Well, I if am correct, sometime this week, the weekly benefits claims numbers came out, and fortunately, it was not as bad as many experts had predicted.  You can take it for what it is worth, but at least on the front, that is some good news.  Of course, if one were to do a deeper dive into these numbers, it could tell an entirely different story, but we will leave that for the political pundits to figure out. 

But on the Cybersecurity front, as I have written about before, the workforce shortage is starting to get worse, and not any better.  It’s not that there is not a lack of skilled workers out there, it’s the sheer fact that Corporate America, because of the COVID19 crisis, is simply tightening its belt even further than expected. 

The main reasons for this is the increase in the spike of people testing positive, and the upcoming presidential elections.

There is still a lot of uncertainty that is out there, and this has only made things worse for the IT Security teams across all sorts of businesses.  This is leading to much higher levels of stress, and worst yet, burnout and people quitting their jobs in search of greener pastures. 

This has been further substantiated by a recent study that was conducted by The Chartered Institute of Information Security (aka the “CIISec”).  Here is a sampling of what they have found:

*54% of Cybersecurity professionals have quit their job because of burnout or stress;

*64% of respondents claimed that they would have to work with fewer resources;

*51% of them said that they would let the mundane and routine processes simply “go to pot” so that they can keep up with the existing and new threat variants.

More details about this study can be found here at this link:

https://www.ciisec.org/CIISEC/News/Over%20Half%20of%20Cyber%20Security%20Professionals%20Affected%20by%20Overwork%20or%20Burnout,%20CIISec%20Survey%20Finds.aspx

Worst yet, according to another study by Gartner, many companies here in the United States will have to deal with a much-lowered budget in 2021 for Cybersecurity than ever before.  More details about this can be found here:

https://www.wsj.com/articles/security-chiefs-look-to-justify-cybersecurity-costs-during-business-downturn-11589275802

So given all of these not so welcome facts, how can a business deal with Cybersecurity issues in the face of all of this craziness?  The trick comes down to building a better mousetrap with what you already have.  Here are some key tips that you can use in a short time:

*Understand what your true needs are:

Yes, every business entity needs every tool that they can get their hands on in order to further solidify their Security Posture.  But right now, it will not happen, at least for the foreseeable future.  So in this regard, it is imperative that your IT Security team conduct a Risk Analysis to categorize all of your digital assets and rank them as to which ones are most vulnerable and least to a Cyber-attack.  Then from there, you can allocated your funding and existing resources at hand to protect the ones that are most critical to you.  In other words, your company needs to take a drastic mind shift and come to realize that Cyber is not just an IT issue, it is a business issue that impacts your entire organization.

*Come to grips with reality:

Let’s face it, the Cybersecurity Landscape is far different now that what it is was perhaps just one year ago.  Although COVID19 has been a predominant catalyst in all of this, there are other factors as well that include the implementation of the GDPR, the CCPA, an increased level of Cyberattacks from nation state threat actors, a drastic transition to using Cloud based resources such as the AWS and Microsoft Azure, the rapid deployment of the Remote Workforce.  But at the end of the day, there is only so much that you and your entire IT Security team can do.  You have to be able to acknowledge this and come to the realization that you are going to need a lot of help.  This is where making use of outsourced services can be a huge boon, such as that of the vCISO and the Managed Security Services Providers (MSSPs).  In other words, since you may not be able to hire new Cyber workers directly, you need staff augmentation.  The good news here is that these kinds of services are very affordable as well as scalable.

*Realign your existing security tools and technologies:

Part of the Risk Analysis (as previously mentioned) should also reveal just how efficiently your existing Cyber arsenal is being used.  The trend before COVID19 has been to deploy as many tools as possible, but this has led to two major problems:  The increased amount of false positives coming in (which is leads to “Alert Fatigue”), and an increased surface for which the Cyberattacker to prey upon.  As a result of this, many CIOs and CISOs are now realizing that perhaps they could do just as well or even better with fewer security tools, as long as they are strategically placed.  In other words, the are getting away from the mantra of “there is safety in numbers”.  So for example, deploying three firewalls instead of ten of them will probably be a lot better and yield a greater ROI, which will of course save money in the end.  Of course, if you are using the AWS or Microsoft Axure, these platforms come with a very robust set of security functionalities that you can use as well, which is part of the monthly fees that you pay.

*Make use of AI and ML:

One of the most disturbing trends, IMHO, revealed in the study previously mentioned was that the IT Security teams were willing to let the more mundane and routine processes merely just “slip away”.  The bottom line is that this is a very horrible mindset to take, and it will simply leave more avenues for the Cyberattacker penetrate into.  In this regard, you can always make use of both Artificial Intelligence (AI) and Machine Learning (ML) tools.  These can essentially help you to automate these routine processes, so that your IT Security team can remain laser focused on more critical issues at hand.  In fact, they both can even be used to help predict what the future Cybersecurity Threat Landscape will even look as well, which will translate into a much more needed, proactive mindset. Keep in mind that the Cyberattacker is always looking for the moments when you let your guard down.  By using both ML and AI, you will have greater assurances that your digital assets will be safeguarded on a 24 X 7 X 365 basis.  Also, note that using ML and AI tools is not an expensive proposition either.  Many of them also come as hosted options, thus making them very affordable as well.

My Thought On This

Well there you have it, some quick tips to help you navigate today’s much more complex Cyber world.  It will be a tough one for sure, and will only get tougher in the coming months, once there is more certainty that is transpiring.

The bottom line is that we, no matter how small or how large a business is, facing restricted budgets.  Heck, I am even faced with this dilemma myself for my tech writing biz.  But we have to learn how to deal with the new normal and make the best use that we can of what we already have.

In this regard, also as stated previously, don’t be afraid to adopt a staff augmentation approach, and to adopt Cloud based resources.  Really, you should consider moving any On Premises stuff you have it and move to the either the AWS or Microsoft Azure.  Yes, there are some security risks with this, but then isn’t there with anything new that we deal with? 

The gains to be realized are far greater, especially when it comes to both affordability and scalability, especially when it comes to deploying a Remote Workforce of a long time to come yet.