The Cybersecurity Skills Gap

It’s not difficult to find worrying predictions from experts who say the cybersecurity sector desperately needs to figure out how to address its skills shortage.

However, a new report from McAfee titled “Navigating a Cloudy Sky” highlights that skills gap in a targeted way that some other research documents overlook.

It takes a deep dive into all aspects of security in the cloud computing industry. Some of the statistics the report uncovers are positive, such as that 97 percent of worldwide respondents are using some cloud technologies in their organization, representing a 4 percent growth compared to a year ago.

However, businesses that are either planning to implement cloud computing into their organizations or already have done so must not overlook security strategies.

That’s because the McAfee report reveals that one in four organizations using Infrastructure-as-a-Service (IaaS) or Software-as-a-Service (SaaS) have experienced cybersecurity threats resulting in stolen data, while one in five were infiltrated by advanced attackers targeting their public cloud infrastructures.

Most Organizations Implement Cloud-First Strategies

In 2017, 65 percent of companies in the survey reported they were moving directly to the cloud by using cloud-first strategies.

The report suggests that the reason for the majority percentage is that the businesses polled had undergone periods of experimentation that allowed them to try out the best options and choose the ones that were most applicable.

One downside to the cloud-first approach, though, is that compared to organizations that chose not to adopt it, they are twice as likely to have realized that malware originated from a public cloud service such as Dropbox or office 365.

Increasing the IT Budget Could Aid in Hiring and Learning Efforts

Companies reportedly devote 27 percent of IT security budgets to cloud-related matters and expect that amount to grow by 10 percent over the next year.

If company decision-makers are serious about reducing some of the security risks already described, they could encourage the allocation of additional funds to spur the hiring process or set aside portions of the budget to hear tips from experts in the field.

Taking the latter approach could give companies crucial information about some of the emerging trends in the cybersecurity industry, allowing them to better prepare for them.

Compared to attacks carried out in previous years, the ones that have occurred recently often provide higher payouts to criminals, making them more alluring to attempt. Also, as it turns out, apps are the main sources of breaches within organizations.

Cybersecurity Skills Shortages Delay Cloud Adoption

Sometimes the lack of cybersecurity talent at a company not only puts it more at risk, but also delays implementing cloud technologies. The percentage of organizations that reported they did not have a cybersecurity skills shortage rose in 2017 to 24 percent, up from 15 percent.

Importantly, though, the problem is nonetheless severe. About 40 percent of those polled said such shortages prevented them from moving to the cloud as swiftly as they’d have liked.

Data from the 2017 ISACA State of Cyber Security study included statistics that potentially revealed more details about those delays. For example, 32 percent of businesses said it took them at least six months to fill security roles, and only 13 percent got at least 20 applicants.

Sometimes those issues mean companies have to become particularly resourceful. A CTO interviewed as part of the McAfee findings agreed there are not enough cybersecurity experts to cater to all the companies that want to hire them.

The individual said they are partnering with consultants, managed Service Providers and their cloud providers to deal with the skills gap in ways that make sense.

Businesses Want a Centralized System to Manage Multiple Providers

The McAfee study found that when possible, companies prefer to use one cloud management system that’s compatible with all the services and providers they use.

From the security side of things, they conclude that dependence on many management portals makes it too easy for cybercriminals to gain access without being noticed.

Having a centralized system also has advantages concerning control of the cloud. However, in cases when complete control of the cloud wasn’t possible, those surveyed admitted they’d value total visibility of what’s happening in the cloud instead of only being able to exert control over a portion of it.

McAfee’s report highlights how although fewer companies report cybersecurity skills shortages, the lack is problematic for those that cannot fill positions and want to move to the cloud.

Therefore, continued efforts to reduce the skills shortage are essential.

By Kayla Mathews