Don’t let the skills gap hinder cyber resilience

Published: Friday, 19 August 2022 08:27

Securing the right talent has always been a challenge in the technology field, but it is now more pressing than ever and is critical for effective cyber resilience. Bryan Patton says that automation is one of the keys to dealing with this area.

It’s no secret that IT departments are severely understaffed when it comes to supporting a growing digital workforce. Not only is there a widely acknowledged skills gap in the technology industry, but we are now faced with what has been coined the ‘great resignation’, placing extra pressure on IT teams to do more with less staff. This is a major challenge for organizations across the world when it comes to cyber resilience, because while the talent drought only gets worse, cyber attacks are continuing to grow. However, while it might feel like security teams are facing an uphill battle, there are tools and technologies available that can help businesses to close the gap.

Simply preventing threats is no longer enough, organizations also need to be able to adapt and to withstand an attack. This is what cyber resilience really comes down to. After all, it is often the moments after a cyber attack or breach that will determine a company’s reputation, and those that are able to limit damage and maintain operations, will be in a far better position to move forward. This means that businesses need to be able to prepare for the unknown, so they can better anticipate an attack and have a plan in place that will allow them to not only restore, but to recover and to continue business as usual.

When a crisis does strike, whether a cyber attack or a natural disaster, for any business that relies on Microsoft to manage its data or communications, nothing can be recovered until the Active Directory (AD) is up and running again. AD serves as a doorway to the digital functions and services within the business, so without this, there is no ability to authenticate users, or enable access to data, applications, and files. However, the challenge is that this can be a laborious task, and it requires expert knowledge. Even the recovery of a single domain controller requires meticulous coordination of many processes and numerous redundant steps - from preparing for and performing the restore, to syncing the domain controller with its replication partners and making it available again. When performed manually, these steps are time consuming and error prone. If businesses don’t have the skill set and are feeling the gap, something like an AD restore is extremely complex and it is something that businesses can’t adapt.  

With rising threats, complex AD, and a growing skills gap it can feel like a daunting task for businesses to stay ahead. The truth is that overcoming the skills crisis is not an easy fix and it is something the technology industry and more specifically the cyber security sector has felt for several years. However, businesses can take steps to ensure this does not impact cyber security – by complementing their teams with additional insight and implementing tools and technologies that provide control and insight into infrastructure changes.

To some extent, easy to implement software as a service (SaaS) solutions have filled this gap for many businesses. However, the rapid change to SaaS solutions can create misconfigurations and add to the challenges, if businesses don’t have the skill set or understand the changes happening within their environment.

The way to mitigate these risks is with change control and risk management.

It is critical to understand who has access to what data, the permissions in place and to gain an understanding of the attack surface and potential vulnerabilities. The good news is that automation can enable businesses to achieve this, reducing the pressure on teams and reducing the risk of human error. Without automation, businesses would not only need dedicated security teams available to scan all user activity and monitor suspicious activity – but in order to identify any valid threats it would also take hours of manual work and personnel to go through all the logs, something that is just not feasible. Automation has vastly improved this, by reducing all the noise and offering real time auditing of user activity, threat alerts and automatic responses when it comes to improper changes or suspicious activity. This allows IT teams to quickly divert their attention to where it is needed as they are alerted to any threats– adding true value to the business.

In addition, automated platforms also offer dashboards that not only show the threats but simplify the information – making it easier to read so security teams can easily understand and identify the issue without specialist skill sets. All of this allows organizations to get to the bottom of security incidents quickly and easily, without letting staffing shortage get in the way.

Automated recovery management also eliminates manual tasks so organizations can move through the recovery process quickly, with fewer IT staff, in the correct order and without errors - whether in an on-premises or hybrid environment. By simplifying recovery operations, automation reduces downtime, allows businesses to cope with limited staff and accelerates the return to normal operations.

Cyber resilience is about planning for the worst-case scenario and being prepared to navigate the business through this. The good news is that it does not have to require infinite resources and budget. With a well thought out approach, automation to bridge the gap, and a strong focus on Active Directory recovery, organizations can be well positioned for when the next disaster strikes.

The author

Bryan Patton, Principal Strategic Systems Consultant, Quest