In an exclusive article with SJUK, Rob Pocock, Technology Director at Red Helix discusses emerging technology which can help bridge the cyber skills gap.
It is no secret that there’s a cyber skills gap in the UK.
According to the 2023 government report on cyber security skills in the UK labour market, half of all businesses in the UK have a basic cybersecurity skills gap, and an additional 33% have an advanced skills gap.
Despite a significant increase in number of cyber security job postings which have risen by 30% to 160,035, little progress has been made to combat this issue with over a third of these reported as ‘hard-to-fill’.
The problem, however, goes beyond just numbers and statistics.
Businesses are posed with significant risks and vulnerabilities because of the unfilled positions which in turn, can have significant consequences such as financial and reputational damage.
It’s important to note that the potential ramifications for the UK economy, and those organisations that form our critical national infrastructure and services, can be far worse.
There is an urgent need to find a solution to begin filling the skills gap – this can be achieved through initiatives to increase the talent pool and also through the support and training of existing teams.
First, it is important to recognise that even the most advanced technology isn’t a replacement for skilled professionals.
Nor will it ever be.
What it can be used for, however, is to alleviate some of the burden from security teams by taking over the more mundane tasks.
By introducing the right security solutions – particularly those with integrated artificial intelligence (AI) or machine learning (ML) capabilities – organisations can help their security teams do more with less and plug some of the gaps created by the skills shortage.
This approach will not only help retain staff but also improve job satisfaction.
As a result, security staff will be able to apply their advance skillsets to more value-adding activities, such as hunting down potential threats and removing them.
Additionally, there are tasks for which automation is better suited.
For example, using advanced technology to take control signals from across the entire IT infrastructure, assimilate them into useful information and then use them to help security staff pinpoint potential issues is far more efficient than using people alone.
It also prevents security analysts from picking up dangerous habits, such as learning to “ignore” specific types of alerts, which is often the case when they are being fired 100s of alerts every minute as it is more than they can cope with.
The biggest efficiency gain will come from integrating systems and automating workflows.
The same thing applies to more general IT as well, but in the context of cybersecurity, the starting point will be Security Incident and Event Management (SIEM).
It’s a core tool used to aggregate security data, however, if used in isolation, it can be complex to deploy and manage.
Next-gen SIEM solutions have been introduced to simplify their usage by providing greater analytics with the use of AI and ML, enhanced behavioural analytics, greater integration and functionality across cloud, on-premises, and hybrid infrastructure.
Still, even next-gen SIEM solutions can be time-consuming, which is where Extended Detection & Response (XDR) comes in.
XDR integrates security solutions primarily focussed on endpoints, servers, cloud applications and email.
Once set up and running, it will automate much of the work of your security team, reduce the number of false alerts, and provide a unified view of the tools and threats.
Managed Detection and Response (MDR) goes a step further and provides all the above as a service.
It is a particularly effective way of supporting existing staff, combining advanced technology and human expertise to quickly identify threats and mitigate the damage they can cause.
It also provides 24/7 threat monitoring, which would otherwise require a team of experts working around the clock.
For smaller businesses or those without internal resources, MDR is a cost-effective solution that provides access to both skilled expertise and best-of-breed technology.
Automated vulnerability scanning is another solution that can tackle time-consuming manual processes.
These tools continuously look for new and existing vulnerabilities, allowing staff to focus on more pressing issues, such as dangling DNS entries, expired certificates, or lookalike domains.
Breach and Attack Simulation (BAS) can provide further team support by simulating complex cyber attacks on demand and identifying gaps in the security environment.
It provides reports prioritised by risk level, helping staff by pre-determining where their attention should be focused and giving them the intel needed to remedy any weaknesses before they are exploited.
Automation isn’t an alternative to trained cyber professionals.
When used correctly, however, it enables those professionals to make better use of their core skills and enhances the services being delivered to customers.
Introducing advanced security solutions can not only support staff in conducting day-to-day tasks but also provides more job satisfaction and faster skill improvement, alongside better insights into potential risks.
It will of course take time to set up these new systems, but once completed, security operations will be far more efficient and workloads will be significantly reduced.
AI and ML will undoubtedly play a significant role in the training and upskilling of staff, as they allow for staff performance analysis to be conducted in near real-time, with targeted training then provided ad hoc.
Not only will this improve the effectiveness of the training, but it can also lessen the burden of work on security teams, as it helps to remove the effort needed to rectify mistakes.
To conclude, the threat landscape is constantly evolving and there is no doubt that we need to take a multi-faceted approach to combat these threats.
We must encourage more people into cyber careers, as well as continue to encourage staff to learn new skills and continuously develop.
By making use of emerging technologies and introducing the right solutions into the workplace, we can further support security professionals by aiding their work.
