Even before the “great resignation”, companies struggled to find and keep cybersecurity talent. Those wanting and needing to strengthen their security continue to find they cannot attain or afford the talent they seek.
Security teams now face an unprecedented volume of threats and vulnerabilities, dividing their focus between investigations, vulnerability analysis, and other responsibilities like compliance maintenance. Defense-in-depth requires a combination of security technologies and resources that can span across the organization. However, it also requires investigation and response with 24×7 coverage, as attack attempts aren’t isolated to hours of operation.
Here are some strategies and solutions for addressing the persistent cybersecurity talent shortage.
Don’t Burn Out Your Current Cybersecurity Talent
If you’re lucky to have security resources within your organization, help them avoid burnout so they’ll be more likely to stick around long term. These regarded individuals have at least a four-year degree in computer science or related field experience and have multiple certifications of their technical cybersecurity expertise. They are in high demand with escalating salaries and should be seen as strategic employees that guide and support the organization to keep the business protected. But they cannot do it all on their own without help from IT and support from executive management.
Smaller healthcare organizations, business associates, or digital health companies not fortunate enough to hire this specialized cybersecurity talent usually lean on IT to fulfill these responsibilities. They, too, are subject to burnout, especially when expectations are not aligned with the reality of what it takes to protect a company’s assets and data.
The primary concern is that security operations need to be an around-the-clock function. The best way to stay ahead of attacks and mitigate costly damage is to catch malicious activity early and block attack tactics. This is best done when there is a human-attended 24×7 effort continuously monitoring and threat hunting. Many organizations simply cannot staff this kind of coverage. While you can shortcut operations with pager alerts 24×7, this just paves the way to quicker burnout of your existing staff and higher exposure potential. It’s one thing to respond to critical incidents, but there is a physical and mental cost to continually responding to false positive security alerts.
Alert fatigue is real.
Security and IT can receive thousands of alerts every day. 45% are false positives, making in-house analysts’ jobs less efficient and slowing workflows.*
The security technology stack of an organization can be another contributing factor to cyber talent burnout. Obtaining enterprise-grade solutions on a mid-sized organization’s security budget is not achievable. IT and security often do not have the luxury of enhanced threat detection, security orchestration, and automation to augment staffing issues. Cyber first responders and fighters will be discouraged over time with poorly performing solutions and manual processes. Job satisfaction is about more than what you earn; feeling like what you do matters directly to the day-to-day business is a major contributor to overall job satisfaction. This includes having job autonomy where someone can direct and prioritize within their role how to be successful and contribute with meaning.
Smaller organizations can nurture and obtain cybersecurity talent, but they must reset their expectations. Elevate this role so mundane tasks and burnout scenarios are minimized. A managed security service provider can help. One that provides the ability to upgrade security technology, add threat detection and response, and 24×7 security operations is a new model to consider. The high-stress and often repetitive actions of continuous monitoring and investigating security alerts can be filtered by experts who have built-in enterprise-grade solutions for operations that include threat detection, intelligence, and automation to ensure every event is individually triaged. This does not diminish the value of the in-house cyber security talent, but rather, a good MSSP that is transparent with the details of security events elevates in-house security leaders to make procedural and security policy changes when needed, leading to improved security outcomes without data fatigue.
Partnering with a managed security service provider (MSSP) is a big decision. One that will not just pass security alerts but will collaborate and share specific details of security events, suspicious, and potential active attacks. An MSSP should be able to give continuous active insight via dashboards and communication updates, so there is always a business risk focus included in each first-response situation.
Get Help with Security Policies and Documentation
Security is responsible for a wide range of activities, some more engaging than others. Security policy and documentation are areas where organizations tend to fall short regarding compliance. It’s also an area where Security needs to provide ongoing support.
As HITRUST, PCI-DSS, and CMMC certifications evolve, specific and detailed organizational documentation is a key component. In addition, many business agreements also look at the supply chain and third-party risk. This elevates the need for best practices or industry-standard security practices and risk mitigation for healthcare suppliers and vendors. Documentation is the foundation for knowing an organization has the proper plans and procedures to safeguard data.
