For the record, it should be acknowledged from the start that there is no question that the cybersecurity landscape has improved over time, mostly courtesy of persistent increases in cyber spending year after year. Gartner estimates that the U.S. and the rest of the world will invest $172 billion in cybersecurity this year, up from $150 billion last year, and continue to rise steadily thereafter.

These investments have produced, among other things, security analytics, which is a proactive approach to cybersecurity that uses data collection, aggregation, and analysis capabilities to better detect and mitigate cyber threats. There is also the growing effectiveness of artificial intelligence and machine learning, and now, zero trust architecture is gaining interest in many organizations. It’s harder than ever for attackers to bust into large organizations.

Nonetheless, the incidence and scope of cyber breaches continue to grow most years, and cyber experts agree that an enormous number of sizable organizations have already been compromised, and likely will be again at some point. Why? A common refrain is that malicious actors keep improving and evolving, and while corporations work hard to keep up, it takes only one slip-up to open the door to cybercriminals.

Yet, there is another major reason as well – and one that gets far less attention.

Many organizations still have significant security shortcomings. These include mediocre cyber training, sub-par incident response plans, and the tendency to buy so many security tools that they often wind up undercutting each other. In addition, constantly growing cyber job openings, now numbering 715,000 in the U.S. alone, clearly aren’t being addressed sufficiently, according to a report by market research firm, Lightcast.

Are there solutions to these shortcomings? Yes, but they will require some attention. Here are some observations that could close these gaps:

Cybersecurity job (Read more...)