Cybersecurity incidents currently represent one of the biggest threats to organizations. Yet in today’s enterprise security landscape, security leaders have the impossible job of providing security to an organization with increasingly limited resources – including a skills shortage that seems to be on the rise.
Cybersecurity Ventures predicts that there will be an astounding 3.5 million unfilled cybersecurity jobs by 2021. Simply put, cybersecurity job forecasts haven’t been able to keep up with the rise in cybercrime and security leaders are struggling to find the right talent to fill open roles.
This negative employment trend was reflected in a recent OpenText-sponsored survey with the SANS Institute. According to the research, 56.8% of respondents reported that the top barrier to effective incident response was a shortage of staffing and skills. Given the expected increase in cybersecurity jobs in the next few years, the skills gap is a significant challenge that must be addressed.
But what’s causing the skills gap?
Resource scarcity and long-term concerns for security leaders
There are two separate drivers to the resource concerns:
- Not enough people, meaning not enough human power in the enterprise security organization, often quantified by job vacancies and unfilled security roles. In North America, one possible explanation is that while becoming more common in recent years, accredited universities are only recently beginning to offer degrees in cybersecurity-related fields. Most programs are nascent and promising, but currently not producing enough candidates to fill the available positions in cybersecurity across the globe. The result leaves security leaders with open positions that often go unfilled for weeks, months or even years.
- Not enough skills, meaning that often less-than-perfect resumes are considered for unfilled security roles. This is likely due to a lack of fully-qualified candidates, which means security leaders are adjusting hiring practices to be more inclusive of less-qualified or junior security personnel. This means teams have a more “junior” and less-technical demographic than in years past, leaving a gap in expected contribution from team members that security leaders are expected to overcome.
Faced with these staffing challenges, endpoint detection and response (EDR) technology can and should be relied upon to contribute to the security workload.
The role of EDR technology in addressing the skills gap
The average Security Operations Center (SOC) receives 10,000 security alerts per day, 80% of which are false positives. Many larger enterprises and organizations are reporting numbers that are much higher, with 27% of IT teams dealing more than 1 million threats per day. Considering that on average, Incident Response teams are composed of 2-5 members, there simply isn’t enough time in the day or human power available for security teams to comfortably manage the workload without the assistance of EDR technology.
EDR is a subset of endpoint security and focuses on discovering digital compromise and taking responsive action to return the IT environment to a trusted state. It’s the last line of defense for an organization against digital theft and focuses on uncovering and remediating a benign compromise before it escalates into a more intrusive data breach.
With OpenText™ EnCase™ Endpoint Security, our leading EDR technology, both experienced and junior Incident Response (IR) teams alike are enabled to confidently and comprehensively respond to any threat – including legacy vulnerabilities, targeted external attacks, and insider threats. EnCase combines powerful software with a simple interface and workflows to meet the needs of all your security employees, whether they’re new to the team or an expert power-user.
With EnCase, you can:
- Avoid manual wipe and reimage with surgical, over-the-wire remediation;
- Prioritize alert response with embedded threat intelligence and event scoring; and,
- Fully assess advanced and targeted attacks with a full DFIR/Tier III feature-set
By prioritizing the most relevant and critical security information first and automating away manual and repetitive tasks, security leaders can begin to tip the scales back towards balance in the fight against modern adversaries.
Learn more about EnCase Endpoint Security and find out how to address the skills gap with EDR technology in our latest whitepaper, Fearless Response with OpenText EnCase. You can also read more about the SANS Institute research in my previous blog post – and stay tuned for my next blog post on the need for continuous endpoint visibility.
Join me at Enfuse to learn how to meet the changing needs of the enterprise security landscape.