A perfect storm

2021 has been a challenging year for those responsible for cybersecurity in public and private sector organisations. Ransomware and software supply chain attacks have been constantly in the headlines, claiming some high-profile scalps, including Colonial Pipeline and the many users of SolarWinds’ Orion monitoring platform. Trends such as the Internet of Things (IoT), the integration of operational technology (OT) with IT systems, and the migration to cloud-native architectures are continuing apace, requiring new security approaches and technology. On top of everything else, the COVID-19 pandemic has disrupted working patterns and led to hasty introduction of support for large-scale remote and flexible working, as well as being the focus of phishing campaigns.

Organisations recognise the need for increased security investment to introduce pro-active security practices and new hardware and software, and to implement employee awareness campaigns[1]. However, one of the factors hampering progress is the severe shortage of experienced cybersecurity professionals. A recent study[2] conducted on behalf of the DCMS estimated that 50% of UK businesses lack the ability even to implement the basic cyber-hygiene measures laid down by the Cyber Essentials scheme[3]. Increasingly, organisations are outsourcing their security functions, but this merely displaces the skills gap to managed security service providers. It is reported that 47% of cybersecurity firms face problems due to lack of technical skills in existing staff or job applicants.

A related report[4] provides evidence that in 2021 there was an annual shortfall of about 10,000 in the UK cybersecurity employment pool and suggests that if remedial action is not taken, the situation will only get worse. A contributing factor is the rate at which experience staff are leaving the profession. According to a global survey of cybersecurity professionals[5], consequences of the skill shortage include increasing workload (62%), unfilled posts (38%) and a high burnout rate (38%).

METCLOUD and Birmingham City University (BCU) are working together on an applied research project that addresses this problem in the context of the Security Operations Centre (SOC). Its aim is to use Artificial Intelligence (AI) and Data Science (DS) techniques to reduce the workload and amplify the skills of SOC analysts, resulting in more efficient and effective detection of, response to, and remediation of cyber-attacks. In the process it will increase job satisfaction and staff retention, and enable a more scalable business model.

[1] According to the 2021 IDG Security Priorities Study, 90% of security leaders believe they are falling short in addressing cyber-risk. Small and medium businesses plan to double their security budgets to an average of $11 million over the next year, while average enterprise budgets will increase to $123 million.

[2] Cyber security skills in the UK labour market 2021, Ipsos MORI for the Department for Digital, Culture, Media and Sport (DCMS)

[3] https://www.ncsc.gov.uk/cyberessentials/overview

[4] Understanding the Cyber Security Recruitment Pool, Ipsos MORI for the DCMS

[5] The Life and Times of Cybersecurity Professionals 2021, Enterprise Strategy Group (ESG) and Information Systems Security Association (ISSA)