Hi

Ch

gh THI e S
NE r 2
ap

Al S M kill
te
W :T

er
t S ONT Cr
er
h

ie
s
High Alert:

H isis
s
Tackling Cyber Security Overload in 2019
Understand the impact of patchwork defences
and start your journey to reduced complexity
Inside this edition of High Alert
Exclusive new research conducted on behalf of Symantec highlights the challenge that CISOs and
security leaders face in trying to find, attract and retain cyber security professionals. Existing talent
struggles to keep pace with the rapidly-evolving technology landscape, the supply of talent is far Contents
outstripped by demand – and salaries are rocketing. Without a radical rethink, organisations

1
are simply not going to be able to scale their cybersecurity teams.
Perfect Storm:
It’s time for change. Cyber Security Now

What is the High Alert series?

2


 he Skills Crisis:
T
Tackling the Critical Gap

Based on the opinions of over 3,000 security

decision makers in the UK, France and Germany,
with analysis from CISOs and Dr. Chris Brauer,
Building over the coming months, the High Alert
series will address four topics: 3
 fter the Breach:
A
How to Turn Disaster
into Success
Director of Innovation at of Goldsmiths, University • High Alert Chapter 1: Perfect Storm
Coming July 2019
of London, the High Alert series lays bare the real
• High Alert Chapter 2: The Skills Crisis

4
state of cyber security in 2019 – and what you can
do to regain the initiative.1 • High Alert Chapter 3: After the Breach The Security Environment

of the Future: Why Digital
Across four chapters, we’ll explore a different cyber • High Alert Chapter 4: The Security Environment Transformation is
security topic. Combining insights, analysis and of the Future
recommendations, you’ll learn how your organisation a Huge Opportunity
can master cyber security for the cloud generation: Alongside new intelligence and analysis, you’ll learn
protecting your reputation, sustaining customer how cyber security industry leader Symantec offers Summary and Next Steps
trust, guarding against financial penalties, and an alternative approach to help you cut through
balancing budgets and resources. today’s cyber security chaos.

1 Research conducted by Symantec in collaboration with Goldsmiths, University of London and research consultancy Thread. Surveys were distributed in Winter
2018/19 to 3,045 individuals across France, Germany and the UK. Quantitative study figures for Germany and France are from Censuswide; UK figures from
YouGov. See back page for more information
1 Perfect Storm:
Cyber Security Now
Cyber attacks are more sophisticated and capable than ever before. For most of the population major
breaches and exploits are the stuff of news headlines. But for cyber security professionals, today’s
aggressive threat landscape is a daily reality. Their mission? Addressing seemingly endless attacks from
an increasingly professional, well-funded, highly motivated and experienced array of adversaries.
As cyber security professionals work to face down this
evolving threat landscape, they do so short of qualified
personnel and in the face of wide gaps in strategic and
operational information sharing. For cyber security
decision makers, these challenges are felt at a deeply
individual and personal level.
1 2 3 4 SUMMARY
Cyber security:
the psychological impact
A career in cyber security requires focus, extreme attention
to detail, creative problem solving and rational decision-
making in high-pressure scenarios. But with increasing
regulation, better-equipped attackers, growing complexity
of the digital estate and thousands of alerts going off
at the same time, security leaders are overloaded.
This overload can have a serious impact on their ability
to make sound decisions.
Sensory overload, fatigue and stress impair memory2,
disrupt rational thinking and negatively impact every
cognitive function we have3. Studies show that when
you’re stressed, signals in the brain associated with factual
memories weaken, while areas in the brain associated with
emotions strengthen4. Whilst the human brain is adept at
many things, dealing with vast quantities of information
and alerts can hamper our cognitive function5. The more
information and alerts we receive, the more numb we
become to them.
Even just the anticipation of stress
can impact cognitive function
throughout the day. A study from Penn
State showed those who woke up feeling
as though the day ahead would be
stressful experienced problems with
working memory; a function which helps
people learn and retain information even
when they’re distracted. Researchers say
the anticipation of stress impacts
cognition, even if a stressful event
does not occur.
Penn State ‘Experiencing a Stressful Day
May Lower Cognitive Abilities Throughout
the Day.’ Neuroscience News, 3 July 2018.
2. “ Stressed Memories: How Acute Stress Affects Memory Formation
in Humans”. Journal of Neuroscience. & Peavy, 12 August 2009.
“Effects of Chronic Stress on Memory Decline in Cognitively Normal
and Mildly Impaired Older Adults”. American Journal of Psychiatry.
15 September 2009
3. E
 veryday Stress Can Shut Down the Brain’s Chief Command Centre,
Scientific American, April 2012
4. O
 ur Brain on Stress: Forgetful & Emotional, psych central, 8 July 2018
5. The Overflowing Brain: Information Overload and the Limits of Working
Memory, By Torkel Klingberg, Oxford University Press, 2009
 A Perfect Storm: Cyber Security Now

