For the past several years, we have heard one prevailing narrative in the world of cybersecurity: there’s a significant skill gap. Therefore, we have a labor shortage.
Current data from CyberSeek indicates a staggering 663,434 cybersecurity job openings in the U.S., starkly contrasted by an existing workforce of just over 1.1 million professionals. This disparity suggests that businesses might be operating with only about two-thirds of the cybersecurity skills they need. This concern is further proved across various sectors, with a mere 14-25% of leaders in fields like banking, public sector, energy, and insurance expressing confidence in their cybersecurity talent. The most notable top-of-mind solutions come from global think tanks like the World Economic Forum. They are promoting solutions like greater collaboration(information sharing) between governments and private organizations, more women in cybersecurity, and increased training. However, a closer examination reveals a more nuanced, and age-old challenge.
A high rate of data breaches – 88%, to be precise – are not due to a lack of skills but rather stem from employee mistakes, phishing scams, and social engineering. The issue is compounded by several factors such as generational differences in admitting errors and susceptibility to phishing scams. Younger employees, for instance, are more likely to fall for phishing, while older employees often hesitate to report mistakes.
So, in some private organizations, it may be true to say there’s a shortage of cybersecurity professionals. But for the majority of cybersecurity threats, it’s human error exploited through phishing scams.
The solution lies not solely in filling the skill gap but in addressing (and reducing the root cause): human error. If private organizations can reduce the number of times hackers communicate with employees and clients, then they are effectively reducing the “skill gap,” and killing the argument for the invasion of privacy and increased government spending. Here, better cybersecurity emerges as a key solution to mitigate the risks associated with these human errors.
Understanding the Skill Gap
The narrative of a cybersecurity skill gap has gained significant traction in recent years, informing most people to imagine an industry struggling to keep pace with the increasing demands of digital security. This perceived gap is often highlighted as a major vulnerability in the cybersecurity defenses for public and private organizations. The ‘Achilles Heel’ of the problem seems to be job openings (which many international organizations argue DEI ought to provide), something that is assumed organizations cannot solve for themselves.
The World Economic Forum writes: “Given the global nature of the challenge, no single actor alone can find the solution. It requires collaboration across the public and private sectors. We must prioritise thoughtful investment in the creation and expansion of cybersecurity talent. This endeavour gives us an opportunity to create skilled, socially valuable and long-term careers for people from all walks of life and in all regions of the world.”
Supporting this narrative, statistics and reports from the International Information System Security Certification Consortium (ISC2) indicate a substantial shortage of cybersecurity professionals. The international think tank produced a ‘Cybersecurity Workforce Study’ in 2022, about one and a half years after Klaus Schwab, leader of the World Economic Forum went on stage to predict the world’s next crisis.
Three years after Schawb’s alarming declaration, the Cybersecurity workforce gap has increased from 2.1 Million to around 3.4 million cybersecurity professionals worldwide. ISC2’s 2021 Cybersecurity Workforce Study of the previous year showed demand slowly being met with supply. According to their study, demand was decreasing:
“For the second year in a row, we observed a narrowing of the global Cybersecurity Workforce Gap, from 3.1 million in 2020 to 2.7 million in 2021.”
Another portion of ISC2’s report asked Cybersecurity leaders where they would invest if there were no workforce gap:
“Imagine There’s No Gap: Where Would You Invest?
How would cybersecurity professionals improve their security posture if their organization’s personnel needs were fully met? Four of the top five responses involve even greater investments in people: training and certifications (50%), professional development (46%), and automation solutions to make their tasks easier (48%). Additionally, 49% of respondents would invest in security awareness training for everyone in the organization.
Asked if a fully staffed cybersecurity team would enable them to divest of technology and security services, only one area (spending on third-party service providers like an MSSP) was cited by more than 10% of participants. This suggests that, even as their teams grow, cybersecurity professionals anticipate the need for continued technology and services investment to ensure they have the tools and support necessary to do their jobs and effectively strengthen their security posture.”
The report shows three consistent areas of investment:
- Professional Development
- Cybersecurity Awareness
- Tools and Services from Managed Service Providers (MSPs)
Professional development seems to be something every IT professional needs to do, no matter which direction their industry turns.
Which leaves the next two:
- employee / client awareness, and 3. tools or managed services.
Let’s look again at the amount employee and client awareness contributes to losses of finance and reputation.
Human Error in Cybersecurity Breaches
The role of human error in cybersecurity breaches is significant and often underestimated. While the cybersecurity skill gap narrative focuses on the lack of trained professionals, it’s crucial to recognize that human error is a leading cause of security breaches. Studies, including the “Psychology of Human Error,” have highlighted that a staggering 88% of data breaches are attributed to employee mistakes. The percentage is so high that one wonders if more staff really solves the problem. It begs the question, would more employees increase human error?
