Many UK business and technology executives aren’t hopeful about their digital security going into 2022. In a survey of 3,600 business and technology executives, of which 257 were from the UK, PwC learned that a majority (61%) of respondents expected to see an increase in reportable ransomware attacks next year. An even greater proportion (64%) of UK respondents said that they were planning to witness a rise in attacks targeting their cloud services over that same period, as reported by Consultancy.uk. Approximately the same proportion of survey participants revealed that they also anticipated growth in the number of software supply chain breaches.
The Cybersecurity Skills Gap as a Persistent Problem
It doesn’t help that organizations are struggling with the skills gap. As we know worldwide, IT security professionals are in high demand. There aren’t enough of them to go around to every single situation or every single organization. There’s also a very heavy turnaround within government where they can’t retain people. They’ve been poached by the commercial side.
In the UK specifically, the cybersecurity skills shortage increased by more than a third between November 2020 and 12 months later. This growth motivated 43% of UK digital leaders to admit that they had a shortage in cybersecurity, wrote Infosecurity Magazine. Approximately the same proportion (40%) of respondents revealed that they couldn’t retain their cybersecurity staff for as long as they wanted before another organization lured them away with the offer of new money.
What do those findings look like in practice? To answer that question, we turn to a 2021 report issued by The UK Government’s Department for Digital, Culture, Media, & Sport. Overall, the report revealed that 340,000 UK businesses in the private sector suffered from a skills gap in penetration testing. This was followed by 313,000 businesses that didn’t possess sufficient expertise in forensic analysis and security architecture at both 23%. Slightly fewer organizations reported a skills gap in threat intelligence, interpreting malicious code, and activity monitoring at 18%, 14%, and 11%, respectively.
On the Need for a Different Kind of Managed Service…
UK organizations are stretched beyond their capacity at the moment. We know that whoever’s hired by a government entity gets headhunted out after four to five years. The salaries aren’t that great. So, those entities are not attracting new staff in the first place.
There’s hope for those organizations. Indeed, the method that they need to move to in order to be secure and safe is working with a managed service provider (MSP). There’s just one problem: MSPs can cost organizations tens of millions of pounds. Few organizations can shoulder that cost. Which raises the question: what are UK organizations to do, in that case?
Enter Tripwire ExpertOps. This offering provides vulnerability management, log management, and security configuration management to help security teams with their current workloads. Its purpose is to minimize the amount of stuff that customers’ security teams need to do. If those teams subsequently have two or three tasks to do instead of the 300 they originally had to do, then that is worth their while. This all happens by Tripwire ExpertOps giving customers an employee to look after their cybersecurity and whom they don’t have to pay individually. They don’t have to train them. They don’t have to worry about them having time off to get their security sorted. It will reduce the amount of time and resources that they need to commit internally to go and deal with cybersecurity.
Indeed, we tell customers, “You need to go and bring down this particular package for your Windows service, this one’s for your Linux, and then take these steps to go and apply them.” That takes less than a day to do, which is far less compared to a person having to go sift through which IP or which particular device is more critical than the other, which vulnerability has to be addressed for address first, and so on. The time that they save is worth the expenditure.
Tripwire ExpertOps is not a full 100% managed service. It’s a managed service of the tasks that customers must go through to find out where they’ve got the gaps. Even so, many MSPs rely on Tripwire ExpertOps and other solutions to serve their customers.
Customers that are interested in working with Tripwire ExpertOps need to answer some questions for themselves first. These are as follows:
- How much of the work that you need to do is getting done on time?
- How much resource costs are you having to throw into it, not just to do your day- to-day security requirements but also to make sure that you’re being compliant with everything that you have to be compliant with?
They can then use those questions to obtain a budget for their cybersecurity efforts going forward. Towards that end, they can use these tips to build an effective budget. They can also look to initiatives such as the UK Government Cyber Security Strategy to receive funding for programs that build up their cyber resilience.
Once they have that understanding and budget, they can request an evaluation with the Tripwire ExpertOps team here: https://www.tripwire.com/contact/evaluation.