How CIOs Can Address the Growing Cybersecurity Talent Gap
By If there’s one thing keeping CIOs up at night in 2023, it’s cybersecurity. Between the sudden shift to hybrid work models and the increased reliance on the internet for business tactics of every kind, the last few years have brought an unprecedented rise in enterprise vulnerabilities. DDoS attacks, ransomware attacks, and data breaches all rose measurably recently, leaving tech leaders working overtime trying to secure their networks.
Sixty-five percent of CIOs say cybersecurity is their organization’s top technology priority, according to a 2022 survey by CIO.com. Meanwhile, more than 60% of enterprise respondents told ISACA they had unfilled cybersecurity positions, while 47% of companies said it takes between three and six months to fill a cybersecurity position.
Enterprises will need to address the shortage of cybersecurity talent in a number of ways. Among them are upskilling of internal IT resources through third-party security education and certification programs and through widespread internal cybersecurity training, which extends to non-IT executives, software developers, legal counsel, and everyday employees in how they handle sensitive data and attempted fraudulent activity, such as phishing.
Another approach is using specialized third-party vendors or managed security service providers (MSSPs) who can assume some aspects of a company’s security duties. MSSPs augment in-house tech teams with tools that monitor and combat cyberattacks and expert service teams that help to prevent and mitigate cyber-attacks 24/7. Even with a fully staffed tech team, an MSSP can be a lifesaver for enterprise companies trying to secure an ever-widening footprint.
“We had a client who thought they had a performance issue, but once we turned on the DDOS detection, we showed them beyond a shadow of a doubt that they were being attacked.”
— Martin Capurro, Comcast Business
“Finding people who have that security expertise and can also quickly be effective with your company is tricky right now,” says Martin Capurro, VP of Managed Services for Comcast Business. “The trend that we’re seeing is a lot of companies, rather than trying to do it all themselves, are turning to their provider of networking services and saying, ‘Can you help me make this network more secure?’”
Finding security services that fit your business
Perhaps the most important thing to understand is that single-point security solutions are falling out of favor. In recent years, the cyber threats facing enterprises have grown not just in number but also in variety, making it necessary to use a multi-layer strategy that protects against everything and provides end-to-end security. An MSSP that understands this will offer unified threat management (UTM). Good UTM packages include a wide variety of formerly disparate advanced security functions, all of which can be monitored and managed from a single user-friendly interface.
Protection against DDOS attacks is also essential for any large business. Such attacks have become so common today, says Capurro, that many clients don’t even realize they’re being targeted. “We had a client who thought they had a performance issue,” he says, “but once we turned on the DDOS detection, we showed them beyond a shadow of a doubt that they were being attacked.” A high-quality MSSP will not only detect, but also help rebuff such an attack or help minimize the impact on a client’s network.
Because tech teams are always evolving to meet new challenges, it’s vital to work with a provider that understands how to interface with your organization. For example, given the increasing security needs and lack of available security talent, more and more companies are bringing their network and security teams together. Indeed, 91% of CIOs are increasing the integration of their network and security teams, according to a 2021 study by IDG and Comcast Business. That evolution affects what tech leaders need from their MSSP and how they seek it.
“It used to be, ‘Here are the network people, here are the IT people, and here are the security people,’ and you almost had to have three separate conversations,” says Capurro. “Today, it’s one conversation about how we will deliver the business end goal. We’ve adapted to interface with our customers how they want us to.”
Flexibility to fit your business
Lastly, the right MSSP for your company will be one that can adjust to fit your business, whether that means augmenting or simply changing the mix of services required. “As a managed security services provider, we can come in and help identify the right mix of services to address your specific security needs,” says Capurro. “We then work with businesses to design, implement and manage secure network solutions. And as a company grows, we can adjust to the changing business needs.”
Contact us today and consult with one of our Managed Security experts.
Call us now to arrange a consultation (855) 238-1463.
Or arrange for a consultation through our request form.