In their 2016 State of Cybersecurity report ISACA and RSA found that 74% of companies surveyed expect to fall prey to a cyberattack in 2016. In 2015, 60% of the survey's respondents were victim to a phishing attack; 30% of those claiming the attacks occurred on a daily basis. 82% of companies report their Board of Directors are either concerned, or very concerned about cybersecurity.
Despite the rise in threat levels, the skills gap in cybersecurity remains a serious problem. The security profession is struggling to find well-trained, high-skilled workers to fill open positions. More than 60% of organizations have too few infosec professionals. Here in CT every major company has open jobs for cybersecurity professionals. Almost one-third of companies report that it takes 6 months to fill these jobs. Another 9% cannot fill open positions. This skill gap is causing companies to hire people with insufficient skills and invest in training. 60% of companies report that half (or less) of their cybersecurity job applicants are qualified upon hire.
The most significant skill gaps are the inability to understand the business and lack of communication skills. This skill gap affects all levels of cybersecurity professionals. In my previous blog I noted that many CISOs lack the ability to describe cybersecurity in business terms. On-the-job training and certification are the top methods of combating this skills gap.
For SMBs the problem is more acute. Smaller companies often lack the budget to properly address the cyber threat. The lack of robust security increases their risk. Difficulty hiring skilled professionals leaves them vulnerable. For these companies it may make sense to use a managed service provider (MSP) to improve their security. MSPs combine leading technology with skilled professionals to offer cybersecurity services. Companies offload the burden of selecting, installing and managing complex technology while having trained cybersecurity experts monitor and manage their environment and mitigate risks.
Southern CT has seen a surge in the availability of tech talent fueled from a variety of government, quasi-government and non-profit activity. Into this growing talent pool we welcome Blackstratus, which has moved their CYBERShark security-as-a-service operating unit to Stamford, CT. CYBERShark takes Blackstratus' proven security and compliance platform and delivers it at a fraction of the cost in the Cloud. The service provides 24x7 monitoring, real-time alerts, and remediation for malicious activity.
"We're truly excited to be part of CT's thriving tech community and really excited to part of CT's extended and integrated ecosystem for doing business here," Blackstratus CEO Dale Cline told several dozen employees and public officials. Read more about the Blackstratus announcement here and get more info about CYBERShark and Blackstatus here