The candle is burning at both ends for cybersecurity professionals as they face the dual challenges of an intense threat landscape and a limited talent pool. With more than 700,000 unfilled cybersecurity roles in the U.S., how can organizations defend themselves against ever-evolving cyberthreats?
This question was at the top of the agenda at the White House National Cyber Workforce and Education Summit, which Sophos’ CEO Kris Hagerman attended in July. The summit gathered industry leaders to discuss the need for more cybersecurity professionals and potential pathways to cybersecurity careers — including the Registered Apprenticeship program and non-traditional training opportunities.
The bottom line is that there isn’t a one-and-done solution to the cybersecurity talent shortage. But as managed service providers (MSPs), you can prioritize upskilling your current workforce and lean on third-party service providers to narrow the gap.
The cybersecurity skills gap meets a heightened threat landscape
The past two years have brought major changes to workplace security, including the shift to remote and hybrid work, a rise in IT outsourcing and a rapidly evolving cyberthreat landscape. These changes add complexity to IT infrastructures and create new vulnerabilities for attackers to exploit. Unsurprisingly, nearly 70% of organizations experienced an increase in IT security workload in 2020.
As the frequency and severity of cyberattacks continue to rise, many organizations are struggling to keep pace with sophisticated attacks. In fact, 54% of IT managers say cyberattacks are now too advanced for their IT teams to address on their own.
Ransomware-as-a-Service and increasingly collaborative attack models have made the impact of cybercrime more devastating, and an increase in attack dwell time has made it easier for multiple adversaries to hit organizations at once. Today’s threat landscape requires continuous security upgrades, diligent and proactive threat monitoring, and resources that many small and medium-sized businesses lack, cybersecurity talent included..
To effectively defend organizations’ critical assets, the global cybersecurity workforce would need to grow by 65%, which could take years. In the meantime, organizations are leaning on MSPs to help close the cybersecurity skills gap. But when MSPs don’t have the necessary security expertise, who do they lean on?
MSPs: How you can help fill the cybersecurity skills gap
With hundreds of thousands of open cybersecurity roles in the U.S., organizations rely on MSPs to supplement cybersecurity efforts. But MSPs also face challenges in recruiting and retaining security talent. To keep up with today’s cyberthreat landscape, concentrate on a few key areas that can help improve retention and supplement existing service offerings.
- Prioritize your current workforce. Many MSPs and their clients are struggling with widespread labor shortages, which is why retention and upskilling remain top of mind. You should prioritize strategic hiring practices to ensure your teams are equipped with the right knowledge and skill sets despite the limited talent pool.
In addition to strategic hiring practices, you should also invest in additional education and training for employees. Whether this means helping employees gain technical certifications or offering tuition reimbursement, continued training provides the competitive edge to attract and retain customers. Additionally, organizations with high internal mobility are more likely to retain employees longer, which is critical in today’s competitive labor market.
- Lean on third-party resources. Protecting clients is your top priority as an MSP. But without the right tools and in-house expertise, you leave customers vulnerable to attacks. Specialized vendors offer a solution by complementing your existing capabilities. For example, building a security operations center (SOC) can be resource-intensive and often requires multiple vendors, leaving gaps for adversaries to gain network access. To supplement existing security operations, leverage third-party services like Sophos’ Managed Threat Response (MTR).
By pairing machine learning (ML) technology with expert analysis to create a “machine-accelerated human response,” MTR detects and responds to evolving cyber threats in real time. With MTR, Sophos provides 24/7 support that most MSPs are unable to offer on their own. And unlike traditional managed detection and response (MDR) services that only notify organizations of an attack and advise next steps, MTR actively monitors for threats that an organization’s infrastructure may be unable to spot — and then takes human-led action to stop them.
Cybersecurity labor shortages aren’t going away. To keep customers’ IT infrastructure safe, MSPs need to consider new tactics and solutions. With a focus on upskilling and retention and the help of trusted security partners, you can position your MSPs to provide 24/7 protection throughout the remainder of 2022 and beyond.