Cybersecurity is an ongoing challenge for Connecticut businesses, partly because cybercriminals are becoming more aggressive and cyberattacks are becoming more prevalent, but mostly because businesses aren’t equipped to deal with cybersecurity issues. IT resources are being stretched as it is and the shortage of cybersecurity professionals makes it harder to find the talent needed to fortify corporate enterprise networks. There is a gap in cybersecurity skills and Connecticut corporate leaders are going to have to adopt new strategies to bridge that gap.
Cybersecurity continues to be one of the biggest and most costly threats to Connecticut businesses. Cybercrime will cost $6 trillion worldwide by 2021, double the cost recorded in 2016. In fact, the ill-gotten revenue from cybercrime will be more profitable than all the drug trades combined. The global cost from ransomware alone is predicted to exceed $5 billion by the end of 2017. At the same time, spending for cybersecurity will exceed $1 trillion from 2017 to 2021. A lot of that spending will be for personnel, but there is expected to be a continued shortfall of 3.5 million unfilled cybersecurity jobs by 2021.
The trend is clear. The tide of cybercrime is rising, and there aren’t enough people to stack the sandbags. Connecticut businesses are competing for security experts from the same talent pool, which means they have to pay more for the best talent or start looking elsewhere.
The High Cost of Security Talent
Unfortunately for small to medium-sized businesses (SMBs) in Connecticut, the cost of hiring cybersecurity talent is relatively high and rising.
The security position that is in most demand is security analyst. According to the Bureau of Labor Statistics, there were 72,670 security analyst positions in 2012 with a median salary of $86,170. In 2016, there were 98,870 security analyst jobs at median salary of $96,040. That’s a lot for SMBs to pay for a dedicated security professional.
Security manager is another cybersecurity role that is in high demand. The security manager is responsible for developing and implementing security protocols and privacy policies to keep information private, a job that usually requires a certification such as Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP). The salaries for highly skilled security executives can go as high as $400,000.
Security Skills Shortage Puts SMBs at Risk
To fill the gap, most SMBs are putting more security demands on their existing IT staff, asking them to step in and add security management to their job function. Unfortunately, without the proper expertise and tools, it’s difficult for them to do an adequate job of protecting the company network.
Consider that 32 percent of companies reported that they were victims of a cybercrime in 2016, and 72 percent of CISOs predict their companies will be attacked in 2017. However, most SMBs believe they are adequately protected from cyberattacks. A Symantec survey revealed that 85 percent say their company is safe from hackers and malware. At the same time, 77 percent lack a formal internet security policy. SMBs are less prepared to prevent or handle a data breach, and most SMBs are less concerned about being hacked.
SMBs often consider themselves too small to be targets of cyberattacks, but the fact is that 14 million SMBs were hacked in the past 12 months. Technology group PCM, Inc., reports that half of the organizations targeted for cyberattacks were breached, and one-third of those said their security was bypassed. SMBs are particularly vulnerable to phishing attacks. Social engineering also has been reported to have a 50 percent success rate, which means security has to extend beyond firewalls and system patches to include employee training and system monitoring.
Filling the Cybersecurity Gap
What are Connecticut companies supposed to do to protect themselves? The best security talent is too expensive and it’s hard to compete with other companies that are hiring. It’s also difficult to train the talent you have on staff; it’s a lot to ask your IT manager to assume the role of a professional with a CISM or CISSP credential.
Some believe that better technology can come to the rescue, predicting that artificial intelligence and machine learning can make up for the lack of security talent. But there is no magic bullet for cybersecurity. Cybercriminals are clever and aggressive and are continually developing new infiltration strategies. That’s why cybersecurity requires experts who monitor systems and data traffic, search for anomalies, and are ready to respond in the event of a threat.
Your best alternative is to outsource to security experts. Finding an experienced MSSP (managed security services provider) eliminates the need to develop home-grown IT security experts and costs substantially less than staffing security experts. Outside experts can create security protocols and ensure the right technology is in place to protect computing resources. MSSPs also can handle data security monitoring and manage systems backup and disaster recovery so your company is ready in the event that there is a data breach.
The need for cybersecurity protection continues to increase as security experts become harder to hire and more expensive. To meet your cybersecurity needs, don’t ask your existing IT team to take on the added challenge of protecting your data. Instead, find a security expert like NSI who can manage cybersecurity for you and ensure that your systems are fully protected around the clock.