Reduce human error cyberattacks with security training & partnerships

Image from Unsplash

Although ransomware continues to be a primary concern of most organizations, human error is — and will continue to be — the greatest cyberthreat. Organizations are increasingly facing a lack of basic cybersecurity knowledge and skillset, and a number are turning to managed service providers (MSPs) to fill that gap.

The growing cyber knowledge and skills gap

There are 3.5 million unfilled cybersecurity jobs globally — an increase compared to 1 million vacancies in 2013. Meanwhile, the demand for information security analysts in the U.S. will grow by 33% as of 2030, compared to just 8% for occupations overall. The demand is understandable, given that there were more than 847,000 reported internet crimes in 2021, up from less than 468,000 in 2019.

This means a company may seek at least a dozen people to staff a 24/7/365 security operations center (SOC), but could have to get by with only three or four. Those staffers will struggle to field an onslaught of non-stop alerts and eventually burn out and leave — two-thirds of IT professionals say alert fatigue directly contributes to turnover. When they depart, they’ll take all of the knowledge of the company, systems and processes with them.

In addition to knowledge gaps due to limited cybersecurity staff and employee turnover, organizations face another security challenge: a lack of employee cybersecurity awareness. Not only do organizations struggle to fill IT security positions, they must also focus on training employees to mitigate cyber risk. Training employees just to spot phishing emails is not enough. Security leaders should ensure they are training employees across the organization in many aspects of cybersecurity, including password hygiene and accurate system configuration.

In contrast, on the adversary side things couldn’t get better. Barriers to entry into the cybercrime space are ridiculously low, and affordable tools are readily available on the dark web. As a result, bad actors can launch a cybercrime business for less than $1,000. Before long, they’re paying their recruits more than their target organizations do because they’re making so much money. They also offer vacation time and retirement plans, just like a “real” employer.

What can chief information security officers (CISOs) do to close this knowledge and skills gap and improve their organization’s security posture against the growing threat of cyber gangs? Some have chosen to start by consulting an MSP to fill in the gaps.

Choosing an MSP: What security leaders should know

MSPs offer services that can help organizations close the cybersecurity skills gap and harden their networks against cyber threats. Before choosing an MSP, consider the following:

Conduct an audit: First, take a look at the mix of people, processes and technology needed at the organization and identify security gaps. For example, a lot of mid-sized companies have not migrated to the cloud yet due to security concerns and lack of skilled staff. Focus on MSPs that provide a comprehensive list of services such as infrastructure management. Security should be a foundational part of every conversation.
Evaluate Security as a Service offerings: Security leaders can consider Security as a Service solutions to help force-multiply the reach of their IT staff. MSPs can provide security analysts who can remove the burden of triage from in-house IT staffers, sort and classify alerts, and conduct investigations. A CISO’s internal team members then can prioritize security initiatives that contribute to their organization’s overarching strategic vision.
Define organizational security posture: Assess the current security posture and define future goals for scale and security. Being clear on the business and security outcomes of cybersecurity initiatives can help a team reach success.

Organizations can close the cybersecurity skills gap and enable CISOs to hand off the onerous burden of alert monitoring/detection and response by working with external partners. While MSPs can be a great part of an organization’s IT team, cyber leadership should continue to invest in cybersecurity awareness training across the entire organization to measurably reduce data breaches caused by human error.

Shannon Davis is the Global Director of Partner Readiness at Alert Logic by HelpSystems, regularly consulting with companies to increase awareness of the current threat landscape and the security solutions and best practices available to stay protected. He is focused on scaling those concepts globally while developing strategic relationships. Davis has over 10 years of IT sales and marketing experience with expertise in cybersecurity, MSP, MSSP, AWS, Azure, VMware and more.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.

Reduce human error cyberattacks with security training & partnerships

The growing cyber knowledge and skills gap

Choosing an MSP: What security leaders should know

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

Reduce human error cyberattacks with security training & partnerships

The growing cyber knowledge and skills gap

Choosing an MSP: What security leaders should know

Share This Story

Related Articles

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.