Symantec wanted to better understand the impact of these

pressures on the cyber security industry. How do security
Navigating the perfect storm Figure 1: Cyber security professionals feel overwhelmed

leaders view their industry and their workloads? How do Security leaders are overwhelmed. Two thirds of cyber- European average
they see the threat landscape changing? And how well security decision makers (65%) feel they are being put in 85%

equipped do they feel to deal with bad actors infiltrating a position where they are set up for failure. Additionally,
81% 82% report feeling 'burnt out'
81%
their networks? 82% report feeling ‘burnt out’, 63% think about leaving the 75%
industry, and 64% think about quitting their job (figure 1). 67% 65% feel set up for failure
In collaboration with Dr. Chris Brauer and Goldsmiths, 54%

University of London, Symantec surveyed over 3,000 But the overwhelming workload and pressure of the role 68%
security decision makers across three countries – France, doesn’t seem to deter them from the mission. Most security
64% 64% think about quitting their job
60%
Germany and the UK. The aim was to gain real insights leaders appear to be adrenaline junkies; fully immersed
66%
from those at the coalface. in their work, and its potential to make a difference, even 72%
63% have considered leaving the
cybersecurity industry
51%
when it’s stressful (92%). Security leaders tend to be
The picture painted will be both poignant and familiar France Germany UK
motivated by high-pressure situations and find their 0% 20% 40% 60% 80% 100%
to readers within these roles, but it also raises an
work environment thrilling, even though it’s challenging
important fact: the industry cannot afford to continue
(figure 2).
like this.

Figure 2: Cyber security is a vocation

European average
93%
92% are thrilled by their work
92%
environment
Stress dramatically impacts our ability to make good decisions. It impairs your memory, disrupts 89%

rational thinking and negatively impacts every cognitive function you have. In an industry like 91%
92%
92% are fully immersed in their work,
even when it’s stressful
cyber-security, which requires focus, creative thinking, attention to detail and rational decisions 92%

in high pressure scenarios – stress can be crippling. Highly stressed workers are far more likely 91%
90%
90% feel motivated by high pressure
situations
to be disengaged and ultimately quit. In an industry already suffering a skills shortage, this kind 89%

of stress can present a significant risk. 53%

57%
54% say their work lets them make a
positive difference to the world
50%

0% 20% 40% 60% 80% 100% France Germany UK

Dr Chris Brauer, Director of Innovation, Goldsmiths, University of London.

1 2 3 4 SUMMARY
 A Perfect Storm: Cyber Security Now

Cause and effect

But what is causing the sense of overwhelm that so many Four in every five (82%) of security leaders agreed that In mature organisations, cyber defences have often grown
professionals in the industry are feeling? According to the having to secure too much data in too many places is piecemeal over time. Simply maintaining legacy defence
research, there are numerous causes, but four stand out. making the job more stressful, costly and complex. technology is a significant burden.

1. Increasing regulation
The leading source of strain for cyber security leaders is
government regulation. Four in five (86%) reported that
mounting regulation, such as GDPR and the NIS Directive,
was increasing pressure in their role. Two in five reported
concerns that they would be held personally liable for
a data breach.
Figure 3: Cyber security’s technology challenges 4. The ever-present skills gap
Four in every five (80%) reported that insufficient skills
European average
in their workforce is causing increased pressure. In many
88% 82% Increasing amount of threats cases, the existing base of experienced cyber security
90% resulting in too many security alerts to
69% deal with professionals has been ‘outdated’ by the rise of cloud
and mobile. Almost half (48%) of respondents believe
86% 82% Having to secure too much data attackers now have the skills advantage over the defenders
flowing into / out of too many places
91%
(size of estate to defend is too vast)
(figures 3 & 4).
70%

