How Businesses are Surviving the Cyber Talent Shortage

by | Mar 4, 2022 | Services | 0 comments

The Shortage of Cyber Talent

Blog 1 in the aaS Series

In the “adapt or die” environment of the past two years, a lot of businesses have come out of the frying pan only to be put into the fire. After braving the remote transition, an unprecedented amount of cyber attacks and the migration of everything to an IoT moving at breakneck speed, companies now have to face the fact that there might not be enough skilled workers to do the job. Or, that they can’t pay more than the next guy to get it done the traditional way.

As-a-Service (aaS) offerings provide a way to level the playing field and give enterprises a leg up when out-staffed, outspent and out of time. Here’s how they’re keeping businesses in the game.

Automate or die

Now is the perfect time to beat the labor market at its own game. The cyber workforce shortage stems from an increase in cyber threats and not enough people already in the field to staff that demand. Leading to the sense of urgency are rampant malware campaigns such as WannaCry and NotPetya, and security breaches like the ones recently targeting Colonial Pipeline and SolarWinds. According to Newsweek, a cyber attack occurs once every 39 seconds in the US.1 Says Bryan Orme, principal at GuidePoint Security, “It’s a talent war. There’s a shortage of supply and increased demand.”2

A cybersecurity workforce study by ISACA’s Cybersecurity Nexus (CSX) reveals that only 59 percent of surveyed organizations report even receiving five applications for each open cybersecurity position, and half of respondents say those applicants are not well qualified.3 Hence, nearly 40% report using outside contractors to fill cyber jobs and nearly a quarter report an increased reliance on AI and automation.4 It’s a good thing, as the shortage of IT workers is projected to reach 1.8 million this year.5

Maybe Henry Ford needed hundreds of assembly line workers, but in this day and age – you don’t. A 150% increase in data packets over your networks shouldn’t mean a 150% increase in security staff to vet them all. It makes no sense to pay for labor intensive tasks to be done the hard way when the company next door is turning to automated solutions that allow their skilled workers to make skilled decisions – not perform perfunctory tasks that pull them away from the critical parts of their jobs.

Leveraging aaS

As-a-Service offerings (also known as flexible consumption models (FCM) or XaaS) revolve around the customer – not the product.6 They typically outsource a valuable aspect of the company’s operations, providing them with less upfront costs, deeper insights into data and a team of on-hand experts ready to reduce operational costs by only charging for the services provided (not high salaries or benefits packages). For these reasons, aaS solutions are uniquely suited to a worker shortage environment.

It might be startling to find out all that today’s technology has equipped aaS offerings to do. With enough know-how, you can have the following benefits through available aaS solutions:

●  24/7 security event monitoring and enterprise level technology at SMB and SME prices.

●  Enterprise level penetration testing at a per IP price point.

●  Reduce IT overhead. You no longer need an IT professional at every location; know that multiple professionals are monitoring your enterprise from one central locale and reporting the results back to you in real time with Meraki.

●  Offload tedium by allowing aaS AI to automate your labor intensive tasks as a whole – not just security tasks –  and free up your professionals for mind work.

●  An enterprise level Security Operations Center (SOC). Port53 recently released an SOC-as-a-service to make enterprise level SOC capabilities available at SMB and SME prices. Powered by CiscoSecureX, the service level agreements are on par with managed detection and response services offered at an enterprise level.

Benefits of an aaS economy

The aaS economy has allowed businesses to compete where sheer manpower had excluded competition before. Businesses facing spiked technology demands, and frankly ones without the bankroll to staff traditional options, are finding viability in aaS solutions. Ironically, the lessened staff may keep them safer. According to the 2021 Verizon Data Breach Investigations Report (DBIR), 85% of breaches involved a human element (which include insecure passwords, privilege abuse and employees duped by phishing attacks).7

Fewer people means fewer errors, and fewer breaches. Considering the average cost of a data breach in 2021 was USD 4.24 million, the considerations are not insignificant.

Free humans to do human jobs

You can do things the old way. Many companies still are, and larger companies will take longer to transition, as they always do. However, younger and more agile ones are already taking advantage of aaS solutions and the leverage it offers teams. Instead of being mired in the paralysis of an unprecedented cyber labor shortage, they’re hiring out their repetitive tasks, security and otherwise, and allowing their skilled workers to do the jobs for which they have been trained.

Learn more about our aaS offerings.

Sources

1.  Rouhandeh, Alex J.. “Cyber Talent Shortage Undermines U.S. in Cyber Warfare,” Newsweek, 17 June 2021, https://www.newsweek.com/cyber-talent-shortage-undermines-us-cyber-warfare-1601384, accessed February 2022.

2.  Duffy, Clare. “Wanted: Millions of cybersecurity pros. Salary: Whatever you want.” CNN Business, 28 May 2021, https://www.cnn.com/2021/05/28/tech/cybersecurity-labor-shortage/index.html, accessed February 2022.

3.  ISACA, “Cybersecurity Skills Gap Leaves 1 in 4 Organizations Exposed for Six Months or Longer,” ISACA, 13 February 2017, https://www.isaca.org/why-isaca/about-us/newsroom/press-releases/2017/survey-cyber-security-skills-gap-leaves-1-in-4-organizations-exposed-for-six-months-or-longer,  accessed February 2022.

4.  ISACA, “New ISACA Study Finds Cybersecurity Minimally Impacted By Pandemic, But Still Grappling With Persistent Hiring Challenges,” ISACA, 4 May 2021, https://www.isaca.org/why-isaca/about-us/newsroom/press-releases/2021/new-isaca-study-finds-cybersecurity-workforce-minimally-impacted-by-pandemic-but-still-grappling, accessed February 2022.

5.  (ISC)2, “The 2017 Global Information Security Workforce Study: Women in Cybersecurity,” (ISC)2, March 2017, https://1c7fab3im83f5gqiow2qqs2k-wpengine.netdna-ssl.com/wp-content/uploads/2019/01/women-cybersecurity-11-percent.pdf, accessed February 2022.

6.  Arora, Abhi et al. “The shift to flexible consumption,” Deloitte Insights, 3 August 2018, https://www2.deloitte.com/us/en/insights/topics/strategy/as-a-service-business-model-flexible-consumption.html, accessed February 2022.

7.  Spitzner, Lance. “2021 Verizon Data Breach Insights,” SANS, 17 June 2021, https://www.sans.org/blog/2021-verizon-data-breach-incident-report-insights/, accessed February 2022.

8.  “How much does a data breach cost?” IBM, https://www.ibm.com/security/data-breach, accessed February 2022.