The massive gap in demand vs. supply is driving organisations in the country to deploy automated, integrated security architectures rather than product-driven security management
The worldwide cybersecurity skills shortage has reached epic proportions. According to the 2015 “Global Information Security Workforce Study” (GISWS) from the (ISC)² Foundation, the information security workforce will reach a 1.5 million-man shortfall by 2020. At the same time, changes in technology including virtualisation and IoT are making networks more complex to manage, and attackers have more tools, targets and funding than ever before.
The situation remains equally turbulent in India where, according to an ISACA’s survey, around 30 percent of the respondents expected their organisations to witness a cyberattack, while a majority (92 percent) of respondents believed that cyberattacks ranked among the top three threats organisations face today.
While the Indian government is leaving no stone unturned to propel the adoption of digital technologies in the country, a fear of security breach amid the digital business transformation remains a major barrier to the initiative.
The survey also highlighted that about 87 percent of the respondents agreed to the fact that India faces a major shortage of skilled cybersecurity professionals.
This should be a recipe for disaster. But changes in security technologies are helping organisations rise to the challenge, and businesses are willing to buy in. Gartner predicted 2016 would see worldwide information security spending reach $81.6 billion. Cybersecurity Ventures also projects that by 2021, $1 trillion will be spend globally on cybersecurity, according to their Q3 2016 Market Report.
Where is all this spending going? What types of tools are becoming vital to security management and effective enough to prove its worth in security budgets?
The most obvious response to a skills drought is to offload certain security functions to automated solutions. This reduces the resource burden of time-consuming yet necessary security tasks, and allows people-power to be used for strategic roles.
While automation is well-suited for data collection, normalisation and analysis, CISOs are often reluctant to automate high-skill, high-stakes functions like vulnerability remediation or firewall change provisioning. In these complex processes, if automation is left to run without proper checks and balances, it can potentially compound operational issues and compromise security. Intelligent automation exists under a larger framework that considers the context of the attack surface – all the ways in which IT networks and systems are vulnerable to attacks. Context brings an understanding of how complex, automated processes could impact access, compliance and vulnerabilities, among other security concerns. Intelligently automated tasks and workflows not only reduce initial resource burdens; they also produce downstream time-saving by avoiding rework due to human error or unforeseen security issues.