Simplifying security operations as skills shortages create tension
The UK government reports that ongoing cybersecurity is a pressing issue for a third of all UK businesses. Meanwhile, in a survey conducted by SenseOn, 41% of IT decision makers identify a lack of skilled staff as a primary concern. This significant shortage is putting immense pressure on already overstretched security teams, pushing them to the brink of burnout as they strive to secure every endpoint.
Another finding from SenseOn’s research highlights the seriousness of this issue, revealing that 95% of IT decision makers are concerned about the impact of stress on employee retention within their organisations. If left unaddressed, this could further exacerbate an already critical skills shortage.
In an effort to shore up their defenses and ease the burden on overworked analysts, many organizations are turning to various cybersecurity solutions. However, this approach often backfires, hampering the adoption and effective management of these solutions and leaving behind a slew of disparate tools, overstretched teams, and a cycle of inefficiencies that exacerbate the skills gap.
Founder and CEO of Senseon.
A complex and fragmented ecosystem
The majority of IT decision makers mistakenly believe that more cybersecurity tools equal more protection. But adopting new tools is a lengthy process, averaging 2.4 months, and is further complicated by the lack of integration between the growing number of vendors and suppliers. Amid these challenges, already busy security professionals are faced with additional demands on their resources.
Organizations need to take a strategic approach to cybersecurity and simplify its management to relieve pressure on overstretched teams while addressing skills shortages.
The Burden of False Positives
A major drain on resources is the high volume of false positive alerts from endpoint detection and response (EDR) systems, which account for almost half (45%) of all alerts. Many of the events that look like potential threats are in fact completely harmless.
One way EDRs work is by looking at “normal” endpoint behavior and flagging anything that is out of the ordinary. In the real world, however, the real normal is the abnormal. This EDR limitation would be acceptable if there were only a handful of devices connected to an EDR system, but enterprise environments often have dozens to thousands of endpoints and a diverse user base.
In environments with numerous endpoints, the time it takes to analyze EDR alerts places unnecessary strain on security teams because an analyst always needs context around the events that triggered the alert. An analyst must look at each event and then merge it with data from other sources to understand exactly whether an attack or threat is in progress, or whether the alert is a false positive.
Because they only report and act on endpoint data, an EDR solution will still leave security teams with blind spots. To gain context into real threats, analysts need a unified source of data collection that can merge network, endpoint, and user information into a single “case.”
The role of AI in improving cybersecurity
The advent of AI-powered unified cybersecurity platforms offers a solution to the challenges of staffing shortages, false positives, and maintaining optimal security levels. An AI-powered platform can unite multiple security disciplines under one unified product.
These tools use advanced analytics for accurate threat detection and automate the response and remediation process to ensure only legitimate threats are flagged. Staff at all skill levels are empowered to effectively understand, monitor, and manage security threats.
Additionally, these AI-driven capabilities address false positives by ensuring that the majority of alerts analysts see are actual incidents they need to address, with all the information they need for remediation and threat intelligence in one place. This helps protect analysts from the relentless cycle of responding to false positives.
What does this mean for the skills shortage?
Companies are having to address advanced threats with a limited workforce, which puts pressure on existing staff through inefficient processes and the cognitive burden of dealing with false positives, increasing the risk of burnout.
Furthermore, the pressure to quickly close the skills gap often leads to a hasty accumulation of poorly integrated security tools, which can paradoxically weaken an organization’s security posture. Simplifying security operations through strategic tool adoption and management is a critical step toward nurturing the cybersecurity workforce.
Furthermore, the integration of AI-powered cybersecurity platforms can enable organizations to address both the skills gap and operational challenges facing their cybersecurity teams. By automating the response to legitimate threats, these platforms can significantly reduce the workload of human analysts, allowing them to do more fulfilling and impactful work.
Such a transformation has the potential to make the cybersecurity profession more attractive to both existing and prospective talent. By increasing job satisfaction, AI-powered solutions can play a critical role in retaining skilled professionals and attracting new talent to the field, ultimately strengthening organizations’ cybersecurity infrastructure.
We’ve highlighted the best website for recruiting employees in your specific field.
This article was produced as part of TechRadarPro’s Expert Insights channel, where we showcase the best and brightest minds in the technology sector today. The views expressed here are those of the author and do not necessarily represent those of TechRadarPro or Future plc. If you’re interested in contributing, you can read more here: