Contact Us

Mind the (Skills) Gap!

Too start off the year, at least two publications have reported on surveys that detail the criticality of the cybersecurity skills gap.  For those old enough, it harkens back to the Cold War missile gap of the 1950s.  But unlike the missile gap, which was mostly fictional, this gap is very real, and much more relevant to the typical enterprise.

CSO drew on a Nov, 2017 ESG study that looked at gaps and potential solutions. The most alarming observation is that, despite increased spending and visibility, the percentage of respondents that reported a shortage of skills rose from 23% in 2014 to 51% in 2018. This doubling implies that the majority of organizations are threatened. As solutions, two areas that stand out include:

  • Moving toward technologies with advanced analytics.Think of artificial intelligence and machine learning as a helper application that can accelerate security processes and make the staff more productive.
  • Automating and orchestrating processes.Cybersecurity grew up with a reliance on manual processes, but these processes can no longer scale to meet growing demands. As a result, security automation/orchestration has become a top priority for many organizations.


I’ll get to both of these in a bit. Within a day, DARKReading, quoting an Opus/Ponemon Institute study, looked at the threats created by these gaps. The top five based on the survey are:

  • 70%:  lack of competent in-house staff
  • 66%:  data breach
  • 59%:  cyberattack
  • 54%:  inability to reduce employee negligence
  • 48%:  ransomware

This was then matched with the fact that 67% of the respondents believed they were more likely to have a breach in 2018, caused by:

  • 65%: inadequate in-house expertise
  • 59%: inability to guard sensitive and confidential data from unauthorized access
  • 56%: an inability to keep pace with sophisticated attackers
  • 51% a failure to control third parties' use of company's sensitive data 

The last concern, due to 3rd parties, is especially disturbing, as 60% of the respondents stated that their risk exposure to business partners, vendors, and contractors has increased over the last year. Much to be done here to secure the supply chain!

And, although much of the press is focused on the risk due to IoT, this is only one of three areas considered challenging:

  • 60%: IoT
  • 54%: Mobile Devices
  • 50%: The Cloud

So, where do we fit in?

Looking at the observations in-turn, Cavirin helps automate many of the more tedious and error-prone processes, eliminating the need for increased staffing. And, new capabilities will add advanced analytics, further assisting IT in identifying the areas of greatest risk.  Our technical controls help to minimize the impact of the top 5 threats, as well as making it easy for smaller organizations to adopt best-in-class practices. This helps secure the supply chain. Finally, our hybrid cloud capabilities address challenges in moving workloads to AWS, Azure, GCP, and even Docker.


© 2019 Cavirin Systems, Inc. All rights reserved.