This month (May 2022), the UK Government’s Department for Digital, Culture, Media & Sport (DCMS) released its 2022 report on the Cybersecurity skills in the labour market. It made grim reading. Although we already knew there was a severe skills gap internationally and that it would long continue given the insufficient work at school level to get people engaged with the topic, what this report highlights, worryingly, is it is worse than we thought.
According to the report, approximately 697,000 businesses (51%) have a basic skills gap. That is, the people in charge of cybersecurity in those businesses lack the confidence to conduct basic tasks such as setting up configured firewalls, storing or transferring personal data, and detecting and removing malware. Not only that, but they are not getting support from external cyber security providers either.
The purpose of this article is not to cause worry; but rather hope, thanks to new technology, government-backed tools and training. Let us explain why, despite a cybersecurity skills gap, you’re going to be ok.
In order to keep your business protected, the list of tasks and procedures to undertake must seem endless. This is definitely the case for vulnerability management. With the number of disclosed vulnerabilities increasing 20% year on year, security teams are overwhelmed just trying to sort through them, let alone remediate them.
Manual triage for a business with just 250 assets can take seven hours to complete with every new vulnerability scan. Given that the average business can have ten times that, and scans can take place daily, teams get bogged down with the admin and make little impact on reducing their risk.
But hiring more staff to complete the manual triage work more quickly is not the answer. Instead, you can automate the process in a way that still means you are in control of how vulnerabilities are prioritised.
RankedRight gives teams the ability to set rules for how their risk should be ordered and assigned, giving them a single enlightened view of their vulnerabilities, with all of the information they need to instantly see, manage and take action on the risks most critical to their business.
In an instant, all the admin is gone and the remediation teams can do what they do best.
With that comes another labour saving. Because RankedRight organises your data in order of criticality to your business; not according to CVSS ratings, you can be sure that you have optimised your remediation efforts and even with a modest team, they are reducing risk with every action they take.
With years of experience come greater knowledge of how different vulnerabilities can wreak havoc on your systems and where you must look to find patches, insight and support. But if your team lacks that experience, what do you do? Thankfully, while the skills gap has been growing, so has the pool of companies providing rich vulnerability intelligence, continuous scanning support and more to plug the gap.
This means that, provided you make use of this support, you can equip your team – however junior they may be – with all the insight they need to keep your business safe. For example, state of the art scanners can continuously monitor your entire attack surface – even in some cases user authenticated areas – to ensure that if any weaknesses arise on your systems, you’ll be alerted and can take action before a cybercriminal does.
In terms of taking action, again with a platform such as RankedRight in your armoury, you’ll be able to organise all of these vulnerabilities, enrich them with vulnerability intelligence that comes as a standard feature of the platform, and instantly gain an understanding of how many exploits there are for that vulnerability, where to locate a patch, and who in your team will be dealing with it.
In fact, aside from making the remediation process easier, RankedRight is so simple to use that, once rules are in place, less experienced staff can use it to monitor tasks, check audit trails and understand progress too.
As the DCMS report’s findings show, the skills shortage is going to be around for a long time and to ensure it doesn’t affect you, it’s wise to fill future skills gaps ahead of time if you can.
By gathering an understanding of where the bulk of your vulnerabilities lie within your business via the RankedRight platform, you can identify the skills you require to reinforce these areas and hire experts – perhaps on a temporary basis – to address them.
You can also make use of Government-backed tools and advice from the NCSC to ensure your business is in the strongest position possible. Its Exercise in a Box tool in particular can help you find out how resilient you are to cyber attacks and practise your response in a safe environment.
If your team lacks the knowledge and resource needed, the work can be delegated to a Managed Security Services Provider (MSSP) who will do everything required to try and keep your business protected. Many of these businesses already use state of the art tools such as RankedRight and will be able to work with you on a package that meets your needs.
If you’re an MSSP reading this and don’t yet have RankedRight in place for your clients, book a demo with us today and learn how you could make your delivery to each of your clients far more efficient and effective.