The Register Home Page

Search
Navigation

back to article Security pros are drowning in threat-intel data and it's making everything more dangerous

Too many threats, too much data, and too few skilled security analysts are making companies more vulnerable to cyberattacks, according to the IT and security leaders tasked with protecting these organizations from digital threats. Google Cloud commissioned a study that had Forrester Consulting query 1,541 director-level and …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    What talent shortage?

    The security talent market is an employer’s market right now. Hardly anyone is hiring.

    There’s been a bloodbath of layoffs (some of which management likes to pretend are due to AI) that has left very talented security folks sitting on the couch for months.

    21 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: What talent shortage?

      Perhaps there is a causal connection here.

      5 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: What talent shortage?

      I'm no sure what is going on right now. I have an infosec mate, highly skilled, highly experienced, highly qualified, has worked at very high levels on some very hush-hush stuff and is on the bench after his last contract finished. He can't even get interviews. He's can't even get interviews for jobs he wrote the job spec for (matching himself), mostly he gets no reply to applications at all and requests for feedback are ignored.

      Yet I'm bombarded with roles to apply for every day, and we see the common cry of 'skills shortages', 'not enough security people to fill roles'.

      As some other Reg commentard put very well, "Is there just a shortage of world class infosec people willing to work for sod all money?".

      My mates suspects a lot of fake jobs just advertised to gather CVs or feed AI tools. I dunno but it's not good.

      11 0 Reply
      1. brainwrong Bronze badge
        Reply Icon

        Re: What talent shortage?

        "My mates suspects a lot of fake jobs just advertised to gather CVs"

        I don't work in IT, but this has been a thing for years. That's one reason I try to avoid employment agencies. The other reason is tax scams dressed as "a new government initiative" exploiting naive employees.

        4 0 Reply
  2. IGotOut Silver badge

    Wahhh...

    ...we don't have enough skilled staff.

    Translation.

    There aren't enough staff willing to work for fuck all, with the knowledge that we are likely to fire them the next time the line doesn't go up.

    23 0 Reply
  3. Anonymous Coward
    Anonymous Coward

    This screams low quality in software delivery. Maybe developers should focus on clean code.

    6 1 Reply
    1. Paul Crawford Silver badge
      Reply Icon

      Maybe developers should stop adding pointless shit to products that basically work?

      That way they might be able to fix existing problems, not add new ones, and bring the bug count down.

      9 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        There are days I really would love a box of extra upvotes.

        This, MEGA this. Let's take Visio as an example. Simple, good working product and fast because of its simplicity. Then Microsoft happened..

        6 0 Reply
    2. vulture65537
      Reply Icon

      There's some truth in that. There are also poor configurations and poor understanding of what people use.

      And there's a whole lot of attitude around "there can't be any security problem with our work and if anybody says there is we will reject their ideas". Security staff are wasting their time in an organisation that won't fix anything .

      1 0 Reply
  4. Anonymous Coward
    Anonymous Coward

    "Attacks", "Bad Actors", "Ransomware"......Mostly Misdirection........

    .....by consultants and politicians.

    Isn't it true that most "incidents" come about because someone on the staff clicked something, or gave away a password?

    What about better training of the folk who do the work?

    No.......costs too much to train people!! Much cheaper to whine about "security"!!

    5 1 Reply
    1. Gene Cash Silver badge
      Reply Icon

      Re: "Attacks", "Bad Actors", "Ransomware"......Mostly Misdirection........

      It's fucktards all the way down. For the past 2 months, I've gotten a docusign email once a week saying "Please click to review and e-sign your Subscriber Agreement from [xxx] Insurance Exchange."

      Except I'm not part of any [xxx] Insurance Exchange... so I'm sure AF not going to even click any of it. It's about as obvious a phish email as you can get.

      Then this morning I get a thick wad of papers in the mail explaining [house insurance name] is now [xxx] Insurance Exchange.

      Would it have fucking killed anyone to explain that in the emails? Or to include some sort of link where I could have verified the emails?

      Complete fucktards.

      11 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: "Attacks", "Bad Actors", "Ransomware"......Mostly Misdirection........

      If the security wrapper was designed properly you wouldn't need to worry about staff making a mistake when busy and clicking on a very believeable (probably AI generated) phishing email.

      Blaming the overworked peeps for clicking one email is just an easy excuse for bosses who don't want to pay for systems that are actually achitected in a way which directs people away form bad choices. It's far easier to buy a cheap bit of training then point the finger when they click one wrong link in the 1000th email they've been expected to deal with that morning.

      2 1 Reply
    3. cookiecutter Silver badge
      Reply Icon
      Devil

      Re: "Attacks", "Bad Actors", "Ransomware"......Mostly Misdirection........

      If companies had fully staffed IT teams, rather than "business analysts" and "project managers", security wouldn't be a problem. Especially if they had the tools and training needed in a field where things change every 5 minutes.

      If Developers had 1/2 an ounce of sense and SPELL security & weren't all offshored in a sweatshop in India, we wouldn't be rolling out 70 updates to an operating system a month and firewalls wouldn't be released with bugs that allow admin access over the internet if you poke them correctly.

      If Finance, Market, HR, etc were all staffed correctly & trained and weren't hugely knackered and chasing random deadlines to meet quarterly bullshit, they would have time to actually LOOK at an email and not click the link or put the dodgy video conference asking for the $25 million transfer down to dodgy wifi somewhere.

      If the Top sales guy or trader wasn't allowed to shout and scream to avoid training, we

      1 0 Reply
  5. Filippo Silver badge

    >[...] manufacturers have a lot of operational technology, such as PLCs and SCADA systems [...]

    Such systems need to be either offline outright, or live behind firewalls that block everything by default, and only enable specific traffic (remote support and tightly-defined automated data exchange). It is not that difficult.

    The only problem is that for most manufacturers the maximum acceptable cost to implement this is "zero", as in, "oh, we can't afford getting a separate PC for workers to receive emails; let's just use the SCADA machine instead". That budget is a tad too low even to just configure a firewall.

    7 0 Reply
  6. Brewster's Angle Grinder Silver badge

    "...with quantum computing breaking encryption...tying for fourth at 41 percent..."

    Right now, quantum should be 0%. Except, of course the category isn't quantum, it's "quantum computing breaking encryption and supply chain threats". Supply chain threats at 41% I can buy. But why did they merge the two orthogonal categories?

    1 0 Reply
  7. Brewster's Angle Grinder Silver badge

    Remember the old joke about RegEx, that goes something like, "so I decided to solve it with a RegEx and now I've got two problems"?

    It should be rewritten for the AI age as, "So I decided to use AI. And now I've got two problems."

    And this is being used by Google to peddle AI security analysis.

    4 0 Reply
  8. cookiecutter Silver badge

    as dumb as gartner!

    where the hell do these fools getv their data from?

    i can't take any of this stuff seriously!

    apparently there are millions of vacancies in cyber security jobs, apparently employersc are having a nightmare hiring.

    utter bollocks! this is a "we need more visas" con!

    there are NO jobs, look on jobserve & total jobs. its the same jobs scrapped from each other. look at each job on an individual site & its the same job being advertised by 10 different agencies.

    And then look at the rates! seeing soc engineer jobs at £32k. something i was earning doing desktop in 2004!

    A note to vendors reading this: if you lead your marketing with "gartner quadrant blah" or "forrester leader blah blah", you're not even going to get invited in to any job i get to demo your product.

    those 2 firms are utter jokes!

    2 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like