Adopting a prevention-based approach to combat the cybersecurity skills shortage
The rise of digital technology has brought much growth to India’s businesses. According to the Wall Street Journal, India’s economy grew 7.6 percent in 2015, the fastest rate in at least four years. With hugely popularinitiatives such as Prime Minister Modi’s Digital India programme, the World Bank’s World Development Report now shows that India is scoring even higher than China in public sector digital adoption.
However, the rapidly growing adoption of digital also increases the bounty for malicious actors, who are keen to take their share of the pie through illicit means. This makes cybersecurity a very crucial business concern across markets in India and other countries in the region.
A recent cybercrime report by KPMG showed that 72 percent of companies in India faced some form of cyberattack in 2015. 94 percent of businesses surveyed recognized that cybercrime was a major threat to their operations. To keep up with advanced persistent threats too sophisticated for legacy security solutions, many organisations have increased IT budgets to invest in better cybersecurity systems and hire talented cybersecurity professionals.
However, a survey by consultancy firm Harvey Nash discovered that 71 percent of CIOs in Asia Pacific feel that they are unable to keep up with the pace of change and evolved cybersecurity needs due to a dire skills shortage in this space.
One of the key reasons for the skills shortage is the use of detection-based approaches within organisations’ security infrastructure. In this approach, the IT team receives alerts that highlight malicious attempts. These alerts require further management from the IT team, including rating the severity of the alert and determining the appropriate response required. This decision-making process is time-consuming and requires a high level of experience and talent to ensure correct next steps. Taking this approach creates a significantly different load distribution between what the security products can do and what is manually required of the security team, hence putting a heavy burden on the latter.
Having a skilled team of security analysts is therefore a prerequisite for detection-based security solutions to work efficiently. However, this approach to security presents a number of challenges.
Firstly, the required workforce to implement a water-tight detection-based approach is costly and hard to find – in fact, the Global Cybersecurity Status Report by the Information Systems Audit and Control Association (ISACA) notes that 92 percent of those who planned to hire cybersecurity professionals in 2015 expected difficulties in finding skilled candidates.
Moreover, no security team in any organisation can expect to have the best professionals working all shifts, at all times. With a detection-based approach solution, systems are made vulnerable to human errors as less-skilled security analysts may fail to interpret an alert correctly. This can cause many undesirable business problems such as loss of reputation and potential revenue, as well as illegal access to sensitive documents.
Applying a prevention-based approach is one key strategy that both provides a better security ecosystem, and eases the shortage of skilled cyber personnel. This approach means having cybersecurity systems that have the ability to identify both known and unknown threats, and stop them in real time. Ultimately, cybersecurity systems should be able to differentiate between activity that is malicious and activity that is benign, and deliver a prevention notification to the security team.
With a prevention-based approach, a majority of the decision-making process is automated and integrated in the security platform. The subsequent outcome: security teams are only engaged after the malicious activity has been terminated. The required set of skills to manage this system is more common as compared with a security analyst required to work on a detection-based product or platform.
Efforts such as the partnership between Data Security Council of India (DSCI), Sector Skills Council National Association of Software and Services Companies (SSC NASSCOM) and ISACA are underway to boost cybersecurity skills development in India. However, as the economy in India becomes increasingly digital, the demand for skilled cybersecurity personnel will no doubt grow as well. Businesses should look towards implementing prevention-based security initiatives in order to provide a healthy cybersecurity system, and combat the skills shortage in the long run.
About Palo Alto Networks
Palo Alto Networks is the next-generation security company, leading a new era in cybersecurity by safely enabling applications and preventing cyber breaches for tens of thousands of organisations worldwide. Built with an innovative approach and highly differentiated cyberthreat prevention capabilities, our game-changing security platform delivers security far superior to legacy or point products, safely enables daily business operations, and protects an organisation’s most valuable assets.
Find out more at http://www.paloaltonetworks.com/.
Managing Director, India and SAARC Region
Palo Alto Networks
Bank of Abyssinia chooses Newgen for delivering superior Customer Experience
Newgen Software announced that Bank of Abyssinia, one of the fastest growing banks in Etho...
Quest Global together with NVIDIA to build Omniverse Digital Twin Solutions
Quest Global announced its development of new services and solutions, based on the NVIDIA...
ASIRT 107th TECHDAY conducted in Mumbai
The Association of System Integrators and Retailers in Technology (ASIRT) conducted its ma...
OITF 2023 lays stress on how the Digital Workplace trends are getting redefined
Technology is an enabler. It provides the means to create and make a difference, which ult...
Hikvision showcases Problem-Solving Retail Security Solutions in National Retail Federation Show
Hikvision is excited to attend the National Retail Federation’s NRF 2023 Retail Show...