2. Attackers gaining ground These challenges are not only adding to the stress felt
85%
79% Having to manage too many cyber by security professionals (figure 5), they are also making
The second biggest issue is the rise of the adversary and 89%
defense products / vendors
62% it more difficult for them to keep their business safe.
an increasing volume of threats and alerts. The level of
sophistication, motivation and organisation in cyber-crime 0% 20% 40% 60% 80% 100% France Germany UK

today is more comparable to mature enterprises than to the

stereotype of the hooded lone hacker. Attack groups are
Figure 4: External and cultural challenges Figure 5: Cyber security professionals feel vulnerable
agile and persistent, continually probing for weaknesses
and moving swiftly to exploit those they discover. Some
82% said that having ‘too many threat alerts to deal with’ European average European average
was increasing the pressure in their role. Just over half 87%
86% Increasing amounts of 64%
(55%) feared dismissal if a breach happened on their watch. 89%
government regulation 55% are afraid they would be fired
81% 65%
if a breach happened on their watch
37%

3. Growing enterprise complexity 87%

89%
80% Slow adoption of new
technologies in the business causing
66%
new attack vectors to open up
The size and complexity of the estate defended is 47%

also increasing pressure. Whether through digital 85% 42%

40% are concerned they will be
80% Insufficient cybersecurity skills held personally liable for a breach
transformation, merger and acquisition, an increasingly 86%
in my business' workforce 33%
connected and distributed workforce, or simply 70%

a question of scale – the attack surface is expanding. 0% 20% 40% 60% 80% 100% France Germany UK 0% 20% 40% 60% 80% France Germany UK

1 2 3 4 SUMMARY
 A Perfect Storm: Cyber Security Now

Security infrastructure sprawl

There’s a certain degree of irony that efforts to protect the
enterprise are also increasing stress. 79% reported that
managing ‘too many cyber defence products or vendors’
was increasing the pressure within their role.
Multiple security products and services generally means
a large number of alerts – all coming from different
places. And there’s only a finite pool of people within an
organisation that can review and resolve these. Two thirds
In the face of such huge workloads, the majority of those Figure 8: Attitudes towards cyber security risks
questioned (67%) said their cyber security teams left work
at the end of the day with threat alerts left unreviewed. European average
The volume appears to be impacting the security of
enterprises. Already 41% of security leaders believe a 41%
41% say a breach is inevitable, it’s
just a matter of time
breach is inevitable. A third (32%) say their organisation
is currently vulnerable to avoidable cyber security
incidents. A quarter (26%) admitted they have already 32% say they are currently vulnerable
32%
suffered one of these. to ‘avoidable’ threats and incidents

(68%) of cyber security decision makers said they’d felt

‘paralysed’ by the overwhelming volume of threat alerts. This sense of being overwhelmed is having an impact
26% say they have already suffered
A third (33%) reported that threat alerts, designed to help on their role (figure 7). 26%
an avoidable incident
keep a business safe, are making the situation worse due
to their sheer volume (figure 6). Figure 7: The impact of cyber security overload 0% 10% 20% 30% 40% 50%

Figure 6: Cyber security suffers European average

from information overload 78% have underestimated a threat or
78%
incident

European average
77% have made an assessment they
77%
are not totally confident in
77%

68% feel paralysed by the volume

74%
of threat alerts 77% have rushed when assessing a
77%
threat
54%

67% leave work at the end of the day

67% having been unable to review every
37% alert
33% agree the volume of threat
60% 65% 70% 75% 80%
35% alerts is making it harder to keep
their business safe
28%

0% 20% 40% 60% 80% 100% France Germany UK Quantity certainly isn’t the answer when it comes to
security services. But if the answer lies in quality, many
security leaders feel under-resourced and ill-equipped to
provide it (figure 8) – particularly with attackers becoming
increasingly savvy.

