If you’ve been reading the news headlines recently, then you’re well aware of just how hard it is to keep up with all the potential cyber threats out there. Until recently, the conventional wisdom was that companies should be trying to hire as quickly as possible, boosting their IT security staff in an effort to win the cyber arms race. But as a new report from cyber security firm McAfee points out, companies have other alternatives – including cyber security automation and gamification.
The cyber skills shortage
One major problem that companies face today is the cyber skills shortage. It almost seems like the faster that companies hire new staff, the faster new security risks seem to pop up. That puts a real strain on cyber security operations. It’s no wonder, then, that IT security professionals around the world are feeling the pressure. According to the new Winning the Game report by McAfee, which surveyed more than 300 senior security managers and 650 security professionals from around the world, nearly half (46%) of cyber professionals say that they are struggling to keep up.
And it’s not for a lack of trying, either. On average, says McAfee, companies are increasing staff headcount by 24% to manage all their cyber threat detection needs. That’s an impressive figure, to be sure, but companies are willing to hire even more. The problem here is that it’s just too hard to attract and find new IT talent. Of the McAfee survey respondents, 84% say that it is difficult to attract IT talent. The massive cyber skills shortage means that a large number of companies are fighting over a relatively small pool of candidates.
Cyber security automation
With that as backdrop, it’s easy to see why companies are willing to explore new alternatives to help them with their cyber security needs and the rapidly expanding types of attacks. And one of the most attractive alternatives, according to McAfee, is cyber security automation. In layman’s terms, it simply means getting machines to do more of the heavy lifting. A lot of routine security checks and threat intelligence assessments can be handed over to machines, giving IT security professionals more time to focus on higher value-added tasks.
And the data from McAfee certainly backs that up. 81% of those surveyed said that they would be more successful in their everyday jobs if they had greater automation. So, for companies struggling to find the right IT talent, the answer might be exploring cyber security automation solutions that won’t add to the overall headcount.
Cyber security automation, by encouraging more human-machine teaming, could be the key to making the most productive use of existing assets. Since hackers are using their versions of automated attacks, this means that IT security teams will be fighting fire with fire.
And there’s another element to cyber security automation: artificial intelligence and machine learning. It’s not just that new automated solutions are faster and more efficient – they are also smarter, thanks to breakthroughs in AI. This means that it becomes much easier for IT security teams to spot false positives and track down possible data breaches, all without the need for human intervention. This might make it easier to stop attacks before they even take place.
Another alternative proposed by McAfee in the report is gamification. This basically requires companies to integrate game-like elements into normal cyber security routines, in order to make threat detection easier as well as to unlock the full potential of all the security analysts on the IT cyber security team. In the survey, 96% of respondents reported seeing benefits from integrating these gamification elements.
Examples of gamification include hackathons, capture-the-flag exercises, and red team-blue team competitions. These can be so powerful for many different reasons. For example, hackathons can uncover innovative ways of accomplishing certain cyber security tasks. And capture-the-flag exercises can help IT security team members think in new ways and master new security skills. If they are able to out-smart and out-wit the enemy, then they will be more productive and efficient in their daily work, especially when it comes to incident response.