Cybersecurity

How to Overcome the Cybersecurity Talent Shortage and Keep Your Business Safe


 

BIZTECH: What’s the current state of security for businesses?

In the business world, especially with the slew of new regulations related to security and privacy, businesses are now saying, “Oh, wow, we have another area where we have a lot of new compliance requirements.”

It’s evolving to a point where boards and C-suites are understanding that to successfully manage risk, they need to think about information security risk as much as they think about financial risk. I don’t think we’re all the way there yet, but that’s the path we’re on, where organizations understand that data security is not just a compliance risk but is also at the forefront of achieving their strategic objectives.

Something boards have historically thought of as a back-room function, as simply a business expense, is now a strategic imperative. Business leaders need to build their cyber literacy so they understand the risks their businesses face, and security professionals need to articulate the business risk in business terms and not just technical terms.

BIZTECH: What are those organizations dealing with right now that is especially vexing?

We’ve been talking for years about the cybersecurity workforce shortage, and that remains front and center in businesses globally. The smaller the business, the more acutely it’s felt. At the same time, we’ve noticed a distinction between the workforce gap and the skills gap, and we now have 92 percent of organizations saying, “Hey, we actually have a skills gap here.”

So, you have understaffed security teams not getting the attention they need from the C-suite. They don’t have the skills they need to keep up with the technology and threat landscape that they face. And while they’re currently identifying cloud as their biggest area of gap, they fully expect that within two years, AI will be at the top of the list in terms of the skills gaps within their organizations.

READ MORE: Why a cultural shift is critical to a successful zero trust integration.

BIZTECH: What are organizations not doing that they should be?

With technology implementations within organizations, leaders usually wait for security to come in at the end and tell them what they think. And they often ignore the advice of the security folks and go live anyway. They will charge ahead with tech that is not secure. If security just has a seat at the table in the initial conversations around technology transformation, that would improve organizations’ risk postures.

In our organization, the CISO reports to me. And if we are developing strategy, the CISO is in the room, and not just to tell us what all of our security problems are but as someone to think holistically about the business.



Source

Related Articles

Back to top button