1 2 3 4 SUMMARY

Now what?
In an increasingly broad and capable threat landscape, how
do cyber security leaders move out of a state of personal
overload? The answer lies in moving from a reactive and
fragmented model, to a consolidated and strategic one.
Yet to invest the time, energy and resource into defining
and executing against a cyber security vision, they must
first regain control of the finite human resources such
an approach would free up.
One of the biggest factors at play here is the overhead that
goes into managing a patchwork of IT security vendors
across a vast, rapidly evolving IT estate. A patchwork
approach to cyber defence creates vulnerabilities and
overburdens cyber security teams.
This tension is underpinning a push towards simplicity
and integration across the industry; fewer vendors, less
complexity, and more centralised management. With this
transformation, the cyber security industry is entering the
platform era.
An open standards security platform, such as Symantec’s
integrated cyber defence (ICD) platform, gives a modern
foundation on which to build. It integrates security data
feeds, cutting duplication, improving accuracy and
speeding decision making. With the ICD platform, security
leaders can add new security solutions as required
(typically cloud-centric ones such as CASB and cloud
workload protection) and feel safe in the knowledge they
will integrate quickly and easily into the ICD platform.
The ICD platform’s automation capabilities mean that new
solutions won’t require time-intensive manual patching
and maintenance, or the manual integration of new data
sources into reporting and compliance workflows.
1 2 3 4 SUMMARY
With these capabilities, it becomes far easier to hand
selected functions off to managed services. In an industry
with a severe skills shortage, an integrated platform
enables cyber security professionals to minimise mundane
tasks in favour of adding more value through proactive,
higher level of work.
A pathway to protection
There is much for you to consider as part of this approach,
but four of the most fundamental elements are:
• Mature and consolidate cyber defences by adopting
a platform approach, automating key processes
and compliance
• Educate the business on the threat landscape, and
demonstrate how cyber security can become a business
and transformation enabler
• Be both pragmatic and bias conscious in your efforts
to overcome the skills gap – recruit and up-skill a diverse
range of talent to tackle the multiple challenges you face
• Define your organisation’s risk posture, securing buy
in and ‘sign-off’ from specific business departments
and the board.
With skilled talent, the right processes and tools, it is
possible to evolve your roles from overloaded and reactive,
to confident and strategic. In subsequent chapters of
this research series, we’ll explore some of these key
factors in how you can work towards overcoming this
state of overload.
A Perfect Storm: Cyber Security Now
The current patchwork approach
to security tooling and strategy
is creating more problems than it solves.
There is so much daily noise that it’s near
impossible to work out what is most
important. Meanwhile the overlaps and
chinks between defensive systems present
hackers with new opportunities for exploit.
The volume of alerts, the constant patching,
and rapid emergence of new threat vectors,
are absorbing the attention of security
professionals, leaving little time
for a more strategic approach.
Darren Thomson, CTO EMEA, Symantec.
Watch the High Alert Summit webinar
Join Darren Thomson and Dr Chris Brauer,
Director of Innovation at Goldsmiths, University of
London, as they analyse the High Alert Chapter 1
findings and recommend how to reduce your own
cyber security complexity.
REGISTER FOR THE WEBINAR NOW
 The Skills Crisis: Tackling the Critical Gap

2 The Skills Crisis:

Tackling the Critical Gap
There was one theme in our research findings that came through loud and clear: overload.

At the Symantec CISO Forum, in February 2019, delegates

agreed that six months was the minimum amount of time
it takes to hire a security specialist, with nine to 12 months
not being unusual. Pure pragmatism meant that those
CISOs were perfectly prepared to upskill those they hired,
I see a huge risk of burnout in today’s industry. Many people are operating at their limit. with attitude, mindset and potential more than making up
When you look at the hours on top of the day job, you don’t have to be a rocket scientist to know for a lack of experience.
that it’s going to take its toll. Some of the people most at risk are those fresh into the CISO role.
Indeed, so much of cyber security has changed in recent
They are of course very ambitious, very smart, very competent people. But as time goes on,
years, particularly as a result of cloud and mobility,
it becomes clear that it’s a challenging post to adapt to. that a lack of baggage (such as a ‘defend the perimeter’
mindset) was described as potentially advantageous.

Dr Steve Purser, Head of Core Operations, ENISA, former financial sector CISO.

