The Hiring Gap Is Creating Cybersecurity Gaps

Good help is hard to find these days. Never had that adage been more true than during The Great Resignation, as workers job hop, change careers, or just take a sabbatical. Those labor trends aren’t just affecting your local mom-and-pop shop, but major organization’s IT teams, cybersecurity professionals, and experts who can help a business stay safe from growing cyber threats. The 2022 Ponemon Institute Report, which was just released, highlights a variety of challenges organizations are facing as they attempt to navigate new threats in our modern cybersecurity age. One major challenge is the hiring and internal expertise gap.

Cybersecurity Is Seeing A Hiring Gap

According to the report, 48% of organizations see hiring and training as a major barrier to creating a strong cybersecurity posture. If you don’t have the bodies and the expertise, innovation is impossible. Cybersecurity as a strategy is changing, and if an organization doesn’t have the person to say, work with a vendor, or manage third parties, or even employ access governance, none of those very needed pieces of the puzzle will come together.

In addition, 58% or organizations cite In-house expertise as a factor considered when improving their cybersecurity. This means that if there aren’t employees in the room advocating for modern solutions, cybersecurity improvements and better access management, it isn’t going to happen. It’s not just a gap in talent, it’s a gap in expertise and in future cybersecurity decision-making for organizations.

How A Lack Of Talent Changes Organizations’ Approach To Cybersecurity

If you don’t have security cameras, you won’t see the bank robbers storm the lobby. The same is true when it comes to cybersecurity. According to the report, 58% of organizations stated that “we have no internal resources to check or verify” third-party access. This is a major blind spot for organizations, as more and more are not only relying on third parties, but getting hit with third-party cyberattacks and ransomware. 49% of organizations have experienced a third-party data breach in the past 12 months, which is up 5% from last year. In addition, 49% of organizations do not have someone assigned to manage third-party risk. If you don’t have people and systems in place to manage third parties, you might as well be opening the door and unlocking the vault for those robbers.

This kind of gap goes far beyond just visibility into third-party access, though that is critical for any organization’s cybersecurity strategy. What other gaps in the IT ecosystem exist for organizations? Is there proper access governance and fine-grained access controls for privileged access? Is access creep a problem? If no one is monitoring third parties, how is the organization ensuring compliance? One question just begets two more, and it all comes down to the lack of resources organizations have at their disposal.

How Organizations Can Mitigate Cybersecurity Risks

There is one statistic from the report that highlights a potential solution for organizations facing this labor shortage — 37% of organizations stated that they rely on third parties for security. In the same way that organizations (fueled by remote work, The Great Resignation, and a changing economy) are turning to third parties for their OT, turning to a vendor for cybersecurity can offer efficiency and lower costs. This would free up budget to spend on other parts of the cybersecurity architecture, and create a central hub for all cybersecurity needs. The investment upfront, no matter how heavy, will prove its worth when previously manual or siloed workflows (like manually tracking access permissions or third-party vendor identities) are made efficient.

Read more about the hiring gap in cybersecurity with the 2022 Ponemon Institute Report.

Learn more about issues organizations are facing when it comes to cybersecurity by joining our webinar on Aug. 4th.