editor’s question
NED BALTAGI,
MANAGING
DIRECTOR,
MIDDLE EAST &
AFRICA AT SANS
INSTITUTE
W
e hear a lot about
the shortage
of staff in the
cybersecurity
industry, but in
most countries
the issue is more
of a skills shortage than a headcount
shortage. The good news is that we are
beginning to see some organisations
recognising the need to develop less
experienced staff in security skills
in order to help solve the skills gap,
both to transition more general IT
staff to security and to bring in new
talent and help them develop the skills
and experience needed to take on
security roles. As such, we expect to
see companies continuing to invest
in both the detailed technical training
required for security professionals to
keep abreast of new techniques and
threats, as well as more entry level cyber
security courses.
Another major driver of security
spending in 2020 will be increasing
28
the skills of cybersecurity staff
around cloud services and supply
chain security, since rapid shifts
in globalisation, demographics,
work styles and work sourcing
are transforming the way in which
companies manage their businesses.
Indeed, in a recent SANS survey
on workforce transformation, 54%
of respondents identified increased
reliance on cloud-based applications
and data as a leading challenge for
them. Respondents told SANS that
they’re supporting a number of initiatives
to support workforce transformation,
including a transition to cloud-hosted
infrastructure (51%), increased use
of collaboration tools (46%), a shift
to software-as-a-service (32%) and
adoption of the remote office and related
capabilities (29%).
These shifts, including the widespread
use of cloud and off-site networks, open
up new vectors of risk and potential
threats and attacks, that companies
must keep on top of. Companies are also
increasingly beginning to realise that
focusing on supply chain security and
third party risk is key, as this is so often
the cause of a breach. Ensuring that
security staff are well trained in these
areas is therefore of vital importance
going forward.
Along with cloud and supply chain,
encryption and SecureDevOps are also
a focus for many companies, so we
expect to continue to see interest in
SANS training courses that cover these
areas increase.
Last but by no means least, we are
finally seeing more companies starting
to invest in security awareness training.
In the past, too often organisations and
their security teams have perceived
employees as the weakest link, without
investing in properly training them to
recognise security threats. Instead
companies have traditionally invested
almost entirely in using technology to
secure technology, ignoring the human
side. What little training most
organisations have done has been
too technical and complex. Proper
security awareness training requires
simplifying security for people and
reaching out to them on their terms. This
is something that organisations are just
now starting to do.
Issue 23
|
www.intelligentciso.com