According to a recent study by the Ponemon Institute and Juniper Networks, more than half of enterprise representatives that participated reported being unsure of where to implement automation when it comes to security.
This is despite 70% of participants reporting a view that automation is important to securing their business.
According to the findings of the report, many participants are experiencing a shortage of experienced security staff in proportion to the amount of cyber attacks.
Only 35% of enterprise representatives who took part said that adequate staff were on hand within their companies to deal with cyber threats.
“The digital skills gap is a real issue which is manifesting itself in multiple ways in the business, from an inability to deal with cyber attacks to organisations struggling to implement automation, as this new research has discovered,” said the CTO of Ivanti’s EMEA branch, Simon Townsend.
“Ultimately, we need to be encouraging students in schools to embrace STEM subjects in greater numbers – less than one in ten students in the UK leave secondary school with an A-level in maths or physics,” Townsend added.
“However, producing fresh talent takes time. So, while businesses do need to be engaging with the government and education system in order to motivate young people to move into the digital space, things also need to be done now.”
As far as dealing with the lack of qualified personnel was concerned, 57% of respondents declared inability to hire appropriate staff to deal with cyber attacks, while 63% reported difficulties in installing automated security software with legacy systems.
According to Townsend, the skills that technical staff have are being left in the lurch by their company’s evolution, which the Ivanti CTO – EMEA says comes partly down to the IT and security departments “moving closer together”.
“Technical staff need to have flexible skills that allow them to evolve as technology does.”
“Companies can encourage this by changing the way that technical roles work: they need to create new job titles and bring in a compensation structure and revenue targets to encourage tech roles to actively drive an increase in business efficiency within the organisation.”
The welfare strategies against cyber attacks that businesses are implementing consist solely of stand-alone tools, which leads to vendor sprawl, according to the report.
>See also: The rise of virtual sprawl
“Whilst the research has found that “vendor sprawl” is creating chaos, the right technology can also be a huge help when it comes to managing the skills gap,” Townsend stated.
“When defending against cybercrime it is critical to have a layered defence to security in place that includes all of the basics: patching, application whitelisting, privilege whitelisting and end-user cybersecurity training and awareness.”
According to Cybersecurity Ventures’ 2018 Market Report, businesses around the world will have to fork out over $6 trillion a year while dealing with 3.5 million unfilled security jobs by the year 2021.
Diagnosing the issue
Elsewhere within the survey’s findings, increased productivity of security personnel (64%) and automated correlation of threat behaviour to address the volume of threats 60%) were the two most mentioned reasons for security automation being needed.
Director of Security Portfolio Marketing at Juniper Networks, Amy James commented that the lack of regulation on hand to deal with cybercrime is a key factor in the rise in cyber attacks that businesses have to deal with.
“The cybercrime landscape is incredibly vast, organised and automated – cybercriminals have deep pockets and no rules, so they set the bar,” James said.
“Organisations need to level the playing field. You simply cannot have manual security solutions and expect to successfully battle cybercriminals, much less get ahead of their next moves.”
“Automation is crucial.”
The glass ceiling
As far as executive roles relating to technical security issues are concerned, Townsend believes that executives in technical positions, namely CIO or CISO, should be promoted to CEO more often if the appropriate opportunity to promote them arrives.
“With businesses increasingly relying on technology in order to succeed, CEOs should not just be business minded but they should have technical knowledge as well, so the transition from CIO/CISO to CEO should be encouraged,” he said.
“People in technical roles should receive business training, and other employees should receive technical training with the incentive of high-level career progression.”
“Digital roles should be re-positioned as a stepping stone to leadership.”