The importance of a mature vulnerability management program can’t be overstated. File integrity monitoring (FIM) and security configuration management (SCM) might be the bedrock of a strong cybersecurity program, but they can only go so far.
Scanning for vulnerabilities needs to be a foundational part of your program, too. The Center for Internet Security (CIS) already knows this; that’s why it ranks continuous vulnerability management (VM) as number three in its top six basic security controls.
“Organizations that do not scan for vulnerabilities and proactively address discovered flaws face a significant likelihood of having their computer systems compromised.”
— Center for Internet Security (CIS)
Threat Detection and the Growing Cybersecurity Skills Gap
But as crucial as VM is, security teams are having a harder and harder time filling the roles and securing the budget necessary to establish a mature VM program. Security professionals are put in a difficult position when they know what they should be doing, but they just don’t have the resources to do it.
There simply aren’t enough cybersecurity professionals to meet industry demand. And due to the shortage of cybersecurity talent, many organizations may skimp when it comes to VM. According to CSO, 53 percent of organizations claim a “problematic shortage of cybersecurity skills.” While some VM effort is better than none, any lapse in continuous monitoring is an opportunity for cybercriminals to impact your network.
A Tripwire study found 93 percent of security professionals are concerned about the cybersecurity skills gap, and 72 percent believe it’s more difficult to hire skilled security staff to defend against today’s complex cyber attacks compared to two years ago. In addition, 81 percent believe that the skills required to be a great security professional have changed in the past few years.
“The skills gap doesn’t have (Read more…)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Onyeka Jones. Read the original post at: https://www.tripwire.com/state-of-security/vulnerability-management/managed-vulnerability-management/