As 2017 enters the final stretch, security professionals still find themselves locked in a furious battle with hackers.
Some 80 percent of the IT and security executives surveyed for the most recent AT&T Cybersecurity Insights report said their organizations came under attack during the previous 12 months. The percentage soars to 96 percent for companies in the technology industry.
All the more reason why enterprise defenders are under acute pressure to create multiple layers of defense, detection and mitigation to withstand future attacks. But what worked in the past is no guarantee it will work in the future. This is a threat landscape that is fluid and changes from one year to the next.
Tool Up for the Long Haul
In the end, a good cyberdefense strategy depends on making hard decisions that correctly match investments against an organization’s risk profile. There’s never a one-size-fits-all solution, but the approach should start with the recognition that breaches are inevitable. Then it’s up to management to select countermeasures that will mitigate potential damage, all the while ordering steps to routinely tighten up vulnerabilities in order to reduce the risk of a devastating attack.
The stakes are as high as ever: Ponemon Institute estimates the average cost of a data breach in 2017 at $3.6 million. But in the AT&T report, 65 percent of the executives surveyed expressed confidence about their ability to handle cybersecurity challenges in the coming year.
Also, more than two-thirds (70 percent) of them said they plan to increase their investments in next-generation security technologies, including threat analytics, cloud security solutions and machine learning.
New skills will clearly be in high demand as organizations seek to deploy next-generation technologies in areas such as cloud security, data science and analytics. And as more information gets pumped out daily, artificial security intelligence will become increasingly important.
Clearly, those new tools and techniques would not only come in handy against their adversaries. They can also help bridge gaps in their cybersecurity defenses exacerbated by a nagging skills shortage. But what if they don’t have the personnel to deploy them?
Half of the organizations surveyed by AT&T indicated they plan to increase their security staffs over the next 12 months. However, talent has never been as tough to come by. The U.S. has a reported skills gap of 300,000 cybersecurity experts. The shortage is particularly evident when it comes to threat prevention, threat detection and threat analysis – three of the most important areas of any cyberdefense.
Even those organizations that lean heavily toward security technology can be hard-pressed to stay abreast of the rapid advances in security defense because of the state of the IT jobs marketplace.
In the interim, one option is to increase the use of outside consultants and managed service providers, who can provide the needed next-gen capabilities to deal with this ever-changing constellation of cyberthreats.
These specialists are able to attract top-of-the-line talent and can implement cutting-edge security technologies rapidly. They also can deploy analytics that generate deep insights about the overall threat landscape – knowledge that can be shared with all of their customers to strengthen their own defensive postures.