We’re taking a 30,000-foot view of cybersecurity to understand the state of the industry from an enterprise perspective and share some common challenges faced by diverse industries. Doing so provides infosec leaders insight into how challenges emerge in their workplace and potentially a sense of relief knowing their industry (and themselves, as professionals) are not alone in this struggle.
Cybersecurity remains dynamic and turbulent as businesses and technologies grow in complexity and hackers become more sophisticated. There is much discussion regarding the need to increase cybersecurity spending to expand cyber teams to cover more ground. And, we know that many businesses lack confidence in their current cyber readiness, due in part to many of these common challenges detailed below.
Lack of qualified cybersecurity experts
Finding cybersecurity candidates who possess specific technical skill sets is an uphill battle for many infosec leaders who are trying to grow and expand their cyber teams. According to Harvard Business Review, one of the main reasons is that businesses tend to look for people with traditional technology credentials instead of individuals possessing a wide variety of soft and hard skills. As attacks get more sophisticated varied skill sets will be required to combat them effectively, so leaders would be wise to expand their talent searches to include more diverse skill sets moving forward.
Lack of structured upskilling among talent
Senior staff often have a significant advantage over newer hires because they understand the ins and outs of their company. However, simply because they have advanced in their careers, they are not necessarily the most effective when trying to teach junior staff new skills and approaches to cybersecurity since conducting effective training is often a full-time job itself. Concurrently, it is difficult for IT professionals to consistently remain up-to-date on best practices across all aspects of cybersecurity. In a 2018 ESG Global Report, survey respondents claimed that their organization “had a problematic shortage of cybersecurity skills.” Skills needed include the ability to identify key cyber terrain and risks, protect organizational assets and data, detect unauthorized access and data breaches, respond to cybersecurity events and attacks, and recover normal operations and services. Investing in consistent structured, measurable training to upskill existing team members is an effective way to assess and combat these deficiencies.
Staff retention and fatigue
Since many organizations do not have the proper resources to alleviate heavy workloads and to effectively combat cyber attacks, cybersecurity employees are often fatigued from long hours, immense pressure, and unreasonable workloads. These issues contribute to dissatisfied employees and high attrition rates across the industry. All of these issues taken together pose a serious problem because organizations that are trusting their security to a fatigued and undermanned or under-skilled cyber team is ultimately a threat to us all. CSO magazine recommends that companies assess “the state of mind of key staff members, create work schedules to rotate personnel off the front lines, and provide the right levels of support, stress relief programs, and career counseling.”
Combating common cybersecurity challenges
These challenges are daunting and exist across many industries, keeping many infosec professionals up at night. Fortunately, by expanding the pool of candidates for positions by looking for more diverse skill sets, investing in immersive cybersecurity training, and understanding the state of mind of key staff members including monitoring their level of job satisfaction and fatigue, firms can more effectively combat these common challenges.