User Review( vote)
IoT Security Strategies-The expanding attack surface of the Internet of Things opens up dangerous new vistas for adversaries ranging from script kiddies to elite nation-state actors. Complicating matters is a shortage of qualified cybersecurity talent and a confusing bubble of hype around several technologies intended to help organizations safeguard their networks.
To help you get a handle on the challenge IoT security can pose, we spoke with Sean Peasley, a Deloitte Risk and Financial Advisory partner and IoT security veteran, as well as Andrew Howard, the chief executive officer of Kudelski Security. They weigh in on everything from the cybersecurity skills gap, the challenge of minimizing supply chain risk and the hype surrounding everything from AI to 5G.
1. Have Realistic Expectations Regarding Cyber Talent
It’s common knowledge there is a shortage of experienced cybersecurity professionals. But assessments that there is or soon will be a shortfall of millions of cyber workers in a handful of years can engender a degree of hopelessness in organizations seeking to defend their networks, IoT devices and IT systems.
“This topic [around the cybersecurity skills gap] seems to always be the number one thing people want to talk about with cybersecurity,” Howard said. But discussions on the subject can at times veer off course. While the cyber talent scarcity is real, “frankly, there is a shortage in all markets,” Howard said. The unemployment rate in nations ranging from the U.S. to Germany to Japan to the United Kingdom is less than 4%. Rather than seek to find a cyber MacGuyver, organizations seeking cyber talent should ask which types of professionals can they likely attract in the short term to help them quantifiably reduce their cyber risk.
In the cybersecurity market, a large degree of the need is for analysts, Howard said. “I think at the top end of the cybersecurity org chart, there’s not a shortage of [experienced] employees,” Howard explained. “You might make an argument that there’s a shortage of qualified employees, but what I see is when companies are not having a hard time finding CISOs or lieutenants. They’re having a hard time finding CISOs or lieutenants they can afford — just because there’s so much demand.”
2. Make Sure the Candidates You Do Hire Are Well-Qualified and Compensated
It can be wise to embrace nontraditional strategies when buttressing your cyber workforce, but one pitfall is to skimp on qualifications when hiring workers for senior roles. “What I see that is concerning is that, on a consistent basis, I speak with potential clients, who have woefully underskilled cybersecurity leaders in their space,” Howard said.
Yes, the cybersecurity shortage is a contributing factor to this problem. But another element is the lack of understanding by boards and leaders such as chief executive officers and chief information officers in what skills are vital for cyber leaders. “There’s often an under-appreciation for what you have to pay for the type of expertise that is in demand,” Howard said.