The status on cybersecurity is fairly clear: 82% of employers report that their cybersecurity skills are not enough to handle the rising number of cyber incidents (Center for Strategic & International Studies, 2019. The Cybersecurity Workforce Gap). There is a gap – a gap between the skills needed for strong cybersecurity, and the skills you actually have. It is an individual problem, but also an enterprise problem and a global problem. The vast majority of the world simply does not have the skills to keep up with the cyber risks that we know exist.
Three Critical Elements to Closing the Skills Gap
KuppingerCole research shows that there are three critical elements required to close the cybersecurity skills gap: education, tools, and collaboration. Skills require having adequate knowledge: what are the typical attack vectors of a cyber incident? What are the best processes to have in place? Skills also require using the correct tools: a skilled carpenter would never use a welder in his woodwork. So why do many still cut corners by jerry-rigging inadequate tools to fit security purposes? Lastly, these skills require collaboration. Some aspects of cybersecurity should come from in-house; others would be far more efficient coming from a Managed Security Service Provider (MSSP). Deciding what the appropriate balance is requires insight into your own team’s capabilities.
The Role of Organizational Change Management
Closing the cybersecurity skills gap is also an organizational change problem. Very often, incident response management programs do not have the full support of senior management, or face implementation challenges when employees do not fully understand new processes. Experience plays a dominant role here; the misconception is that only a few people are relevant to cybersecurity programs when in fact, every person in an organization should play an active role. Taking the time to build allies in an organization, communicate with and train coworkers, and assess progress is fundamental to building cybersecurity skills in an organization.
This skills shortage paradigm is shifting. Having identified the critical elements to building cybersecurity capacity, KuppingerCole Analysts pulled from years of experience working alongside companies to implement top-of-the-line cybersecurity programs to create a master class bringing pivotal knowledge to the right people. Every individual is a critical actor in a cybersecurity program. The global economy does lack trained cybersecurity professionals, but training for these skills is no longer inaccessible.
A Solution to the Skills Gap
The first steps to building up cybersecurity begin with knowing the organization in question. An analysis of capabilities already covered in an organization should be made, and careful consideration should be given to where an organization should supplement with MSSPs. KuppingerCole can help support in this process. The KC Master Class facilitates a tight relationship with the trainer, a senior KC analyst. Individualized workshops, 1:1 problem solving sessions, and decision support is built into the masterclass. A modern learning style combines a digital/analog instructional environment with real-world, bootcamp-style meetings and eLearning materials. The process is conducted in close contact with the trainer and expert community, using standard collaboration software such as MS Teams.
Lead Analyst Alexei Balaganski writes: “the primary reason for not doing security properly is insufficient guidance and a lack of widely accepted best practices in every area of cybersecurity.” Each individual has the capacity to change this reality. KuppingerCole can help do this.