require dedicated resources to support
How an Optimized SOC Can Help Reduce Risk
A fully optimized SOC—complete with threat hunting and intelligence capabilities, forensics and analysis, vulnerability management, SIEM, SOAR, and identity and access governance, among other things—can provide the critical support necessary to identify, protect, and remediate the advanced and sophisticated threats plaguing enterprise. To get to the fully optimized SOC stage, businesses need to implement core security technologies and staff them with the right personnel—something that can’t easily be achieved in the current security environment.
Solving the Staffing Problem in Security Operations Now
The cybersecurity skills gap will likely take years to overcome if the only approach used by enterprises is the education and training of new cybersecurity professionals. Intensive recruiting and the hiring of staff won’t solve the problem. In a recent study, 70% of the responding cybersecurity practitioners reported that they are constantly recruited for new positions, many of which offer better pay and benefits. Information Security professionals, on average, stay in one job for less than 12 months. This scenario of recirculating the same limited and already-stretched-thin staff only contributes to the ongoing problems with burnout and alert fatigue.
Benefits of Using MDR to Staff SecOps and the SOC
Working with a Managed Detection and Response (MDR) provider can help businesses optimize the entirety of their security operations. Outsourcing SecOps and SOC activities to an MDR offers cost benefits over attempting to manage security in house.
Working with an MDR provider to deliver security services can help:
- Reduce cybersecurity costs
- Reduce alert fatigue
- Augment staff
- Inventory management
- Support business growth through scalability
- Ongoing management and maintenance of security tools
- Incident response
- Improve visibility
- Improve ROI
Security Operations Staffing for the Future
An experienced and customer focused MDR partner can support SecOps and SOC activities with 27/7/365 monitoring. This includes using the right SIEM technology to collect massive volumes of data in real-time to detect advanced attacks and to raise alerts about anomalies such as insider threats and other hard-to-detect use cases. Another key component of working with an MDR is ensuring that the enterprise has a risk management framework in place to help minimize threats and attack impact.
To learn more about how organizations can deal with the impacts of too few skilled security staff in a world with far too many threats, download the e-book Bridging the SecOps Skills Gap today.
Overworked CISOs are Skipping Family Vacations and Holidays; https://www.infosecurity-magazine.com/news/overworked-cisos-are-skipping/
(ISC)² Cybersecurity Workforce Study, 2021; A Resilient Cybersecurity Profession Charts the Path Forward; https://www.isc2.org/Research/Workforce-Study#