IT security leaders feel overworked and behind the
curve compared to their criminal competition. There are
many factors contributing to this – regulation, growing
technological complexity, increasingly skilled and well-
equipped hackers.
However, one of the single biggest issues compounding
this perception is a long-standing one: The Talent Gap.
According to IDC’s recent Western Europe Security Survey6,
97% of European enterprises agree there’s a security skills
shortage, which is having a negative impact.
It’s a remarkable statistic. It means only 3% of enterprises
in Europe believe the industry has the requisite talent to
deliver on its mandate – to ensure business integrity and
protect sensitive company, customer and shareholder
data. According to the 2018 (ISC)2 Cybersecurity Workforce
Study7, there’s a shortfall of around 142,000 cybersecurity 6. Western Europe Managed Security Services Forecast, ICD, 2017-2021
professionals across EMEA – a significant shortage. 7. https://www.isc2.org/Research/Workforce-Study

1 2 3 4 SUMMARY
 The Skills Crisis: Tackling the Critical Gap

The impact of a continuous skills shortage

The impact of an on-going skills shortage is that it drains
those who are already in position, making them overworked
and stressed as they end up operating in a ‘make it through
the day’ mindset. All too often, the workforce feel they
cannot keep up with their workload, which leaves them
unable to get on the front foot, or upskill themselves
and adjust to technological change (figure 9).
Figure 9: Skills shortage impact
Declining skills are highly problematic for cyber security
professionals, who are effectively in an arms race, in
which talent and skill are their most important weapons.
Unfortunately, enterprises feel they are falling behind
in precisely this area (figure 10). Our research discovered
almost half of those surveyed (48%) believe attackers
now have a raw skills advantage over defenders, and 44%
say their team lacks the necessary skillset to combat
cyber threats.

European average
If cyber security professionals are feeling overworked,
45%
stressed and see themselves falling behind in their
37% say their team cannot manage
44%
current workloads own skillset, it is hardly surprising that around two
23%
thirds are considering changing their role or leaving
51% 45% say technological change is
48% happening too quickly for their the profession altogether. For employers the battle
37% business to adapt isn’t simply recruitment, but retention too.
47%
46% say their team is too busy to
51%
keep up with skills development Figure 10: The security skills arms race
39%

44% say their team lacks the

45%
50%
necessary skillset to combat cyber European average
As first responders to potential
threats
38%
attacks, cyber security leaders
52%
are in a constant arms race of skills
0% 10% 20% 30% 40% 50% 60% France Germany UK
49% report attackers have
49% unprecedented access to resources
and support from bad actors and resources of their teams versus those
of threatening attackers. To this end,
46%
Clearly, if their environment does not allow enough time
for continuous development, cyber security professionals’ leaders in the survey believe
skillsets will gradually become outdated. This explains 52%
attackers have the advantage.
48% believe the attackers now have
why delegates at the Symantec CISO Forum felt much of 44%
the skills advantage
the current base of cyber security professionals, who have 47% Dr Chris Brauer, Director of Innovation,
anywhere between 10 to 30 years’ experience, have found Goldsmiths, University of London.
the rise of cloud and mobility such a challenge to deal with. 40% 45% 50% 55% France Germany UK

1 2 3 4 SUMMARY
 The Skills Crisis: Tackling the Critical Gap

Addressing the skills gap

CISOs report their success in the recruitment and As well as budgeting appropriately to hire new staff, Think outside the box
retention of cyber security professionals comes down it’s absolutely essential for organisations to improve the
to an appreciation from elsewhere in the business of just skills of the current workforce – an issue at the very heart It’s also worth noting that the skills cyber security teams
how hiring is impacted by the laws of supply and demand. of the talent gap. Firms simply must invest in in-house require go beyond just the technical ones. High level
Organisations that are naturally keen on standardisation or third-party education services to address this challenge. management skills and a commitment to bringing on the
and transparency can find it difficult to distinguish That investment isn’t simply a case of allocating a training next generation of leadership are also essential.
between IT and cybersecurity salaries. budget, but ensuring staff have the time and space
to learn.
Typically, CIOs allocate 4-8% of the IT budget to security.
Yet significantly increased costs for hiring and retaining
security talent (figure 11) will put CIOs, CISOs and security
leaders in the position of having to argue for funds
beyond these budgetary norms. As ever, evidence can
only aid understanding.
The CISO role today is much broader than it used to be. There’s more emphasis on being able
Figure 11: IT disciplines experiencing skills shortages
to relate the technical aspects to the business aspects. This is alongside having the right personal
attributes – the soft skills, such as communication – which are needed to bring people together
Cybersecurity 53% to solve problems.
IT architecture/planning 38%
Artificial intelligence/
machine learning (AI/ML) 35% This is why the really good people in the security industry are far more than just technically skilled.
Data analytics/data science 34% Especially in the higher ranks, you will see people who have a good mix of technical and soft skills,
IT orchestration
and automation 33% which enables them to implement control frameworks that really work.
Application
development/DevOps 26%
Data protection 26% We should also think about growing the next generation of CISOs from the start of their careers.
Database administration 24% We need to support them through all the different phases, from their 20s through to their 40s or 50s.
Network administration 23% You need solid experience to do this job.
Enterprise mobility
management 22%
Compliance management, 22%
monitoring and reporting
Mobile application 21%
development
Storage administration 21%
We do not have any
IT skills shortages
10% Dr Steve Purser, Head of Core Operations, ENISA, former financial sector CISO.
0% 10% 20% 30% 40% 50% 60%

