Cybersecurity skills crisis creating vulnerabilities

Cybersecurity education deficiencies and other factors cause direct damage to companies, a report from Intel Security finds

Cybersecurity skills crisis creates vulnerabilities
geralt via Pixabay

Cybersecurity staffing continues to be a problem, a new report has found. Intel Security says a massive 82 percent of IT professionals that it surveyed are battling a shortage in workers specializing in cybersecurity.

It’s proving to be a major deficit and is resulting in serious damage. Australia, France, Germany, Israel, Japan, Mexico, U.S. and U.K. are all hurting for hires, the study says.

Market research specialist Vanson Bourne performed the survey and interviewed IT decision makers working in cybersecurity in developed countries.

+ Also on Network World: Closing the cybersecurity talent gap, one woman at a time +

A problem that results from not having enough experts is simply damage. Stolen proprietary data is directly linked to the lack of workers specializing in keeping things secure, claims James A. Lewis, senior vice president and director at Center for Strategic and International Studies (CSIS), which produced the report alongside Intel’s McAfee security arm.

“A shortage of people with cybersecurity skills results in direct damage to companies, including the loss of proprietary data and IP,” Lewis says in a press release.

Seventy-one percent of the respondents agree with that, citing this IT-niche, people shortfall as “responsible for direct and measurable damage to organizations,” the release explains.

That “lack of talent” on board makes enterprises more “desirable hacking targets,” Intel and CSIS say.

An absence of education and training is predominantly to blame. Just 23 percent say there is enough of it. Students aren’t being prepared to enter the role. And inexplicably, there’s a dearth of “qualification sponsorship,” too. That’s causing talent to up and leave.

What it takes to keep cybersecurity staff

Employer dynamics, as Intel calls the employer X factor, depends on salary, as one would expect. But “training, growth opportunities and reputation of the employer’s IT department” comes into play, too. So, to compete for the scarce workers, those things have got to be in place.

Interestingly, the study shows that training doesn’t have to be performed in traditional seats of learning—practical and hands-on training are “perceived as better.”

The most skilled workers were the hardest to source, those interviewed say, so trained and experienced workers have an edge.

Sniffing for intrusions, secure software development and attack mitigation are the scarcest skills. “Soft skills” such as communication and collaboration, less so.

Many of the respondents (90 percent) compensate for the lack of workers by using technology, which works for some things. And one problem may indeed be that those kinds of tools are getting better all the time—IT cybersecurity skills of the kind used today may be redundant as solutions come on stream more.

Over half (55 percent) of the IT executives “believe that, in five years, cybersecurity solutions will be able to meet the majority of their organization’s needs,” the report says. That perception might affect whether an individual worker thinks it’s worth getting trained.

Who to blame? Well, governments are partly the reason for the overall shortage problem, the surveyed found. A significant three-fourths (76 percent) say not enough is being done to develop talent by bigwigs in the respective corridors of public power.

“The cybersecurity workforce shortfall remains a critical vulnerability for companies and nations,” the report concludes.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT