There
are
too
few
cybersecurity
experts
to
fill
jobs,
but
a
new
study
sees
the
crunch
increasing
through
2025
as
cybersecurity
experts
head
for
the
hills.
It
is
well
known
that
the
cybersecurity
field
faces
vacancies
and
a
skills
gap.
Unfortunately,
relief
may
not
come
soon,
if
research
firm
Gartner’s
predictions
hold
true
that
fully
a
quarter
of
security
leaders
will
depart
the
cybersecurity
field
entirely
by
2025
due
to
work
pressures.
In
a
new
report,
the
firm
predicts
that
nearly
half
of
cybersecurity
leaders
will
change
jobs,
and
that
by
2025,
lack
of
talent
or
human
failure
will
be
responsible
for
over
half
of
significant
cyber
incidents.
Jump
to:
Don’t
ask
cyber
staffers
‘Why
so
serious?’
Deepti
Gopal,
director
analyst
at
Gartner,
said
cybersecurity
leaders
are
burning
the
candle
at
both
ends
to
balance
technology
needs,
business
needs
and
environmental
needs
in
order
to
maintain
or
improve
their
organization’s
security.
“While
they
are
in
the
rush
to
achieve
this
they
are
really
spread
thin,”
Gopal
said.
“If
you
look
closely
at
today’s
world,
the
hybrid
work
environment
is
everything;
that
also
impacts
the
cybersecurity
leaders,
adding
complexity
to
their
work
and
the
way
they
strategize.”
She
added
that
“work
life
harmonization”
adopted
by
IT
amounts
to
dissolving
the
membrane
between
work
and
non-work,
particularly
as
work
and
home
are
in
the
same
location.
“If
you
listen
to
cybersecurity
leaders,
you’ll
hear
things
like
‘I
start
my
day
with
work,
emails,
alerts,
and
coffee,’
and
‘I
work
with
a
group
of
All
Stars
who
are
always
available,’”
Gopal
said.
“They
don’t
complain
about
the
workload.
These
are
all
elements
that
indicate
the
presence
of
high
stress,
high
demand.
“But,
there
is
a
loss
of
control
or
inability
to
have
a
sense
of
control
on
their
work-related
stress
—
the
inability
to
protect
their
time
for
the
things
that
matter
the
most.
I
like
to
ask
leaders
to
jot
down
the
things
that
they
absolutely
do
in
the
coming
week
and
then
look
at
their
calendars,
most
often
they
tell
me
that
they
haven’t
carved
out
any
time
for
the
tasks
on
their
list!”
Cybersecurity
teams
undervalued
at
companies
that
move
fast
and
break
things
Gartner
research
shows
that
compliance-centric
cybersecurity
programs,
low
executive
support
and
subpar
industry-level
security
are
all
indicators
of
an
organization
that
does
not
view
security
risk
management
as
key
to
business
success.
Gopal
said
such
organizations
are
likely
to
see
cybersecurity
talent
leave
for
companies
where
they
are
more
appreciated
—
where
their
impact
is
felt
and
valued.
“When
the
organization
is
charged
to
move
fast,
there
will
be
situations
where
security
is
not
top
of
mind;
that
needs
to
change,”
Gopal
said.
“We
need
to
see
cybersecurity
as
intrinsic
to
digital
design.”
SEE:
10
cybersecurity
predictions
for
tech
leaders
in
2023
(TechRepublic)
Insider
risk
rises
with
discontent,
‘talent
churn’
Paul
Furtado,
vice
president
analyst
at
Gartner,
said
talent
churn
of
cybersecurity
or
other
talent,
IT
or
otherwise,
could
constitute
its
own
security
bugbear,
as
it
raises
the
specter
of
insider
wrongdoing.
“The
cybersecurity
workforce
is
a
microcosm
of
society
and
made
up
of
individuals
who
respond
differently
to
different
stress
triggers,”
Furtado
said.
“For
some,
they
will
leave
their
employment
gracefully
without
any
disruptions.
“Others
may
feel
that
the
artifacts
they’ve
created
or
contributed
to
are
their
personal
intellectual
property,
and
therefore,
they
take
a
copy.
