Automation in the Security Operations Center (SOC), gamification and an engaged security staff are the three ingredients necessary to effectively combat cyber criminals, a new McAfee report found.
SOC automation and ample, skilled staffing are not surprising findings, but gamification? Yes, to address the shortage of skilled cybersecurity workers, McAfee’s global survey of nearly 1,000 senior security managers and security pros (appropriately entitled Winning the Game) suggests that gamers, those engaged and immersed in online competitions, may be one answer to plugging the substantial gap.
It’s thinking beyond the box for sure but you can see how it makes sense. Gamification, or applying elements of game-playing, such as hackathons, capture-the-flag and bug bounty programs, to non-game activities, is seen in some corners as a novel place to find future cybersecurity pros because of the particular skills that video game playing demands.
Here’s what the study’s respondents said about that:
- 92 percent believe that gaming gives players experience and skills critical to cybersecurity threat hunting such as logic, perseverance, an understanding of how to approach cyber criminals and new ways of looking at things compared to traditional cybersecurity hires.
- 77 percent of senior managers said their organization would be safer if they leveraged more gamification.
- 57 percent said using games increases awareness and IT staff knowledge of how breaches occur.
- 43 percent say gamification enforces a teamwork culture needed for quick and effective cybersecurity.
Would senior managers hire gamers? Most definitely:
- 78 percent said the current generation entering the workforce, who have been raised playing video games, are stronger candidates for cybersecurity roles than traditional hires.
- 75 percent said they would consider hiring a gamer even if that person had no specific cybersecurity training or experience.
- 72 percent of respondents say hiring experienced video gamers into the IT department seems like a good way to plug the cybersecurity skills gap.
Because the cyber threat landscape is changing in complexity and frequency of incidents, many organizations believe new recruits are desperately needed, the findings showed. According to the report, 46 percent of respondents asserted that in the next year they will either struggle to contain the increasing number of cyber threats or it will be impossible to defend against them.
To manage the threats their organizations are currently facing and will grapple with in the near term, the survey respondents believe they need to increase their IT staff by nearly 25 percent. Roughly 85 percent concede that attracting talent is difficult and about 30 percent admit that they do not actively do anything to attract new candidates.
The combination of a growing threat landscape along with recruiting and holding on to a cybersecurity workforce make SOC automation a key element to establishing a formidable defense against cyber attackers, McAfee said. "Many security managers believe the only way they can try to keep ahead of the growing threat landscape is to hire more staff. Not only is this unrealistic given the high turnover of cybersecurity staff and the difficulty of attracting new talent, but it ignores far more effective ways of detecting and responding to incidents using automation," the study's authors said.
Here’s what the survey’s respondents said about SOC automation:
- 81 percent believe their organization’s cybersecurity would be safer if it implemented greater automation.
- 25 percent said that automation frees up staff from routine tasks such as policy enforcement to focus on valued added tasks such as threat hunting.
- 32 percent said a lack of in-house skills retards their investment in automation.
“With cybersecurity breaches being the norm for organizations, we have to create a workplace that empowers cybersecurity responders to do their best work,” said Grant Bourzikas, chief information security officer at McAfee. “Consider that nearly a quarter of respondents say that to do their job well, they need to increase their teams by a quarter, keeping our workforce engaged, educated and satisfied at work is critical to ensuring organizations do not increase complexity in the already high-stakes game against cybercrime.”