Completing and keeping up with this documentation, however, competes with other security and IT demands. While it is not necessarily hard to do, finding time is difficult. Security and IT staff normally deal with responding to issues and alerts, including deep analysis, hunting, and problem-solving. These traits do not necessarily align with the need to review and update documentation. Know your staff and help them be the most efficient and focused for your organization. This is a good case for leveraging a compliance and security solution partner that can allow you to offset and get assistance for these important tasks. A good provider will have done many of these engagements before and can be more efficient, elevating a key component of security and IT and making documentation easier to maintain going forward.
Gathering and ensuring the artifacts and proof needed for meeting compliance requirements is another aspect that security and IT must support. Service partners can also make this easier by aggregating the documentation and artifacts in one location, reviewing quality and completeness, and sending reminders for holistic program management. In the long run, you can dampen the chaos of assessments as your organization has an expert resource keeping it all on track.
Document debt is akin to technical debt
Changing the Definition of Security Management
Finding relief from the cyber talent shortage occurs when organizations are open to changing the model for security management. Cyber talent is a specialized skill with multiple certifications, and individuals must continuously learn to keep up with the latest threats and attack tactics. Yet, other types of talent complement and excel in bridging the deep technical aspect of security with understanding business criticality and the competitive advantage of operational efficiency.
Companies willing to look beyond technical cybersecurity skills and change their default model for security management can achieve more value and better outcomes. Nurture staff in IT or recruit those that have the following soft skills:
- Critical thinking and curiosity
- Problem-solving and analytical focus
- Communication and adaptability
Healthcare organizations, and the businesses that support the ecosystem, have an opportunity to address their cybersecurity talent shortages and re-think how they obtain cyber resiliency with security management services developed specifically for their needs. By-pass the cyber talent crisis and make a change. Finding the right security and compliance partner will give you many options to provide the focus you need today and strategically plan for tomorrow.
In the current threat landscape, the benefits can multiply:
Cost:
- Achieve better security outcomes at a lower cost than keeping it in-house.
- Immediately upgrade to enterprise-grade solutions and protection without the overhead or maintenance.
- Find or nurture staff instead of recruiting and get the benefits of deep cybersecurity and compliance talent from Managed Security Services.
Coverage:
- Find a provider to address your immediate needs, like documentation, compliance maintenance, or vCISO.
- Focus on that security function you know gets downgraded when competing with other priorities. Maybe it’s log management/SIEM or vulnerability management.
- Alleviate staff burnout and know you have coverage with human-attended and active security operations 24×7.
Control:
- Take away the chaos and challenges that lead to cyber talent churn and burnout. Elevate in-house roles to be more strategic while a managed service provider helps them uncover business risk issues and drive better operational outcomes.
- Ensure that your IT compliance requirements are easily met, controlling against surprises or unexpected costs to address security gaps. While there are plenty of choices, a specialized partner focused on healthcare security and compliance can provide this type of unique coverage, drawing from the experience of what it takes to integrate compliance assessment with end-to-end security management to provide this coverage.
- Consider taking back control if you continually react to alerts from your security stack, or your current managed security service provider. False positives are disruptive, and alert storms generate more stress and fatigue for your staff. Assess how you can control security priorities when focusing solely on responding to validated security incidents and coordinating response efforts with your service provider.
Acknowledging the challenge is the first step; Clearwater can help you investigate how to make a change. Our expanding capabilities in managed security services, consulting, assessment, and technology-driven risk analysis can help you to understand where to focus and how best to avoid the cyber talent crisis. In addition, our ClearAdvantage® solution now includes foundational managed threat detection and response and security management across endpoints and firewalls, with vulnerability and log management options.
*IDC InfoBrief “The Voice of the Analysts: Improving Security Operations Center Processes Through Adapted Technologies.”
