Concerted efforts to increase job satisfaction, automation in the Security Operations Center (SOC) and gamification in the workplace are key to beating cyber criminals at their own game says a new report published by McAfee.
The landscape for cyber threats is growing, both in complexity and volume. According to the Winning the Game, 46% of respondents believe that in the next year they will either struggle to deal with the increase of cyber threats or that it will be impossible to defend against them. Further complicating the dynamics of the competition between security responder and cyber criminal is the cyber security skills crisis. Survey respondents believe they need to increase their IT staff by nearly a quarter (24%) in order to manage the threats their organisations are currently facing, while 84% admit it is difficult to attract talent and 31% say they do not actively do anything to attract new talent.
“With cyber security breaches being the norm for organisations, we have to create a workplace that empowers cyber security responders to do their best work,” said Grant Bourzikas, chief information security officer at McAfee. “Consider that nearly a quarter of respondents say that to do their job well, they need to increase their teams by a quarter, keeping our workforce engaged, educated and satisfied at work is critical to ensuring organisations do not increase complexity in the already high-stakes game against cyber crime.”
The growing threat landscape and recruitment and retention challenges facing the cyber security workforce demand automation as a key ingredient in the game against cyber attackers. By pairing human intelligence with automated tasks and putting human-machine teaming in practice, automated programmes handle basic security protocols while practitioners have their time freed up to proactively address unknown threats.
Gamification, the concept of applying elements of game-playing to non-game activities, is growing in importance as a tool to help drive a higher performing cyber security organisation. Within organisations that hold gamification exercises, hackathons, capture-the-flag, red team-blue team or bug bounty programs are the most common, and almost all (96%) of those that use gamification in the workplace report seeing benefits. In fact, respondents who report they are extremely satisfied with their jobs are most likely to work for an organisation that runs games or competitions multiple times per year.
To address the shortage of skilled cyber security workers, the report findings suggest that gamers, those engaged and immersed in online competitions, may be the logical next step to plugging the gap. Nearly all (92%) of respondents believe that gaming affords players experience and skills critical to cyber security threat hunting: logic, perseverance, an understanding of how to approach adversaries and a fresh outlook compared to traditional cyber security hires.