The most common types of human errors are committed by the security team and/or clients themselves. These breaches include misconfiguration of security settings, use of weak passwords, mishandling of sensitive information, and falling prey to social engineering attacks, particularly phishing scams.
Phishing scams, in particular, represent a significant threat as they directly target individuals within an organization, exploiting human vulnerabilities rather than technical loopholes. They are designed to exploit human psychology, leveraging tactics such as urgency, fear, and the illusion of authority to trick individuals into divulging sensitive information, clicking on malicious links, or unknowingly downloading malware.
If organizations could reduce the opportunity for human error by reducing communication with cyber criminals then employees and clients would significantly reduce their costs, secure their financials and reputation.
Organizations would also significantly reduce the need for expanding their workforce. Let’s look at how DomainSure reduces human error and the need for an expanding workforce.
How DomainSure Reduces Human Error and the Need for an Expanding Workforce
In a perfect world, we could stop all human error, but the world’s not perfect. We can, however, offer the next best thing:
An all-in-one platform to manage communication at the infrastructure level, creating an IT Perimeter against organizational threats.
The DomainSure Platform Offers:
- Domain Management
- Monitoring
- Phishing Protection and Domain Takedowns
The role of DNS cannot be overstated, particularly in addressing the prevalent issue of human error. DomainSure leverages extensive experience in DNS, naming, and domain policy.
The Domainsure platform covers domain registration, brand protection, and commercial DNS tools. That covers end-to-end management, monitoring and protection of your domain names, DNS infrastructure to establish an I.T. perimeter.
This platform highlights the critical role of DNS in modern cybersecurity strategies, focusing on the often-overlooked blind spots in DNS and domain names that can pose significant threats to an organization’s infrastructure.
How DomainSure Works to Prevent Phishing Attacks
DomainSure’s approach to DNS security is particularly effective in preventing phishing attacks.
The platform is designed to monitor for typographical errors and phishing attempts that target users. By tracking over 100 potential failure vectors for each domain, DomainSure defends against a variety of cyber threats, including sophisticated phishing schemes, reducing the opportunity for human error.
The platform’s threat detection capabilities are multifaceted. It includes monitoring DNS environments for anomalies, scouring the wider and dark web for signs of impending or ongoing attacks, and operating a global array of DNS sensors. These sensors are crucial for detecting the early stages of cyberattacks, thereby providing an advanced warning system against potential breaches.
There are several other areas where human error can have significant repercussions. DNS security serves as a critical line of defense. Features such as ‘Never Expire Protection’ and ‘Never Monetize Guarantee’ ensure that domains remain secure, operational, and free from exploitation, reducing the risk of lapses due to human oversight.
The platform is also equipped to defend against reverse hijacking, adding an extra layer of security against human errors that could lead to domain or DNS compromises.
In essence, DomainSure’s platform protects against many of the challenges posed by human error in cybersecurity. By focusing on this critical yet often-overlooked aspect, organizations can significantly enhance their overall security posture. This approach not only reduces their vulnerability to cyberattacks that exploit human mistakes but also ensures a more resilient and secure operational environment without the need to hire more staff.
Conclusion: With the Right Tools, the “Skill Gap” is More Myth than Reality
In summing up, the narrative of a cybersecurity “skill gap” may be more myth than reality, especially when considering the predominant role of human error in cybersecurity breaches. While the statistics from CyberSeek and the World Economic Forum highlight a perceived shortage of cybersecurity professionals, the “Psychology of Human Error” study reveals a different angle – that a majority of data breaches are due to human mistakes, not a lack of skilled personnel. This insight shifts the focus from merely increasing the cybersecurity workforce to addressing the root cause of most breaches: human error.
DomainSure’s comprehensive platform offers a practical solution in this regard. By managing communication at the infrastructure level and creating a robust IT perimeter, DomainSure effectively reduces the opportunities for human error. Its multifaceted approach, including domain management, monitoring, phishing protection, and DNS security, addresses the critical blind spots in cybersecurity.
By prioritizing solutions like DomainSure that focus on reducing human error and strengthening existing cybersecurity measures, organizations can effectively counter the real challenges in cybersecurity. This approach not only ensures a more resilient and secure operational environment but also challenges the prevailing notion that the primary solution to cybersecurity threats is to continually expand the workforce.
References
https://cisomag.com/psychology-of-human-error-could-help-businesses-prevent-security-breaches/
https://www.itworldcanada.com/sponsored/think-outside-the-box-to-end-the-cybersecurity-skills-gap
Apply for a Domainsure Invite
Get a Free Domain Health Check
Due to high demand: allow up to 24 hours for report delivery.
