Trustwave SpiderLabs Uncovers Critical Cybersecurity Vulnerabilities Exposing Manufacturers to Costly Attacks. Learn More

Trustwave SpiderLabs Uncovers Critical Cybersecurity Vulnerabilities Exposing Manufacturers to Costly Attacks. Learn More

Managed Detection & Response

Eradicate cyberthreats with world-class intel and expertise

Managed Security Services

Expand your team’s capabilities and strengthen your security posture

Consulting & Professional Services

Tap into our global team of tenured cybersecurity specialists

Penetration Testing

Subscription- or project-based testing, delivered by global experts

Database Security

Get ahead of database risk, protect data and exceed compliance requirements

Email Security & Management

Catch email threats others miss with layered security & maximum control

Co-Managed SOC (SIEM)

Eliminate alert fatigue, focus your SecOps team, stop threats fast, and reduce cyber risk

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
The Trustwave Approach
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Platform
SpiderLabs Fusion Center
Security Operations Centers
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

CISO's Corner: The Four Best Cybersecurity Investments You Can Make During the Cyber Talent Shortage

The need for strong cybersecurity has reached critical mass. Seventy-six percent of security leaders have reported an increase in cyber-attacks over the past year -- accelerated by the COVID-19 pandemic and a rapid shift from an in-office to a remote workforce and on-premises to cloud infrastructure.

There’s also been a rise in nation-state tensions and safe harbored advanced adversaries. The latest ransomware attacks by well-funded hacker groups against high-value companies and critical infrastructure have been drawing mainstream media attention seemingly every week. Specifically, the attacks against SolarWinds, JBS and Colonial Pipeline showed just how fragile our cybersecurity posture is in critical areas and how much we need more cyber resources.

Talent Is In Short Supply

It’s no secret. This surge in malicious cyber activity comes as the industry, and the U.S. in particular struggles to fill critical cyber roles. Some 359,000 American cybersecurity jobs remain unfilled, according to a 2020 survey by (ISC)2.

As governments, cyber leaders, and the education sector rally together to drive more interest in cyber roles through awareness campaigns, evangelism, recruiting, and job matching initiatives, organizations need guidance on maximizing the talent they do have and how to combat the rising tide of cyber threats.

Who Needs To Hear This

All organizations are feeling the pressure of the cyber talent shortage. But organizations in highly regulated, highly funded industries can spend millions on cybersecurity and can attract top talent much easier. Bank of America CEO Brian Moynihan says the company spends over $1 billion per year on cybersecurity.

Many SMBs, enterprises and even governments agencies aren’t in as fortunate of a position, and many are strapped for budget and have numerous open critical cyber roles. This guide is intended for those organizations and their leaders that understand that cybersecurity is paramount but need to maximize the investments they can make in talent, technologies and services.

What Is A Company To Do?

  1. Invest in the cyber expertise you do have. Automation isn’t going to save the world. It needs highly trained and capable people to operate it. A Ferrari can still crash racing on the simplest track if an inexperienced driver is behind the wheel trying to go fast. The same goes for top-tier cybersecurity tools. Cultivating a culture of performance and excellence is essential within your security team. Feedback and training need to be ongoing, not just once a year. Providing your cyber experts with the resources they need to do their job to the best of their ability should be a top priority. Do all you can to keep them engaged, hungry to defend your company, and build their knowledge base.
  2. Automate and outsource if needed. No company can be cyber successful without automation. Alert fatigue and false positives are real problems. AI and machine learning are powerful tools that deserve much consideration. That said, you must implement the right kind of automation. Automation needs to be selected based on the capabilities of the security team that you have access to and your environment complexity. If you are short-staffed or don’t have true cyber expertise in-house to handle complexities like cloud infrastructure migrations, solution deployments, or security operation center (SOC) integrations -- consider outsourcing your security to a trusted managed security services provider. Making sure you have the right expertise on your team, whether in-house or third-party, is going to make or break your cyber success. Having a trusted third-party partner in place can save you from making costly, unnecessary cyber investments or potentially reputation-damaging cyber incidents.
  3. Invest in your employees and executives and their own cyber awareness and training. A recent study revealed that nine in 10 (88%) data breach incidents at organizations are caused by human mistakes. Employee and executive cybersecurity training have never been more paramount now that we are in a permanent hybrid workforce world. Employees are naturally more distracted as they move back and forth between the office and their home for work, opening them up for social engineering and phishing attacks, which account for 94 percent of malware delivery and 80 percent of all security incidents. Cyber training needs to be especially ramped up if you are a critical infrastructure organization or part of a priority supply chain – as you may be a highly desired target for hackers.
  4. Invest in proactive vs. reactive security. The biggest mistake that we’ve seen recently is organizations staying stagnant in defensive cybersecurity strategies. This is a flawed and outdated approach to cybersecurity and can result in catastrophe. Your organization must be thinking proactive with programs like threat hunting, penetration testing, and managed network and endpoint monitoring to combat the new wave of advanced adversaries. If you’re not constantly looking and ‘hunting’, there’s no telling whether or when an adversary has compromised your systems.

Solving The Talent Shortage Together

The talent shortage is a massive challenge, but the cybersecurity industry resilient. With the revitalized interest in collaboration between the public and private sectors and recent Executive Orders on cybersecurity, we are well-positioned to work together and establish effective solutions to the cyber talent shortage. But while we are working together on solutions, organizations need to stay collaborative, vigilant and proactive to fight against this wave of new threats.

Latest Trustwave Blogs

Unlock the Power of Your SIEM with Co-Managed SOC

Security information and event management (SIEM) systems play a pivotal role in cybersecurity: they offer a unified solution for gathering and assessing alerts from a plethora of security tools,...

Read More

Trustwave SpiderLabs: LockBit 3.0 Ransomware Most Common Malware Used to Attack the Manufacturing Sector

As the manufacturing sector continues its digital transformation, Operational Technology (OT), Industrial Control Systems (ICS), and Supervisory Control and Data Acquisition (SCADA) are becoming...

Read More

Trustwave’s Observations on the Recent Cyberattack on Aliquippa Water Treatment Plant

The attack last week on the Municipal Water Authority in Aliquippa, Penn., that gave threat actors access to a portion of the facility’s pumping equipment has spurred the Cybersecurity &...

Read More