There appears to be no end in sight to both the abundance and the evolution of cyberthreats. Ransomware continues to rise — a particularly jarring development as the Internet of Things overtakes mobile as a primary concern — and organizations increasingly believe an attack is more a matter of when than if.
Compounding the problem for small and medium-sized businesses is a dearth of cybersecurity talent available to tackle the challenge head-on.
The skills gap is real: Fewer than 60 percent of organizations surveyed say they receive at least five applications for every cybersecurity opening, and only 13 percent of respondents receive 20 or more applications, according to a study by ISACA’s Cybersecurity Nexus. Most corporate job openings, by comparison, receive between 60 and 250 applicants.
Additionally, 37 percent of respondents told ISACA that only a quarter of job candidates have the qualifications necessary to mitigate cyberthreats and maintain security adequately.
Such an environment makes a strategic approach to cybersecurity that much more crucial for SMBs.
AI, Network Segmentation Help Guard Against Threats
Companies can ill afford to swing and miss in risk mitigation, as a successful cyberattack can result in catastrophic downtime, crippling costs and reputational damage.
San Francisco public TV and radio station KQED, which suffered a ransomware attack in June that practically knocked out the organization’s IT infrastructure, backed up its data and avoided having to pay ransom.
Nevertheless, it took months for the company to fully restore its systems.
More than four in 10 organizations recently surveyed by IDG Research on behalf of CDW say they have experienced a serious security breach, with another 22 percent saying they’ve discovered a near breach. Nearly one-third of those report that weeks passed — or longer — before they were able to remediate the breach or near breach.
As part of its rebuilding strategy, KQED now uses anti-virus software from Carbon Black that features signature-based and behavioral analysis to detect suspicious activity and pre-emptively block zero-day attacks. It also turned to network segmentation to limit user access.
Meanwhile, other organizations are leaning on artificial intelligence to turn the tide. San Jose, Calif.-based engineering services company Cadence Design Systems has deployed AI-enhanced technology from HPE Aruba to keep track of user actions and stay ahead of cyberthreats.
In addition to technology deployment, organizations are increasing their spending in areas such as employee education and outsourcing to manage cybersecurity, according to IDG.
Thirty-four percent of survey respondents say they plan to allocate more budget toward IT staff training on security, while 13 percent call non-IT staff training a priority. Meanwhile, 25 percent of respondents say they will invest more heavily in managed security and outsourced operations.
How Outsourcing Can Improve Cybersecurity
Outsourcing can be particularly appealing because it allows SMBs to hire expert providers to manage security services on their behalf, meaning less likelihood of potential missteps by a smaller, more burdened team.
Organizations also are exploring partnerships with schools. The National Initiative for Cybersecurity Education, led by the National Institute of Standards and Technology, is a partnership between the government, academia and the private sector that encourages training to help students and potential employees better prepare for a career in IT security.
In November, a NICE webinar focused on the best ways for individuals to obtain valuable, real-world cybersecurity work experience.
For SMBs looking to overcome the current shortage of cybersecurity talent, it’s important to explore all available options to ensure privacy and reliability for customers, partners and all stakeholders.