Companies are increasingly vulnerable to cyber attacks, partly due to outdated systems and the increasing complexity of their IT structures. Matthijs van der Wel-ter Weel, strategic advisor at Orange Cyberdefense, warns that companies risk their continuity if they do not invest in more efficient cybersecurity and attract and retain well-trained experts.
The shortage of cybersecurity specialists is acute worldwide, with an estimated shortage of 3.4 million experts. This shortage makes companies vulnerable to increasingly sophisticated cyber attacks.
Automation is part of the solution, partly in response to complex attacks that are also increasingly automated. However, every organization remains vulnerable without highly trained experts to tackle truly complex attacks. Van der Wel-ter Weel emphasizes, “Automation can solve a lot, but without the right people who know how to best utilize and integrate this technology, it will continue to be a mop-up operation.”
An important step in sustainably bringing cybersecurity to a higher level, according to the Orange Cyberdefense consultant, is breaking the ‘silos’ between IT and security. Often these teams work separately from each other, leading to inefficiencies and security breaches. Companies need to improve collaboration between the two teams to take joint responsibility for security.
Everyone should have basic cybersecurity knowledge
It is also important to establish multidisciplinary teams. Instead of relying on specialized security teams, IT professionals, developers, legal experts and compliance specialists should work together. By training all these employees in basic cybersecurity skills, companies can respond more quickly to threats and reduce the pressure on specialized professionals.
An up-to-date Configuration Management Database (CMDB) is also essential. It provides visibility into all IT assets and vulnerabilities, allowing security teams to better respond to potential risks. Without this overview, it remains difficult to secure effectively. By always keeping the CMDB up-to-date, companies ensure that both IT and security always have the right information, which you simply can’t do without. The CMDB is thus the backbone of a well-secured IT environment.
Automate? Yes, but in the right way
Automation remains important, but it must be done in the right way. AI can take over routine tasks such as log analysis and responding to simple attacks, allowing security professionals to focus on complex threats.
But Van der Wel-Ter Weel cautions, “Automation without a strategy is a recipe for inefficiency. Choose carefully which processes can be automated and where human expertise is needed.” His motto is to let security professionals primarily do what they are good at: tackling complex threats that technology cannot yet fully comprehend.
Invest in internal talent
Finally, companies need to invest in their own talent. By training staff to become cybersecurity experts, companies can respond to workforce shortages. Retraining and internal training are indispensable for future resilience to growing threats. “The workforce shortage in cybersecurity is a ticking time bomb,” says Van der Wel-Ter Weel of Orange Cyberdefense.
“Waiting for more experts to enter the job market is simply not an option. We need to get to the root of the problem by developing talent internally and implementing technologies strategically. Only then can we stay ahead of growing threats.”
Also read: Orange Cyberdefense turns security into a business enabler