Make sure to mind the cyber skills gap

Industries are in a strange position where cyber skills have never been more crucial, yet the number of qualified workers is so low we’re almost in a crisis.

As data becomes more important to future success, we’re still short on the people needed to fill those roles. The European Commission believes there could be as many as 756,000 unfilled jobs in the European ICT sector by 2020, which highlights how much the problem will not be solved any time soon.

As the demand increases, in-house teams are under greater pressure than ever before to keep the lights on, let alone evolve.

It’s one of the reasons why managed service providers such as Sophos are turned to more and more, according to Brian Murray, senior enterprise account executive for Sophos, Britain and Ireland.

“Every IT team that you’ll ever speak to, the first thing they will tell you is they don’t have enough time to do the job,” he said. “The job is three to four times busier than it was five years ago. This is just what they’re up against.”

The complexity of modern organisations and IT infrastructure only adds to the problems. The skills gap is something that all companies now face, not just those with an IT focus, and hiring and holding onto people with the right skills is a difficult endeavour.

In Murray’s experience, the recruitment process can take so long that when they do hire someone, they inevitably leave in a year for less stressful work, restarting the entire process. Using a managed ICT service can help de-risk the process and give a clearer roadmap as to how it’s going to function.

The important part in all of this, said Murray, is the security element. As a constantly evolving sector, security will only grow in importance as newer and more deadly threats accompany older and broader issues.

The big draw in bringing a managed security service into the fold is the level of expertise you can avail of, giving many businesses an overview they wouldn’t be capable of by themselves.

“Outsourcing your security means you have a wealth of experience that you may not be able to attract or retain,” he said. “Whether it be that your organisation isn’t located in one of the major cities where it’s more difficult to acquire skills, you don’t have the budget to hire, or the board simply don’t think that it’s necessary to have these people as direct employees.”

“The other thing to note with a managed service provider is that if you’re using their technologies, they have a deeper experience of using that programme than your organisation ever will.

“So, you’re exposing yourself to a greater wealth of talent, which means then you should be more secure.”

When you have that expertise available to you, the end point should be a simplistic and easy-to-understand system that anyone can use.

In Sophos’s case, its toolset is built as a one-stop shop where all security can be managed from the one panel. Murray stresses its importance as being able to see your whole environment through one glance, giving the end user both autonomy and peace of mind.

“There’s a great deal that we can do, whether it is more complex rollouts, or managing the day-to-day,” he said.

“Our clients also find it to be a huge benefit to have that traditional managed service provider in the middle who is providing that expertise day in and day out.”

“It’s having a straightforward understanding of what that information means. It’s about being transparent with no vague reasons about [why something is happening]. If you’re using the Sophos central console, everything is in clear English, has great visuals and it lets you understand the health of your network.”

Through it, you can see all the endpoints you have, your firewalls and any malicious behaviours that may have happened. A key function is how you can trace those threat cases from where it entered your network to execution, allowing you to take action to prevent future cases.

That, alongside the speed in which Sophos can react to these issues, is part of its synchronised security offering, which allows all the different parts of your business, such as your endpoints, network and email, to share information in real-time and respond automatically to incidents.

“It’s almost like having another team member there watching your network and doing the analysis, which is critical because the reality is that most organisations don’t have the bandwidth to employ another person to simply monitor,” said Murray. “It’s understanding that the perimeter is no longer the perimeter. Five years ago, your firewall was protecting your network, but today, the perimeter is in people’s pockets, it’s in their homes, within your organisation. That is the problem.

“Now we’re protecting the endpoints, where the endpoints are speaking to the firewalls [and vice versa], making sure that it’s in good health at all times. If at any one time, either of those things break down and communication is isolated, it means that the infection is not going to get into the network.”

All of these efforts are part of Sophos’s drive to continuously evolve and improve. The basic defences that businesses rely on now won’t be fit for purpose in a few years’ time, so always thinking ahead is crucial, and that’s why its R&D department is so important.

Sometimes, this can mean going off the beaten track a little by trying out new and different things, but the end results are usually a stronger and more robust defence system for businesses to rely on.

“We’re very much an organisation that believes in evolution,” said Murray. “That is why I say: if you don’t evolve, you will fail. It’s like any other creature in the wild that needs to evolve to survive.”

“If you remember the high jump before the Fosbury Flop happened, it was just a group of men who ran straight at the bar and tried to jump over it. The method was very limited. And then a guy turned around and ran backwards at it.

“At the time, everyone thought Fosbury was insane, but he evolved and completely changed the game, and that’s what we’re doing. That’s why we put in so much money into R&D globally, to make sure that we’re evolving quicker than the competition.”