While the UK’s cyber security skills gap is no secret, it seems there has been little progress made in solving it. The 2023 government report on cyber security skills in the UK labour market found that half of all businesses have a basic cyber security skills gap, and 33% have an advanced skills gap – which are similar figures to 2022 and 2021. Meanwhile, the number of cyber security job postings has risen by 30% to 160,035, over a third of which were reported as ‘hard-to-fill’.
The trouble is this is more than just numbers and statistics. Every skills gap or unfilled position poses significant risks and fosters vulnerabilities in businesses that could potentially be exploited by cyber criminals. For individual businesses, this can lead to financial and reputational damage. For the UK economy, and the organisations that form our critical national infrastructure and services, the potential consequences are far worse.
We urgently need to find a way to support security teams and start filling these gaps. Not only through initiatives to increase the talent pool, but also by augmenting the capabilities of our existing teams.
How emerging technology can help
First, it is important to recognise that even the most advanced technology isn’t a replacement for skilled professionals. Nor will it ever be. What it can be used for, however, is to alleviate some of the burden from security teams by taking over the more mundane tasks.
By introducing the right security solutions – particularly those with integrated AI or machine learning (ML) capabilities – organisations can help their security teams to do more with less and plug some of the gaps created by the skills shortage.
This approach will also help retain staff by improving job satisfaction. Security staff will be able to apply their advance skillsets to more value-adding activities, such as hunting down potential threats and removing them, rather than doing tasks for which they are they over-qualified.
Additionally, there are tasks for which automation is better suited. For example, using advanced technology to take control signals from across the entire IT infrastructure, assimilate them into useful information, and then use them to help security staff pin-point potential issues is far more efficient than using people alone. It also prevents security analysts picking up dangerous habits, such as learning to “ignore” specific types of alerts, which is often the case when they are being fired 100s of alerts every minute as it is more than they are able to cope with.
Integration and automation
The biggest efficiency gain will come from integrating systems and automating workflows. The same thing applies to more general IT as well, but in the context of cyber security the starting point will be Security Incident and Event Management (SIEM). It’s a core tool used to aggregate security data, however, if used in isolation, it can be complex to deploy and manage.
Next-gen SIEM solutions have been introduced to simplify their usage, by providing greater analytics with the use of AI and ML, enhanced behavioural analytics, greater integration and functionality across cloud, on-premises, and hybrid infrastructure.
Still, even next-gen SIEM solutions can be time consuming, which is where Extended Detection & Response (XDR) comes in. XDR integrates security solutions primarily focussed on endpoints, servers, cloud applications, and email. Once set up and running, it will automate much of the work of your security team, reduce the number of false alerts, and provide a unified view of the tools and threats.
Managed Detection and Response (MDR) goes a step further and provides all the above as a service. It is a particularly effective way of supporting existing staff, combining advanced technology and human expertise to quickly identify threats and mitigate the damage they can cause. It also provides 24/7 threat monitoring, which would otherwise require a team of experts working around the clock.
For smaller businesses, or those without the internal resources, MDR is a cost-effective solution that provides access to both skilled expertise and best-of-breed technology.
Vulnerability scanning and BAS
Automated vulnerability scanning is another solution that can tackle time-consuming manual processes. These tools continuously look for new and existing vulnerabilities, allowing staff to focus on more pressing issues, such as dangling DNS entries, expired certificates, or lookalike domains.
Breach and Attack Simulation (BAS) can provide further team support by simulating complex cyber attacks on demand and identifying gaps in the security environment. It provides reports prioritised by risk level, helping staff by pre-determining where their attention should be focused and giving them the intel needed to remedy any weaknesses before they are exploited.
An augmented cyber workforce
Automation isn’t an alternative to trained cyber professionals. When used correctly, however, it enables those professionals to make better use of their core skills and enhances the services being delivered to customers. Introducing advanced security solutions can not only support staff in conducting day-to-day tasks, but also provides more job satisfaction and faster skill improvement, alongside better insights into potential risks.
It will of course take time to set up these new systems, but once completed, security operations will be far more efficient and workloads will be significantly reduced.
Looking forward, AI and ML are also playing a larger role in the training and upskilling of staff. Analysis of staff performance can be conducted in near real time, with targeted training then provided ad hoc. This improves the effectiveness of the training being delivered and can further lessen the burden of work on security teams by removing the effort needed to rectify mistakes.
As the threat landscape continues to evolve, it is clear we need to take a multi-faceted approach to combatting it. We no doubt need to encourage more people into cyber careers and encourage staff to learn new skills, but we can further support security professionals by introducing the right solutions to aid their work.
By Rob Pocock, Technology Director, Red Helix
