Gaps in Skills, Knowledge, and Technology Pave the Way for Breaches

The stakes continue growing higher for organizations when it comes to cybersecurity incidents, with the fallout of such incidents becoming more costly and complex. According to the Fortinet 2024 Cybersecurity Skills Gap Report, the overwhelming majority (87%) of those surveyed said they experienced one or more breaches in the last 12 months. Malware, phishing, and web attacks combined accounted for 80% of all attacks throughout the year.

The amount of resources needed to mitigate an incident is on the rise as well, with 63% saying it took longer than a month to recover from a cyberattack and 53% (up from 48% in 2023 indicating that breaches cost their organization over $1 million in lost revenue, fines, or other expenses.

While there is typically no single point of failure concerning a cybersecurity incident, it's worth examining common factors that contribute to breaches and how organizations can guard against these challenges.

These Are the Top Three Causes of Breaches

According to the report, leaders indicate that the top three causes of breaches are:

• IT or security staff lacks the necessary skills and training (58%)
• Lack of organizational or employee security awareness (56%)
• Lack of cybersecurity products (54%)

Of those entities that experienced a cyberattack, many leaders noted that they are making changes inside their organizations as a result. These actions include expanding their IT or security team (65%), mandating cybersecurity training for IT and security personnel (62%), introducing companywide security awareness training (61%), purchasing new security solutions (59%), and hiring security consultants (43%).

Find and Cultivate Cybersecurity Talent

The ongoing cybersecurity talent shortage continues to negatively impact security and IT teams that are already stretched thin. According to this year's report, 70% of respondents agree that the cybersecurity skills shortage creates additional risks for their organizations. More than half say they struggle to recruit and retain talent, citing challenges like lack of training and upskilling opportunities (50%), other organizations offering better salaries or benefits (41%), and other organizations offering remote or hybrid working (38%).

Leaders also say they have trouble finding candidates with specific experience in network engineering and security, with 51% saying the talent pool for these skill sets is lean. The most in-demand skill sets for two years in a row are cloud security, cyber threat intelligence, and malware analysis.

As these challenges persist, organizations must take new approaches to finding and cultivating security talent. Offering training opportunities for existing security professionals, recruiting talent from untapped communities, and partnering with higher education institutions and nonprofit organizations to educate and recruit new talent are all creative ways that organizations can shrink the skills gap and fill critical roles.

Organizations could potentially find it easier to identify and hire diverse employees if they change certain prerequisites. Seventy-one percent of respondents say they require four-year degrees instead of considering qualifications from nontraditional backgrounds, such as boot camps and professional certifications. If organizations changed their minimum requirements, this, combined with apprenticeships or train-to-hire programs, which 80% of respondents already offer, could help grow their talent pool.

Make Cybersecurity Everyone's Job

Many of the most frequently used attack types target individual users directly, underscoring the importance of general security awareness among all staff. When empowered with the necessary knowledge to spot and halt an attack, employees can become a strong first line of defense against cybercrime.

According to a Fortinet global research brief, 85% of organizations currently have a security awareness and training program. Of those that don't, nearly three-quarters indicate they are looking to implement one.

Security awareness and training initiatives can come in many forms. Still, all initiatives should cover basic cybersecurity knowledge-phishing, ransomware, social media use, mobile device use, social engineering, and more-and allow the organization to customize the content to meet industry-specific needs.

Deploy the Right Technology Solutions

It's no surprise that capable human resources need the right cybersecurity tools and skill sets to combat threats and stay ahead of today's attacks. Rounding out skills, knowledge, and certifications with advanced technologies is vital.

As more boards of directors (97%) consider cybersecurity, security and IT leaders likely have more opportunities to procure the resources they need to effectively protect the organization's assets. As they evaluate and adopt new technologies, many organizations are taking a platform approach to cybersecurity. This approach offers security and IT practitioners numerous benefits, including decreasing reliance on point products, reducing overhead, and enabling native automation across multiple products.

Preventing Cyber Incidents Requires a Multi-Pronged Approach

As breaches continue to have far-reaching impacts on organizations across all industries, businesses must strike the right balance between hiring skilled professionals, prioritizing companywide security awareness, and implementing technology solutions.

Better trained, more knowledgeable, and highly skilled security and IT professionals are essential to preventing cyberattacks. Organizations should explore creative strategies for recruiting and retaining talent, including setting diversity hiring goals and embracing public-private collaborations designed to give individuals of all backgrounds and skill levels access to cybersecurity education and training. These professionals also need the right tools to safeguard the business from breaches. And finally, employees also have a crucial role to play, as they can serve as a strong first defense against cybercrime.

Public link

Please use the above public link if you want to share this noodl on another website.