A new report revealed that the majority of chief information security officers (CISOs) around the world are worried about the cybersecurity skills shortage.

According to a Bitdefender survey titled “CISOs’ Toughest Dilemma: Prevention Is Faulty, yet Investigation Is a Burden,” more than 60 percent of global security leaders said they are negatively affected by the skills shortage. In addition, 69 percent of respondents said their team was under-resourced, and 72 percent said their team had experienced “alert and agent fatigue.” This is particularly worrisome since more than half of security leaders in the U.K. (57 percent), U.S. (55 percent), France (58 percent) and Italy (53 percent) said they’d experienced a breach in the past year.

Poor EDR Tools Exacerbating Cybersecurity Skills Shortage

For CISOs trying to bridge the talent gap, this creates two pain points, according to the report: ineffective tools and investigations hampered by a lack of personnel. As noted by Harish Agastya, Bitdefender’s vice president of enterprise solutions, “The survey results show that today’s resource- and skill-constrained IT security teams need an endpoint detection and response (EDR) approach that allows for less human intervention and a higher level of fidelity in incident investigations.”

The cybersecurity skills shortage also makes sorting through EDR alerts more difficult — 43 percent of CISOs cited a lack of personnel as their biggest stumbling block in rapid incident detection and response. As a result, most companies require more than a day to detect advanced cyberattacks, and only 15 percent of those asked said they identified a breach in less than 24 hours.

Bridging the Gap

How can CISOs bridge the skills gap? As noted by the report, advanced detection solutions are critical since “EDR tools focus on the last 1 percent of threats, allowing for much greater fidelity in incident investigations.”

But the EDR label alone isn’t enough. Tools must have priority-based alert filtering mechanisms to limit the number of trivial reports and false alarms.

Of course, even best-case threat reporting won’t improve security if enterprises don’t have enough personnel to handle incoming data. As Security Boulevard reported, the U.S. Office of Personnel Management (OPM) recently drafted new guidelines for federal agencies that also have merit for private enterprises. The framework advised organizations to start by identifying security workforce gaps. Given the highly competitive nature of the cyber skills talent search, CISOs need to know exactly what they’re looking for before they start recruiting.

Adrian Davis of (ISC)2, as quoted by Infosecurity Magazine, noted that there’s also a need to recognize the cybersecurity skills shortage as more than just a supply-side problem. Companies must put effort into talent retention by ensuring that security professionals are given “a vital role to play and a stronger voice within the organization.”

More from

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…

RansomExx Upgrades to Rust

IBM Security X-Force Threat Researchers have discovered a new variant of the RansomExx ransomware that has been rewritten in the Rust programming language, joining a growing trend of ransomware developers switching to the language. Malware written in Rust often benefits from lower AV detection rates (compared to those written in more common languages) and this may have been the primary reason to use the language. For example, the sample analyzed in this report was not detected as malicious in the…

Why Operational Technology Security Cannot Be Avoided

Operational technology (OT) includes any hardware and software that directly monitors and controls industrial equipment and all its assets, processes and events to detect or initiate a change. Yet despite occupying a critical role in a large number of essential industries, OT security is also uniquely vulnerable to attack. From power grids to nuclear plants, attacks on OT systems have caused devastating work interruptions and physical damage in industries across the globe. In fact, cyberattacks with OT targets have substantially…

Resilient Companies Have a Disaster Recovery Plan

Historically, disaster recovery (DR) planning focused on protection against unlikely events such as fires, floods and natural disasters. Some companies mistakenly view DR as an insurance policy for which the likelihood of a claim is low. With the current financial and economic pressures, cutting or underfunding DR planning is a tempting prospect for many organizations. That impulse could be costly. Unfortunately, many companies have adopted newer technology delivery models without DR in mind, such as Cloud Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS)…