Source: ESG Research Report: 2019 Technology Spending Intentions Survey

1 2 3 4 SUMMARY

Alternative strategies
As we will see in next month’s Chapter Three: After the
Breach, cyber security professionals could also do much
more to learn from one another than is currently the case.
Sharing the right information, at the appropriate time and
in the right way, could go a long way to helping more staff
upskill effectively.
Still, even with the luxury of a realistic budget for training
in place, a gap of 142,000 cyber security professionals
in EMEA means most companies are still going to struggle
to find people to hire.
Organisations therefore need to find complementary
alternatives that can help free up time for skills
development and ease the recruitment burden.
1 2 3 4 SUMMARY
IDC points to a four-step model:
1. Rationalisation
As highlighted in Chapter One: Perfect
Storm, the cyber security estate has
become incredibly complex and can easily
contain more than 100 different point
solutions from a huge mix of vendors. Consolidating that
estate, or using a cyber security platform to integrate it,
both improves security and reduces the time taken to
manage it manually.
An integrated cyber defence platform can also de-duplicate
alerts from multiple systems. Freeing up existing security
professionals’ time like this can ease the need to recruit
and improve retention. If staff are less overworked and
more in control of their time, they’re more capable of
focusing on their own professional development.
2. Embedded security
Cloud and mobility are rewriting
the way data is captured, stored and
managed. Modern cyber security is
designed to operate around cloud-centric
computing and can itself be delivered as a cloud service.
Security which is embedded within the main control
points – web, email, network and endpoint – gives far
greater control, goes unnoticed by end-users, and is
a step towards a ‘set and forget’ security infrastructure.
Being ‘in the sinew’ like this means less manual
management is required.
The Skills Crisis: Tackling the Critical Gap
3. Automation
Automation can help address
the security skills gap at two levels.
First, an integrated security platform
– by correlating, cross-checking and
prioritising data across multiple security products
– can reduce the volume of alerts and highlight those
that really matter. In addition to reducing the volume
of alerts analysts have to contend with, it can support
workflow to automate reporting and compliance; the key
challenge for cybersecurity professionals identified in
Chapter One: Perfect Storm. This relieves mundane manual
administrative tasks, enabling time-pressed cyber security
professionals to focus on higher value activities.
Second, machine learning and artificial intelligence can
change the game entirely. Symantec Targeted Attack
Analytics (TAA), for example, enables vast telemetry
data lakes and exposes attack patterns occurring in the
customer environment. TAA takes a holistic view of the
customer’s company and their industry to determine the
source, scope and impact of an attack in just a matter of
hours. The manual equivalent would not only take months,
it would also be unfeasible for most organisations to fund.
 The Skills Crisis: Tackling the Critical Gap

4. Externalisation
Given the talent gap, it is no surprise
that Managed Security Services is the
fastest growing segment of IDC’s
European Security Forecast8. Conventional Security monitoring, threat intelligence and response needs strength and depth in people,
wisdom is to ‘get the house in order’ before looking processes and technology.
to externalise a service (this work itself might use third
party support) as a typical patchwork environment is We already manage the world’s largest civilian threat intelligence network, operating six SOCs
difficult to hand over to a managed service provider. and nine response centres. It’s a global infrastructure and level of specialisation that few end-user
When the security estate is ‘in good order’, threat organisations could ever match.
intelligence, security monitoring, endpoint detection
and response are some of the most attractive areas to
Having this breadth of experience and development opportunity makes it easier to attract
externalise, as they are technically demanding and require and retain top talent than it is for a company that does not have security as its core business.
many of the most sought-after skills. Externalisation
helps to address other significant challenges. These
include operating the security estate 24x7x365, providing
sufficient resources to monitor the global threat landscape,
and the complexity of analysing high volumes of network Duncan Evans, EMEA Director, Managed Security Services, Symantec.
data to identify direct concerns and relay them back to the
organisation. Identifying and responding to incidents can
also require other specialist skills and a certain level of
tradecraft, which comes from outside the typical corporate
cyber security environment – such as military or law
enforcement.

