Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More

Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

CISO's Corner: The Four Best Cybersecurity Investments You Can Make During the Cyber Talent Shortage

The need for strong cybersecurity has reached critical mass. Seventy-six percent of security leaders have reported an increase in cyber-attacks over the past year -- accelerated by the COVID-19 pandemic and a rapid shift from an in-office to a remote workforce and on-premises to cloud infrastructure.

There’s also been a rise in nation-state tensions and safe harbored advanced adversaries. The latest ransomware attacks by well-funded hacker groups against high-value companies and critical infrastructure have been drawing mainstream media attention seemingly every week. Specifically, the attacks against SolarWinds, JBS and Colonial Pipeline showed just how fragile our cybersecurity posture is in critical areas and how much we need more cyber resources.

Talent Is In Short Supply

It’s no secret. This surge in malicious cyber activity comes as the industry, and the U.S. in particular struggles to fill critical cyber roles. Some 359,000 American cybersecurity jobs remain unfilled, according to a 2020 survey by (ISC)2.

As governments, cyber leaders, and the education sector rally together to drive more interest in cyber roles through awareness campaigns, evangelism, recruiting, and job matching initiatives, organizations need guidance on maximizing the talent they do have and how to combat the rising tide of cyber threats.

Who Needs To Hear This

All organizations are feeling the pressure of the cyber talent shortage. But organizations in highly regulated, highly funded industries can spend millions on cybersecurity and can attract top talent much easier. Bank of America CEO Brian Moynihan says the company spends over $1 billion per year on cybersecurity.

Many SMBs, enterprises and even governments agencies aren’t in as fortunate of a position, and many are strapped for budget and have numerous open critical cyber roles. This guide is intended for those organizations and their leaders that understand that cybersecurity is paramount but need to maximize the investments they can make in talent, technologies and services.

What Is A Company To Do?

  1. Invest in the cyber expertise you do have. Automation isn’t going to save the world. It needs highly trained and capable people to operate it. A Ferrari can still crash racing on the simplest track if an inexperienced driver is behind the wheel trying to go fast. The same goes for top-tier cybersecurity tools. Cultivating a culture of performance and excellence is essential within your security team. Feedback and training need to be ongoing, not just once a year. Providing your cyber experts with the resources they need to do their job to the best of their ability should be a top priority. Do all you can to keep them engaged, hungry to defend your company, and build their knowledge base.
  2. Automate and outsource if needed. No company can be cyber successful without automation. Alert fatigue and false positives are real problems. AI and machine learning are powerful tools that deserve much consideration. That said, you must implement the right kind of automation. Automation needs to be selected based on the capabilities of the security team that you have access to and your environment complexity. If you are short-staffed or don’t have true cyber expertise in-house to handle complexities like cloud infrastructure migrations, solution deployments, or security operation center (SOC) integrations -- consider outsourcing your security to a trusted managed security services provider. Making sure you have the right expertise on your team, whether in-house or third-party, is going to make or break your cyber success. Having a trusted third-party partner in place can save you from making costly, unnecessary cyber investments or potentially reputation-damaging cyber incidents.
  3. Invest in your employees and executives and their own cyber awareness and training. A recent study revealed that nine in 10 (88%) data breach incidents at organizations are caused by human mistakes. Employee and executive cybersecurity training have never been more paramount now that we are in a permanent hybrid workforce world. Employees are naturally more distracted as they move back and forth between the office and their home for work, opening them up for social engineering and phishing attacks, which account for 94 percent of malware delivery and 80 percent of all security incidents. Cyber training needs to be especially ramped up if you are a critical infrastructure organization or part of a priority supply chain – as you may be a highly desired target for hackers.
  4. Invest in proactive vs. reactive security. The biggest mistake that we’ve seen recently is organizations staying stagnant in defensive cybersecurity strategies. This is a flawed and outdated approach to cybersecurity and can result in catastrophe. Your organization must be thinking proactive with programs like threat hunting, penetration testing, and managed network and endpoint monitoring to combat the new wave of advanced adversaries. If you’re not constantly looking and ‘hunting’, there’s no telling whether or when an adversary has compromised your systems.

Solving The Talent Shortage Together

The talent shortage is a massive challenge, but the cybersecurity industry resilient. With the revitalized interest in collaboration between the public and private sectors and recent Executive Orders on cybersecurity, we are well-positioned to work together and establish effective solutions to the cyber talent shortage. But while we are working together on solutions, organizations need to stay collaborative, vigilant and proactive to fight against this wave of new threats.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo