Cybersecurity Skill-Gap Is An Invisible Risk That Can Be Tackled By 'Expertise On Demand'

Shrikant Shitole, Senior Director & Country Head - India, FireEyeShrikanth, in his career spanning close to three decades, has held key positions across an array of multinational companies that include Tata Telecom, Siemens, Cisco Systems, Sify Technologies, and Symantec, to name a few.

In the ongoing battle to secure organizations from Advanced Threat actors who commit crimes through methods such as theft, destruction or data manipulation, frontline defenders are a scarce resource. In fact, 50 percent of organisations globally see a critical shortage in cybersecurity skills. Like many other countries, India too has a shortage of the cyber security talent required to fend off these threats.

Cyber threat actors are so often successful in India notjust because they are determined and increasingly sophisticated, but also because the talent shortage makes it an unfair fight. This is one of the biggest challenges every CISO confronts today. Despite organizations trying to use artificial intelligence and machine learning to automate most tasks, sometimes, they also look forward to speak to the analyst or the human expert to actually review, infer and come up with a right context/perspective on the information. No security model is entirely successfully without the right human minds and experts who are trained to effectively utilise the available cyber threat solutions to their true potential.

But, the industry faces a dearth of such skilled security experts, while the demand for skilled personnel continues to rise. Many security professionals lack the necessary skills to adequately address threat hunting, advanced threat defence, forensics, incidence response or other related needs. This leaves organizations exposed and vulnerable, while they front the costs to hire and train their security staff.

Speaking of costs, most Indian organisations struggle to allocate sufficient budget to invest in a sound and diverse cyber protection team and service. It can be hard to justify the budgetary need behind hiring of that one extra person, meaning teams are likely to always feel under resourced. This insufficient staffing increases workload on the existing staff, thus causing burn out and attrition.

There is no easy solution to this challenge. While the shortage of skilled cybersecurity professionals is unlikely to change any time soon, organizations can still stay ahead of their
attackers by proactively and directly addressing the issue. This can include investing in enhancing their existing capabilities and outsourcing specialized roles.

Outsourcing specialized roles can help organizations access responsive, scalable and highlyskilled security experts who can strengthen operational capabilities of existing security teams during their times of need

Enhancement efforts can include process refinement to ensure that internal procedures to make them as efficient as possible
•Adequately leveraging and training the existing personnel to enhance their capabilities and acquire new skills
•Conducting table top exercises to evaluate the organization’s cyber crisis processes, tools and proficiency in responding to cyber attacks
•Automating the time consuming and repetitive processes
•Conducting regular mock cyber threats to better equip the employees to anticipate threats.

Outsourcing specialized roles can help organizations access responsive, scalable and highlyskilled security experts who can strengthen operational capabilities of existing security teams during their times of need. Organizations need to start thinking differently about building their own cybersecurity capabilities. Why should they hire an individual, when they can hire an entire team of experts with a diverse set of industry leading cybersecurity expertise? This solution is also termed as 'Expertise On Demand'. It can help the enterprises extend their core capabilities and boost capacity by providing flexible access to a full range of industry recognised expertise.

‘Expertise On Demand’ is about augmenting the infrastructure organizations already have and amplifying those capabilities of the existing team with external resources to achieve the best security posture. It is about giving companies a way to extend their team, increase situational awareness, and get access to the intelligence and experts that would otherwise be unavailable to them.

Listed below are the top four benefits companies can avail by outsourcing these specially trained and skilled experts.
•Expertise: These are usually teams of on-demand cybersecurity professionals who are some of the best in the industry.
•Flexibility: This team of outsourced skilled professionals will have the flexibility to scale both up and down as business conditions change, whether bridging shortterm gaps or filling in while clients transform operations. This helps to ensure organizations have access to the experts they need, when they need them.
•Consistency: Unlike inhouse cybersecurity professionals, this on-demand team of dedicated professionals will be there to backstop the team, provide insights to the latest threats, and train inhouse team members to the industry’s highest standards.
•Reduce Risk: According to the latest M-Trends 2019 report, the APAC median dwell time for an intruder who has breached a network is 204 days. The trouble is, an intruder only needs days in a system for the damage to be done. If a company’s security team is ill equipped to handle a breach or conduct a forensics search, this dwell time can be much longer, potentially leading to substantial data loss. Having an ondemand expert task force is a simple, quick and efficient way to empower the team to reduce risk and minimize potential breach damage.

It is very difficult to completely eradicate cyber threats, as attackers are also progressing with better and more advanced tools to hack into databases with the rapid growth of technology. They will always keep probing for weak points and vulnerabilities, but they can be prevented if the organizations simply reorient the way they view cybersecurity and start investing in effective cybersecurity technology, services, and expertise to actively fight with the right weapons.