The Great Resignation is straining an already small and competitive cybersecurity talent pool—and criminals are not likely to wait for organizations to recruit more talent to attack. With the threat landscape expanding rapidly, enterprises must prepare employees for attempts to infiltrate corporate networks while actively recruiting skilled cybersecurity professionals to lead the fight against ransomware. 

Amid a challenging hiring environment, however, organizations should take a proactive approach to risk management through solutions that can be automated. As many as 72% of organizations were affected by ransomware last year—a number that might be greatly reduced by solving one of the riskiest entry points: Compromised credentials. Implementing basic cybersecurity measures like strong password hygiene and multi-factor authentication can set the basis for a more robust cybersecurity foundation and buy organizations time to recruit, train and retain cybersecurity talent.

Calling all Skilled Security Personnel 

The urgent need for more cybersecurity professionals is one of today’s most significant cybersecurity risks, and one that’s frequently underestimated. A lack of skilled security personnel and lack of security awareness among employees are often cited as top obstacles to effective ransomware defenses. The estimated cybersecurity talent gap in 2020 was 3.1 million globally, impacting approximately 67% of organizations. This labor shortage is partially due to many cybersecurity professionals becoming burned out and overwhelmed, leading them to search for a job elsewhere. 

With the Great Resignation further straining the cybersecurity talent pool, bad actors are taking full advantage of the lack of human capital. As a result, the existing cybersecurity workforce is facing an unprecedented threat while remaining perpetually understaffed.

Moreover, most organizations fall short on even the simplest practices for closing common criminal entry points, including compromised credentials. Last year, 41% of organizations reported lacking password complexity requirements and only 55.6% had implemented MFA. To effectively confront the scale of the threat, cybersecurity professionals need more capacity, and implementing basic preventative steps offers a critical avenue to help ease the pressure.

The Risk of Underprepared Cybersecurity Defenses

In 2020, ransomware attacks were up a staggering 62% worldwide. 2021 shattered that record; the first six months alone brought 304.7 million attempted ransomware attacks, surpassing the 2020 total of 304.6 million. These attacks are not just standard email scams either. As cyberattacks increase so, too, does their complexity. Increasingly, targeted and sophisticated phishing and social engineering tactics are becoming more common by the day. If organizations allow themselves to be caught unprepared, a single attack could lead to significant financial loss and big impacts on brand reputation.

Organizations reported the average cost of ransomware recovery in 2021 was $1.85 million, more than double the 2020 price of $760,000. Moving into 2022, organizations must rethink how they defend against these cyberattacks to maximize the value of their existing human capital. For example, tracking employees’ account security poses a substantial burden for security and IT teams, especially at complex organizations that have grown through acquisition. Implementing more stringent password policies distributes the responsibility while automated account takeover prevention reduces the security team’s workload.

Recruiting and Retention

In the long term, organizations can reduce the strain by actively recruiting and empowering skilled cybersecurity professionals, creating talent pipelines with higher education institutions and internship programs and tracking evolving workforce culture and trends closely, to develop comprehensive recruiting programs. 

However, recruiting talent takes time and employees must be better prepared for attempts to infiltrate corporate networks as soon as possible; hence the need for more automation.

Automation and Prevention

Using tools geared toward automating cybersecurity processes is a simple way to reduce workforce strain while taking a proactive approach to managing risk. An effective and proactive approach begins with prevention. But manually scouring the dark web for corporate data exposures and remediating potentially compromised employee accounts is a drain on both time and resources. Organizations must begin to implement tools that can automatically check credentials against recaptured breach data and reset passwords that have been exposed to criminals.

However, automated solutions alone are not enough. Organizations must also increase their employees’ general cybersecurity awareness by educating them on best practices. One cybersecurity best practice that companies can easily improve is creating strong passwords. While good password hygiene may seem basic, the consequences of an easy-to-guess password can be devastating.

Back to Cybersecurity Basics

There are no silver bullets that will stop all cyberattacks, but there are solutions that can help prevent companies from suffering a similar fate. 

First, they must play a central role in closing the cybersecurity talent gap by actively recruiting and empowering skilled cybersecurity professionals to lead the fight against ransomware. Further, they must ensure that employees are prepared for attempts to infiltrate corporate networks. To contend with a challenging hiring environment, they must leverage existing human capital and ease the workload of cybersecurity teams. Shifting responsibility for password hygiene to employees and business leaders alike while automating cybersecurity processes where possible can help.

Ultimately, prevention is still the most effective defense against ransomware and other cyberattacks, and it’s something all employees can help with—not just cybersecurity professionals. To contend with the thinning ranks of cybersecurity professionals, focusing on basic, proven protections is the first and most important step companies can take.