Making up for the cybersecurity skills shortage

The skills shortage is keenly felt in the cybersecurity industry, which is why a trusted managed security service provider is a key part of any plan

Damien Mallon, senior systems engineer, Datapac: ‘Some of the most high-profile attacks in recent years have occurred during non-business hours’

“The constantly evolving threat landscape requires specialised expertise that generalists may not possess,” explained Damien Mallon, senior systems engineer of Datapac.

“It’s a regrettable reality that cybercriminals are increasingly targeting smaller organisations that may lack the resources and robust security measures of their larger enterprise-level counterparts.”

Mallon said that ensuring the basics are a good first step for businesses to take when defending themselves alongside all employees observing good cybersecurity hygiene. That said, there’s only so much businesses and employees can do independently.

Businesses of all sizes can take this to the next level by outsourcing their security needs to a trusted managed security service provider (MSSP).

The main benefits are access to advanced security technologies and expertise that would be unobtainable, as well as providing round-the-clock monitoring, threat detection, and remediation.

Datapac has over four decades of experience in the industry with teams of experts across areas like cybersecurity, ERPs, networking, unified communications, and more, offering customers an experience greater than the sum of its parts.

Having that level of expertise is essential to business life as attacks do not follow office hours, instead looking to strike when everyone is away. This makes 24/7 monitoring all the more critical.

“Cybercriminals are always on the lookout for vulnerabilities, and their attacks often occur outside of regular business hours, leaving organisations vulnerable when they’re not actively monitoring their systems,” he explained.

“Some of the most high-profile attacks in recent years have occurred during non-business hours.”

“There’s no doubt that this is a deliberate strategy on the part of bad actors who, through extensive reconnaissance of potential victims, can accurately predict when an organisation’s defences are likely to be at their weakest, such as in the middle of the night, during holidays or weekends.”

With the current talent shortage in IT, many in-house IT staff are stretched thin and required to juggle multiple responsibilities. These people may be unable to devote time to managing security products on top of their regular work.

That’s before you factor in how some are time-intensive, challenging to use and generate an overwhelming number of alerts and notifications, making it difficult to spot the threats that require immediate attention.

It’s why partnering with an experienced MSSP can help businesses navigate this complex landscape.

“Partnering with a trusted MSSP provides instant access to an extended pool of knowledge and expertise with a team of expert cybersecurity professionals who can monitor systems around the clock, identify potential threats, and respond promptly and effectively.

“Additionally, these providers can help businesses stay up to date on the latest cybersecurity trends and techniques, ensuring that they’re prepared to defend against emerging threats.”

Mallon says one of the most common mistakes organisations make with cybersecurity is viewing it as a ground-up issue rather than a top-down business challenge. This results in businesses adopting a patchwork approach to security, treating each solution as a standalone fix and expecting them to solve their security issues.

Truly addressing cybersecurity threats requires organisations to adopt a business-led, top-down approach, which begins with a comprehensive assessment of all organisational assets and data.

“Understanding data flow, storage, and access controls are critical to identifying vulnerabilities and developing an effective cybersecurity strategy,” he said. “Only after a deep understanding of the organisation’s data ecosystem is obtained can effective security measures be implemented.”

While it can feel like attacks are a massive tidal wave hitting organisations, there is hope. There’s been no shortage of hype around Artificial Intelligence (AI) and Machine Learning (ML) in the tech world, but in cybersecurity it’s transformed the field.

Mallon says its impact cannot be underestimated, as before AI and ML, defenders were often at a disadvantage due to the ever-increasing complexity of evolving threats.

Back then, solutions could not keep up with the pace, let alone stay ahead of the curve. Still, AI and ML have helped create what he describes as “a powerful new breed of security solutions capable of growing and adapting to new threats over time”.

While optimistic, there is a caveat to this, as Mallon highlights.

“It’s important to note that these same technologies are being utilised by threat actors as well, leading to the development of a cyber arms race between attackers and defenders,” he said. “As such, it’s critical for organisations to stay ahead of the curve by partnering with trusted partners and regularly reviewing their defensive position.”

With an ever-growing suite of tools and services for organisations, Mallon states how important it is to understand how optimal security is on a sliding scale depending on requirements.

Unfortunately, there’s no one-size-fits-all approach that will leave organisations protected. Instead, security strategies will be shaped by factors such as the value of assets protected, the nature of operations within an organisation and the level of risk it’s willing to tolerate.

Once an organisation understands exactly what needs to be protected and the risks they face, it can implement the appropriate security measures.

“Ultimately, the key to effective cybersecurity is to strike a balance between security and productivity. It’s important to provide adequate protection for valuable assets without impeding the organisation’s ability to carry out its mission.”