8. W
 estern Europe Managed Security Services Forecast, ICD, 2017-2021

1 2 3 4 SUMMARY
 The Skills Crisis: Tackling the Critical Gap

Now what?
Taking steps to reduce the complexity of cyber security, the
use of cloud-delivered security, increased automation and
smart deployment of managed services can all help to deliver
There are several ways to address the skills gap. Hiring an experienced interim to do some
improved rates of staff retention. This is because, in addition
to lowering the overall workload, it removes the more of the heavy lifting or lead a transformation programme can relieve a huge amount of pressure
mundane, repetitive and low-value tasks from security teams’ while you focus on building the team. It’s a buyer’s market, so you have to have an attractive
workloads. As a result, it enables staff to focus on more proposition. Ask yourself if your environment is putting potential recruits off, or if there’s
rewarding, higher value work – which can only help firms in unconscious bias in your recruitment process.
the fierce competition to attract, and keep, top talent.
Think carefully about what you have to offer, because you will have something distinctive
Modern integrated cyber defence platforms have a role
which will be right for someone – this could be as simple as creating a part time role,
in addressing the skills crisis because they help save time
– and security leaders can use this extra capacity to focus job share or flexibility in terms of location.
on skills development for themselves and their team.
At Savanti we’ve had great success in hiring candidates who are returning to work following time
But clearly there is still a core need to secure budget off to raise young children. Provided you create the right environment and are prepared to try new
to invest in cyber security professionals and, even then, approaches, there is talent out there. A diversity of mindsets and backgrounds strengthens the team;
there is the challenge of recruitment. whether a psychologist, a marketer, someone from HR, risk or legal. You can try a secondment
The clear message from the Symantec CISO Forum was to see if there’s a good fit. The key is to find smart people with transferable skills and train
to ensure ‘no stone is left unturned’ in addressing the them up. Build a pipeline of talent.
skills gap – which is a chronic, systemic issue that will
take years to resolve. So any technology which can
provide an edge in the shorter term should be welcome,
while the benefits of longer-term initiatives take time
to manifest. Richard Brinson, CEO Savanti, and former CISO at Unilever, RS Components and Sainsbury’s.

1 2 3 4 SUMMARY
 The Skills Crisis: Tackling the Critical Gap

Reassess recruitment Figure 12: Security workload drivers

A similarly rigorous, conscientious approach should Having a well thought out security
be taken when scouring for talent. A recognition and User behaviour 37%
architecture and an agreed set of
celebration of diversity is not only ethical, it is plain old Organisational politics/lack of
attention to information security 22% robust procedures, which have been
common (and business) sense. Phishing 19% properly tested – are all things that can
The 2018 (ISC) Cybersecurity Workforce Study reports
2
Accurate, timely processing
of security events
19% reduce stress. Ultimately, if you do your job
that only 24% of the workforce is female, which suggests Endpoint security 18% correctly, put the flags where they’re
there’s an immediate scope to consciously recruit from Compliance – related costs/ 18% supposed to be, and you communicate
requirements
a larger pool of candidates. Similarly there are many well – whatever happens, you’re
Cloud security 17%
people with high potential, and at least some requisite
Lack of budget 17% not in the firing line.
skills, to be found outside the more renowned universities
from which corporates tend to recruit. It should also be Keeping up with new technology 17%
Dr Steve Purser, Head of Core Operations,
recognised that some of the most important cyber security Application security 14%
roles are not technical.
ENISA, former financial sector CISO.
Third-party/supplier security 14%

Security awareness training 13%

(ineffectiveness or difficulty)
Thinking different pays off Mobile security 12%

End-user behaviour, from lack of awareness to wilful Staffing information security 12%

non-compliance, usually causes security teams the most Ransomware 11%

amount of work (figure 12) while phishing is currently Data loss/theft 11%
the biggest external threat. One Symantec CISO Forum
Malicious software (malware) 9%
delegate shared her experience of hiring a psychologist
Firewall/edge network security 7%
into the security team. Following a number of initiatives –
such as praising those who raised a potential threat, to test Other 4%

phishing emails and ‘external email’ warnings – the firm’s 0% 5% 10% 15% 20% 25% 30% 35% 40%
phishing simulation click rate dropped from 27% to 8% in
just 12 months. That’s a single recruit, with no technical Source: 451 Research, Voice of the Enterprise: Information Security,
skills, that both improved the firm’s security posture and Organizational Dynamics 2018

saved their new colleagues considerable time.

