Large organizations are understaffed and lack the right skills for things such as threat hunting, prioritizing alerts, and forensic investigations.
According to ESG research, 45% of organizations report having a problematic shortage of cybersecurity skills in 2017. Of course, this applies to all areas of cybersecurity but recent ESG research shows that the skills shortage has a direct impact on security analytics and operations. The research reveals:
- 54% of organizations say they don’t have the appropriate security operations skills for an organization of their size.
- 57% of organizations say they don’t have appropriate security operations staffing for an organization of their size.
Based upon this data, it is safe to assume that many organizations are understaffed and lack the right security operations skills – a double cybersecurity whammy!
Top security operations weaknesses
The research also reveals some of the ramifications of these cybersecurity skills shortages. When asked to identify their top security operations weaknesses, cybersecurity professionals pointed to things such as:
- Threat hunting. Many organizations simply lack the advanced skills necessary for threat hunting, while others are too busy responding to incidents to establish more proactive practices.
- Assessing and prioritizing alerts. CISOs have added lots of threat detection tools and services over the past few years, producing a tsunami of additional security alerts. These technology investments may for naught, however, as the research indicates SOC teams can’t keep up with all the noise generated by the growing volume of alerts.
- Computer forensics. When security operations teams respond to security events, they tend to put out obvious fires but often fail to proceed to the next step — seeking out the root cause of the blaze. Once again, they are either too busy or lack the advanced forensic skills necessary for this task.
- Security incident lifecycle management. In a perfect world, all security incidents are tracked from discovery, through investigations, and on to remediation. This tracking requires formal documented processes and a case management system that captures data and analysts’ notes, manages workflows, assigns tasks, and issues reports on what’s open and what’s closed. Alas, too many organizations rely on email, spreadsheets, and informal processes, making incident lifecycle management a chaotic affair at best.
Sadly, most organizations are in a position where there is too much work and not enough people to do it. Even when bodies are available, some of the work requires advanced skills.
The cybersecurity skills shortage is an existential threat because it impacts everything we do to safeguard digital assets. In this case, the ESG data reveals that the cybersecurity skills shortage has a direct effect on security operations and our ability to prevent, detect, and respond to security incidents.
It is worth mentioning that ESG is about to publish a new research report in conjunction with the Information Systems Security Association (ISSA) that looks at the ramifications of the cybersecurity skills shortage in depth. Stay tuned!