Skills shortage biggest hurdle as organisations tackle cyber security
A shortage of skilled personnel is the biggest hurdle faced by companies trying to implement cyber security strategies and tools, according to new research.
The demand for cyber security tools and resources has doubled since 2014, with almost three in five companies expressing a wish to implement better cyber security tools but describing a lack of qualified professionals to assist the process.
This lack of skills and dedicated personnel to implement tools is the biggest cyber security obstacle facing organisations, a new report conducted by the SANS Institute says.
The 2015 Analytics and Intelligence Survey found that firms struggled to discover and act upon cyber security incidents and breaches due to these staffing issues.
35 per cent of organisations said that a lack of centralised reporting and remediation controls prohibited them from identifying cyber security incidents.
26 per cent also said that they could not identify or block unusual behaviour because of a lack of understanding regarding what constitutes ‘normal’ cyber security behaviour.
43 per cent of firms said they completely understood the need for cyber threat solutions, but demonstrated significant misunderstandings when it came to implementing and applying technology, procedures and behaviours.
Currently, just under ten per cent of organisations reported that the analytics and intelligence processes used to find breaches are automated, with 6 per cent voicing beliefs that that their analytics and intelligence environment is ‘highly automated’ and 3 per cent saying pattern recognition processes are entirely automated.
In this year’s survey 67 per cent of organisations felt they were able to discover attacks on their systems within a week, which is 17 per cent higher than in 2014 when only half of all organisations felt capable of doing so.
83 per cent of organisations believe that their ability to spot cyber incidents has improved, along with the efficiency of their intelligence programs.
The survey also discovered that nearly half of all firms are working to increase attack visibility using data from external threat providers, with a further 31 per cent planning on doing so in the near future.
“Security professionals are under constant pressure to identify and mitigate breaches as soon as they occur, making threat intelligence and analytics-driven solutions critical in any security team’s arsenal,” CEO of survey sponsor DomainTools Tim Chen told Information Security.
“According to these SANS survey findings, under-investment in skilled security personnel remains a significant barrier for implementing more powerful solutions.”
The full 2015 Analytics and Intelligence Survey is available from the SANS Institute website.