How to compete for security talent

Attracting security talent has always been a challenge, no matter the size of your business. But as threat activity increases in a parallel with a labour shortage, it’s even harder for small and medium-sized businesses (SMBs) to attract and keep IT security talent.

It’s not something you can neglect, however, as security doesn’t become less important the smaller your organization. When every business relies on data and connectivity to serve customers and grow market share, SMBs are just as vulnerable to security threats as large enterprises.

The trick for SMBs is having a well-defined role for a small contingent of talent who can tap into outside expertise to bolster overall security posture.

Lots of threats, not enough people

There’s a shortage of security talent worldwide, even as the workforce has hit record numbers. According to the 2022 (ISC)2 Cybersecurity Workforce Study released in fall 2022, there was a global shortage of 3.4 million workers in the IT security field. The report also found that there were more than 700,000 unfilled cybersecurity jobs in the U.S. alone.

The security talent shortage comes at a time when cybersecurity attacks are on the rise, with the average number rising 31 percent to 270 per year between 2020 and 2021, compounded by the pivot to remote work. If you’re one of the companies that’s seeing an increase in cybersecurity attacks – and you likely are – you’re going to have to increase your budget for security talent. The (ISC)2 study found that just over a quarter of those who are in the field are in it because of the high salaries.

Money is not the only solution to the security talent woes, however.

Paychecks must come with perks

A competitive salary is table stakes in an inflationary economy, regardless of the role, and especially if you want to hire skilled IT workers. But if you want to attract security talent and keep it, there are several key things to consider when looking to fill cybersecurity positions beyond the paycheck.

  • Have the right tools: If your cybersecurity technology investments are lacking, your security talent is going to get frustrated if their hard work is hindered by inadequate tools. This includes automation – if you’re still doing things manually that can be done by software or emerging artificial intelligence (AI) capabilities, your security talent is going to feel bogged down and ineffective despite their best efforts.
  • Offer variety and interesting work: Similarly, your security talent wants engaging work that’s more than just sitting in front of a consoling assessing and triaging alerts. If you’re automating as much as possible, cybersecurity work becomes more strategic, allowing for people to implement more proactive measures such as a Zero Trust approach to security and helping all employees become part of the solution by through education and policy. You want your security talent to get satisfaction from playing a role in enabling the business.
  • Cover training and certification: The best workers in any field don’t want to be stagnant. Combine that with how quickly security threats evolve, it’s in your best interest to provide your security talent with opportunities for continuing education and certification. This is especially true for younger workers, who will always be eyeing opportunities for advancement – other employers know this and are adjusting their hiring practices accordingly.
  • Don’t limit your talent pool: If you’re ready to invest in training and education, you should also consider recruiting talent from a broader group of candidates within information technology, even if they don’t have a cybersecurity focus. Foiling threat actors, assessing risks and mitigating vulnerabilities requires a diverse set of people, including analytical, organized, and creative types.

Even if money is no object, it’s important for SMBs to be selective of where they deploy security talent in-house. As with IT in general, it often makes sense to tap into the expertise of a managed service provider with a security focus who can help your small, nimble security team execute on a daily basis while providing assessment and strategic advice where need.

There are many ways artificial intelligence (AI) and machine learning already impact cybersecurity. You can expect that trend to continue in 2024 – both as tools for data protection as well as a threat.

Balancing Cybersecurity Innovation Amid Evolving Threat Landscapes

Even as you implement AI and machine learning into your cybersecurity strategy through the adoption of tools like Security Orchestration, Automation, and Response (SOAR), Security Information and Event Management (SIEM) and Managed Detection and Response (MDR), so are threat actors. They will continue to update and evolve their own methodologies and tools to compromise their targets by applying AI and machine learning to how they use ransomware, malware and deepfakes.

With small and medium-sized businesses just much at risk as their large enterprise counterparts, SMBs must take advantage of AI and machine learning as mush possible. AI-directed attacks are expected to rise in 2024 in the form of deepfake technologies that make phishing and impersonation more effective, as well as evolving ransomware and malware.

Deepfake social engineering techniques

Deepfake technologies that leverage AI are especially worrisome, as they can create fake content that spurs employees and organizations to work against their best interests. Hackers can use deepfakes to create massive changes with serious financial consequences, including altering stock prices.

Deepfake social engineering techniques will only improve with the use of AI, increasing the likelihood of data breaches through unauthorized access to systems and more authentic looking phishing messages that are more personalized, and hence, more effective.

Countering Cyber Threats and Harnessing Innovation in 2024

If hackers are keen on leveraging AI and machine learning to defeat your cybersecurity, you must be ready to combat them in equal measure – just as AI and machine learning will create new challenges in 2024, they can also help you bolster your cybersecurity. While regulations are being developed to foster ethical use of AI, threat actors are not likely to follow them.

AI will also affect your cyber insurance as your providers will use it to assess your resilience against cyberattacks and adjust your premium payments accordingly. AI presents an opportunity for you to improve your cybersecurity to keep those insurance costs under control.

Conclusion

There’s a lot of doom being predicted around the growing use of AI and machine learning. And while it does pose a risk to your organization and its sensitive data, you can use it to bolster your cybersecurity even as threat actors leverage AI to up the ante. A managed service provider with a focus on security can help you use AI and machine learning to protect your organization as we head into 2024.

Listen to this Post

Subscribe

Keep up to date with our weekly digest of articles.

By clicking Subscribe, I agree to the use of my personal data in accordance with Supra ITS Privacy Policy. Supra ITS will not sell, trade, lease, or rent your personal data to third parties.

Let us know
how we can help

Need more information? Book a meeting with one of our experts today!