What are the biggest risks to your business?
I know there are many, so focus only on the top five—the ones that settle like a rock in your stomach and make you lose sleep from worry.
Pick the big risks. The kind that get the CEO’s attention, prompting the dreaded “How could we let this happen to us?” question no one ever wants to hear.
If you’re like most of us, the risk of a major cyber attack is on your list. In fact, it’s probably among the top three.
It seems like every time we scroll on our smartphone, there’s a story about a cyber attack somewhere—news about identity theft or a big data breach or some other hacking incident. Hardly a news cycle goes by without one.
Cyber crime makes headlines and results in the loss of billions every year. In 2015, Lloyd’s of London estimated the cost at $400 billion per year. And Juniper Research predicted the cost would exceed $2 trillion per year by 2019.
Cost estimates and predictions may vary among different groups, but experts agree that cyber attacks are a serious risk, and a major incident can damage public image and disrupt business operations significantly.
CEOs understand what is at stake. That’s one of the reasons Berkshire Hathaway CEO Warren Buffett called cyber attacks, at the 2016 shareholder’s meeting, one of the biggest threats facing his company’s “economic well-being over time.”
Beefing up cyber security takes talent.
Your cyber security program is your defense against the threats that are out there. A mature program consists of skilled people, well-defined processes and procedures, and effective security technologies. If you’re having a hard time finding security talent, you’re not alone. In 2015, Peninsula Press (a project of Stanford Journalism) reported that 209,000 cyber security jobs in the U.S. were unfilled based on their analysis of data from the Bureau of Labor Statistics.
Fast forward to today, and, unfortunately, the problem hasn’t changed. According to a recent survey by Enterprise Storage Group (as reported in this Network World article), 45% of organizations reported a “problematic shortage” of cyber security skills, representing a 17% increase from their 2015 survey results.
The shortage of skills creates a problem. But the obstacle is not insurmountable. Despite the talent shortage, here are five things you can do to find resources and build an effective cyber security program.
1. Find your gaps and fix what you can
Cyber threats continue to evolve, becoming more complex and sophisticated over time. Your approach to security management also must evolve to keep pace. It all starts with a security program based on a solid framework. Review your current approach, assess effectiveness, and take action as needed to improve your security program.
2. Don’t be too restrictive when reviewing candidate credentials
Strike a balance when defining candidate credentials. Don’t make the job requirements so specific, unless it’s absolutely necessary, that you eliminate a high percentage of applicants. Does the candidate really need a CISSP certification and 5-7 years of experience to do the job?
In addition, when there is a shortage of talent available, it’s tempting to take job duties from multiple positions and combine them into one role. But it’s hard to fill three positions with one person. Each position requires different skills. Some overlap may occur, but it may not be sufficient enough for the person to succeed. Writing a job description loaded with too many responsibilities and stringent requirements may prevent good candidates from even applying.
3. Get creative
Look outside of the security profession for candidates. Some of the best analysts may not have a security background or even a degree in information technology (IT). Security is like solving a mystery. Find people who are problem solvers. Look for candidates with strong investigative skills who can think creatively. If they have good investigative skills and can challenge assumptions and conventional thinking, you can teach them to be an analyst.
4. Leverage outside resources
Experienced resources are in high demand. Senior-level positions, such as CSO, CISO, and Senior Analyst, are difficult to hire and even harder to retain. But many are willing to work under contract. It’s a great way to bring in expertise when you need it, augment your current staff, and help you bolster your security program. Check into virtual CISO (vCISO) or staffing solutions as a way to fill gaps on your security team.
5. Consider partnering with a service provider
Don’t have a fully-staffed, 24/7/365 security operations center (SOC)? Consider partnering with a provider of Managed Security Services to get one. Service providers can augment your current staff, offload monitoring and other routine tasks, and let your security team focus on strategic projects.
Staying ahead of cyber threats is an ongoing battle. For more information on how ePlus can help you find the security talent you need to be successful, click here to get in touch with us or contact your ePlus Account Executive.