Some
may
feel
that
they
want
to
exfiltrate
some
data
that
may
assist
them
in
their
next
role
with
a
different
employer.”
And
then
there’s
the
possibility
—
more
remote
perhaps
—
that
individuals,
regardless
of
where
they
are
in
the
organization,
may
go
beyond
theft
to
commit
acts
of
sabotage
or
disruption
of
systems
or
data.
“The
reality
is
that
security
leaders
must
be
prepared
for
each
of
these
occurrences;
there
are
numerous
examples
where
these
behaviors
have
occurred,”
Furtado
said.
“The
scary
part:
In
some
cases,
insiders
won’t
wait
for
a
layoff
or
resignation
to
start
some
of
these
behaviors.
“Preparing
to
manage
insider
risk
is
critical
in
preventing
it
from
becoming
an
actual
insider
threat
event.”
Gartner
predicts
that
by
2025
half
of
medium
to
large
enterprises
will
adopt
programs
to
deal
with
insider
risk
—
up
from
10%
today.
Taxonomy
of
insider
threats
and
how
to
deal
with
them
Furtado
said
insider
threat
activities
typically
revolve
around:
- Phishing.
- Misrepresentation.
-
Financial
theft
and
other
forms
of
embezzlement
such
as
expenses
fraud. -
Exfiltrating
or
viewing
unauthorized
data. -
System
sabotage
involving
malware,
ransomware,
account
lockouts
and
data
deletion.
3
types
of
threat
actors
He
identifies
three
kinds
of
actors:
-
Careless
users:
Accidentally
exposes
sensitive
and/or
proprietary
data,
including
errors
and
improper
configurations. -
Malicious
users:
Intentional
sabotage
or
data
theft
for
either
personal
reasons
or
financial
gain. -
Compromised
credentials:
Credentials
exploited
by
someone
outside
the
organization
for
the
purpose
of
data
theft
and/or
sabotage.
Insider
threat
attack
sequence
According
to
Furtado,
taxonomies
of
insider
attacks
show
that
many
determined
and
planned
exploits
followed
this
sequence:
-
The
actor
makes
a
genuine
error
and
reverses
it. -
When
no
consequences
are
experienced,
the
actor
tests
to
see
if
the
error
can
be
repeated
at
will. -
The
critical
point
is
reached
when
a
combination
of
work
stressors,
personal
stressors
and
character
flaws
allows
the
actor
to
rationalize
harmful
behavior
as
deserved,
serving
a
higher
cause
and
so
on.
Countering
insider
threats
In
order
to
counter
this
risk,
Furtado
counsels
organizations
to:
-
Rule
of
three:
Implement
the
“rule
of
three”
to
mitigate
risk
while
effectively
using
limited
security
resources.
Furtado
said
this
involves
deterring
individuals
from
wanting
to
act
in
the
first
place,
detecting
the
activity,
and
disrupting
the
effort. -
Security
culture:
Establish
an
enterprise-wide
culture
of
security
by
developing
a
formal
insider
risk
program
aligned
with
key
areas
of
the
organization
(especially
HR
and
legal). -
Social
and
risk
governance:
Mitigate
the
insider
risk
by
implementing
behavioral
technology,
risk
measurement
and
sound
governance
practices
(Figure
A).
Figure
A
Humans:
the
cause
and
the
target
Gartner
predicts
that
by
2025,
lack
of
talent
or
human
failure
will
be
responsible
for
over
half
of
significant
cyber
incidents
due,
in
part,
to
spiking
social
engineering
exploits
and
lack
of
data
hygiene.
The
firm’s
data
also
suggests,
however,
that
employees’
perception
of
risk
may
not
reflect
clear
and
present
cybersecurity
dangers.
If
not,
top-down
guidance
may
be
of
little
value.
Last
spring,
when
Gartner
surveyed
some
1,300
employees,
69%
of
them
said
they
had
bypassed
their
organization’s
cybersecurity
guidance
in
the
prior
12
months,
and
74%
said
they
would
be
willing
to
bypass
cybersecurity
guidance
if
it
helped
them
or
their
team
achieve
a
business
objective.