The three biggest challenges faced by IT professionals relate to threats, hiring and budget.
According to a survey of 1500 IT professionals by LogRhythm, the top challenges were divided as follows:
- Inability to detect the full range of threats – 34%
- Difficulty in finding skilled cyber professionals for their teams – 34%
- Limited budget to invest in cyber defense – 33%
As well as that, only 15% of UK enterprises claim that they are "confident in their ability to defend themselves in increasingly sophisticated threat landscape." LogRhythm VP and managing director for EMEA Ross Brewer told Infosecurity that this is "indicative of where the market is at" and that there is a common "false sense of security" around defense, and belief on what is going to protect them.
In terms of the three challenges, Brewer said that there is a need for UK government to find a way to resolve the shortage of people ready for work in cybersecurity, and to resolve the hiring mis-alignment.
The survey also found that 32% were "confident they can meet every GDPR requirement." Brewer said that there were "too many companies looking into a black hole" in terms of what to do to meet compliance. "If you look at vulnerabilities and where companies are failing, it is technology," he said. "I was really pleased that GDPR got the board’s attention and it has got good things in it, but it comes at a cost to business. It stopped short of solving the problem."
Commenting, Colin Lobland, CEO of Cyber Security Challenge, told Infosecurity that he was surprised the number is as low as 34%. "With the global skills shortage so high, from conversations I have around the market, I suspect many more than this are struggling to find the volume of skilled staff they need, at least at the price points they can afford with salaries increasing exceptionally fast," he said. "Sad fact is not enough is being done at the grass roots level to encourage the volumes needed towards cybersecurity careers early.”
Referring to the statistic on worrying about time and staff to mitigate today’s threats manually, Lobland said this brings into focus the debate around AI and Machine Learning, and its application in cybersecurity.
He said: “Certainly we have already seen a huge growth in big data automation around threat detection, but once detected threat mitigation does remain more manual. The lack of a large enough skilled workforce in cyber will always make that difficult.
“So on the one hand the obvious solution is to encourage more people into the profession, as we do here at Cyber Security Challenge UK. That said, I think AI has a huge part to play in shaping the industry going forward and as that technology advances we will definitely see roles and skill requirements change.
“Understanding what those future roles will be and shaping the workforce of tomorrow to those future requirements, not today’s, is what we strive for. Ideally we would reach a point where AI can do enough that we have sufficient human capacity for all companies so they are able to implement and staff strong cyber resilience strategies but that is a long-term, perhaps utopian view!”