1 2 3 4 SUMMARY

The benefits of an integrated approach
Further resources for you and your team
Every challenge facing today’s security leaders – as
revealed by the High Alert findings – is being compounded
by a patchwork approach to security tooling and strategy.
Bolt-on point solutions are adding unnecessary
complexity to IT estates, creating new vulnerabilities
and overburdening cyber security teams.
Symantec’s overarching recommendation is that
organisations must move from a reactive and fragmented
approach to a consolidated and strategic one. Yet to invest
the time, energy and resource into defining and executing
against a cyber security vision, they must first regain
control of the finite human resources such an approach
would free up.
This tension is underpinning a push towards simplicity
and integration across the industry as security
professionals demand a more integrated approach.
Managing cyber defences more holistically means
fewer vendors, less complexity, and more centralised
management – with reporting and shared telemetry
across every layer of defence.
READ MORE ABOUT THE SHIFT
TO A PLATFORM APPROACH
1 2 3 4 SUMMARY
The Skills Crisis: Tackling the Critical Gap
A mature, well-integrated cyber security function can
give businesses a competitive edge, both complementing
and taking advantage of digital transformation. Taking a
streamlined, security platform-based approach will go a
long way in helping to address many of the issues identified
in High Alert – and help protect cyber security talent
from overload.
Your journey to comprehensive protection
There’s lots to think about as part of this approach
but these four pillars are especially important:
• Mature and consolidate cyber defences with
a platform approach, to enable the automation
of essential processes and compliance efforts
• Educate the business on the risks posed by today’s
threat landscape, and demonstrate cyber security’s role
in enabling business transformation
• Retain and upskill staff to overcome the skills gap
– while being both pragmatic and conscious of bias
in pursuing a diverse recruitment strategy
• Define your risk posture, collaborating with different
stakeholders and adapting to their needs to earn buy-in
from colleagues and sign-off from the board.
Summary
and Next Steps
If you want your organisation to reduce cyber security complexity, and enjoy proactive, holistic protection
with a reduced management burden, it’s easy to get started with Symantec Integrated Cyber Defense.

We’ll work with your cyber security specialists and partners to complement, streamline and ultimately
transform your existing security infrastructure at a pace that suits your organisation.

Choose Symantec Next steps

with confidence
Industry analysts consider Symantec a market leader
in information security. The products that comprise
Symantec Integrated Cyber Defense are individually
recognised as among the best in their fields:
Watch out for the High Alert series Chapter Three,
After the Breach, coming in July.
Learn more about simplifying cyber security complexity
with the Symantec Integrated Cyber Defense Platform.

Symantec Secure email Gateway was named VISIT WEBSITE NOW

a Top Player by The Radicati Group

Symantec was named a Leader for the 11th year

running in Gartner’s Secure Web Gateway
Magic Quadrant

Symantec was named a Leader in the Gartner

CASB 2018 Magic Quadrant

Symantec was named a Leader in Forrester’s

Zero Trust Wave Report 2018

1 2 3 4 SUMMARY
About the Research
The High Alert research study was conducted by Symantec in collaboration with Dr Chris Brauer, Director of Innovation,
Goldsmiths, University of London and research consultancy Thread. The research was directed by Dr Chris Brauer and
Dr Jennifer Barth and led by Sean Duggan. The German and French figures for the quantitative study are from Censuswide;
the UK figures are from YouGov.

Survey fieldwork was undertaken in Winter 2018/19. The research used quantitative methods to measure, define and
distinguish the experiences of cyber-security professionals in leadership roles in three countries: France, Germany and
the UK. The survey was distributed to 3,045 individuals across France (1,002 respondents), Germany (1,003 respondents)
and the UK (1,040 respondents) in middle or upper leadership roles, with decision making involvement in cyber security.

Copyright ©2019 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks
of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.