Maksim Samasiuk - Fotolia


How IT can address the cybersecurity skills gap

Many organizations lack top-flight cybersecurity skills in the IT department, but with the right focus on the basics, they can still keep Windows 10 safe.

The cybersecurity skills gap is real, especially when it comes to Windows 10. There just aren't enough IT professionals with the proper expertise to assess and mitigate information risks.

Many believe that, with more qualified IT pros, the number of data breaches organizations experience would go down. In fact, ISACA, an information security advocacy group, predicts there will be 2 million fewer IT security professionals than necessary across the globe by the year 2019.

The cybersecurity skills gap plays a role in the amount of attacks and security holes organizations face, but the reality is, in many organizations, IT is just focusing on the wrong things -- chasing the latest and greatest technologies at the expense of security basics.

Emphasize the basics in Windows 10

Even with a limited skill set, IT can mitigate the most common risks cited in studies, such as the "Verizon Data Breach Investigations Report" and the "Symantec Internet Security Threat Report," relatively easily by following a few best practices:

Focusing on this relatively small number of Windows 10 security challenges can mitigate the majority of an organization's Windows-related risks.
  • Establish a workable set of Windows 10 security standards that make sense for the business, and then actually implement them. This includes ensuring all Windows 10 desktops are properly hardened with reasonable audit and logging policies, proven malware protection, full disk encryption and so on.
  • Eliminate Windows XP. There's still a sizable percentage of unpatched and vulnerable Windows XP systems out there ripe for attack. IT can potentially mitigate the XP problem with the Windows POSReady 2009 registry hack, where admins change the XP registry to make the OS think it's Windows POSReady 2009 -- a sister OS to XP for point-of-sale systems that still receives security updates. The hack is little more than a trick. Microsoft does not support it, so it may be wise to migrate off Windows XP completely instead.
  • Test all Windows 10 desktop systems for security vulnerabilities -- both with and without authentication -- on a periodic and consistent basis. Running vulnerability scans with a tool such as Nexpose Rapid7 or Nessus Vulnerability Scanner combined with seeking out unprotected information on open network shares can go a long way in shoring up Windows 10 security.
  • Apply Windows, Microsoft Office and especially third-party software security updates in a timely fashion. Many systems remain in a constant state of vulnerability because of gaps in patch management.
Important exercises for bolstering your enterprise's cybersecurity program

Focusing on this relatively small number of Windows 10 security challenges can mitigate the majority of an organization's Windows-related risks. And none of these moves require in-depth security expertise. Instead, it's about using good tools, tweaking existing IT processes and having proper time management.

Understanding security needs

Research statistics and market forces have value, but IT pros must understand their organization's specific security needs. One organization might face a real cybersecurity skills gap, while another just needs to make a minor tweak. Every situation is different.

The key is establishing a security philosophy. IT pros must determine what their organizational security needs are and how they can achieve them. The what and how form an organization's security philosophy.

The reality is security challenges are only going to become more complex. If IT pros master the basics, they may not have to hire additional resources to protect their Windows deployments, and they can avoid falling victim to any cybersecurity skills shortage on the horizon.

Next Steps

Security skills shortage plagues IT

How to build a cybersecurity staff

Cybersecurity spending, budgets increasing, but is it enough?

Dig Deeper on Enterprise desktop management