Increasingly sophisticated threat campaigns. High-profile data breaches. Determined threat actors. The sophistication of the technology and tactics used by criminals has outpaced the ability of IT and security professionals to address these threats. Security Magazine reports that “most organizations do not have the people or systems to monitor their networks consistently and to determine how they are being infiltrated.” Cisco estimates there are more than 1 million unfilled security jobs worldwide.
Determined attackers and persistent threats are only part of the cybersecurity skills problem. According to new research from Cisco, there is a disconnect between the perception and reality of security preparedness. While many chief information security officers (CISOs) believe their security processes are optimized—and their security tools are effective—their security readiness likely needs improvement.4 This disconnect, along with rapidly evolving regulatory requirements and networking technology, will further widen the cybersecurity skills gap.
Cybersecurity hiring challenges will also be impacted by the Internet of Everything (IoE), which represents an unprecedented opportunity to connect people, processes, data, and things. While IoE will create new operating models that drive both efficiency and value, it may also become the world’s most challenging cybersecurity threat. Why? As customers embrace IoE, they must bring together IT and operational technology, giving adversaries new targets such as vehicles, buildings, and manufacturing plants.
This blurring of IT and operational technology environments has already resulted in a 250 percent spike in industrial automation and control system incidents over the past 4 years. According to Gartner, the number, scale, and sophistication of operational technology attacks will continue to increase, putting connected industrial systems, building control systems, and energy systems at risk. “Mitigating advanced persistent threats in OT environments requires people who can bridge IT and OT,” says Jon Stanford, principal, Cisco Security Solutions. People who can bridge the gap between IT and OT are in extremely short supply.
Against this dynamic backdrop, Cisco Security Services offer important insights and recommended actions that can help you mitigate the cybersecurity talent shortage.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program