Incident Detection Woes Because of Security Skills Shortage

There was a recent article published on the ESG blog talking about the shortage of information security skills and how this is negatively impacting our ability to detect cyber security incidents.  As a practitioner with over 25 years of experience I clearly see the shortage of skills and knowledge of security professionals in incident detection and management.  It is often left to the “Information Security Manager”, that may have some general idea of the details, but more often then not, they do not have the proper training.  Many organizations seem to be hyper-focused on applying the latest technology and how this is going to “make the difference”.  Even with all of the technological advancements, organization’s are only self-detecting an incident about 6% of the time.

I became a Global Information Assurance Certified Incident Handler (license # 312) back in May of 2002.  The changes that have occurred over the last decade in the threat landscape, scope of risks facing organizations, and the evolution and maturity of technology is like comparing the stone age to the Jetsons.  The types of threats today and the velocity in which they can occur requires a new strategy for enterprise companies.

ESG research asked 257 security professionals working at enterprise organizations (i.e., more than 1,000 employees) to identify their biggest incident detection challenges. Here are a few of the results:

• 39% said that their biggest incident detection challenge was a lack of adequate staffing in the security operations/incident detection/response teams
• 28% said that their biggest incident detection challenge was that sophisticated security events have become too hard for us to detect (i.e., lack of the right skills)
• 28% said that their biggest incident detection challenge was that their organizations lack the right level of security analysis skills needed.

So many enterprises don’t have enough security professionals, or their existing security staff lacks the necessary level of security skills, or both. Any one of these issues will undoubtedly increase the time it takes to detect and respond to security events.

Since this problem is bound to get worse, CISOs need appropriate compensating controls and strategies. Incident detection must be anchored by massive data collection along with greater security technology intelligence, automation, and integration. These capabilities must replace today’s dependence on manual processes and security analyst brain power alone.

Given the increasingly dangerous threat landscape, highly effective incident detection and response processes, technologies, and skills are mission-critical.  This is why the security skills shortage and its ramifications increase security risk for all of us.

I always welcome your input and comments.

Read More: Tim’s Security Blog