Cybersecurity Labor Shortfall Exposes Companies to Threats

Posted by C Henry on Fri, Oct 27th, 2017

Reports of data breaches, cyber security threats and new ransomware variants are constantly in the headlines. The fact is that cybercriminals target all types of businesses. Every organization needs qualified I.T. staff with the skills and experience to mitigate this risk.

The pace of change and the introduction of new architectures, protocols and solutions is fast and continuous.  As companies strive to complete the digital transformation of their companies to better compete in a disruptive world, the ability to find talent becomes increasingly challenging.  As the cloud has become the preferred location to host applications and digital services, the demand for IT professionals with the necessary skillsets to transform legacy driven datacentres into hybrid infrastructures is skyrocketing.  In fact, a 2015, Skills and Salary Report released by Windows IT Pro showed that one in five IT decision makers is having difficulty finding skilled talent for current cloud initiatives.  

Demand for cybersecurity personnel

As challenging as it may be to find talent to manage your hybrid cloud environment, the issue is even more dire when it comes to cyber ecurity.  According to a study conducted by ESG research in 2016, 46% of organizations say that they have a “problematic shortage” of cybersecurity skills, up from 28% the year prior.  Not surprisingly the biggest deficiency was in cloud security.  It also included other areas however such as network security, security analysts and compliance auditors.  The problem isn’t just limited to North America either.  Two-thirds of companies throughout the UK report having too few cybersecurity personnel with roughly half attributing the shortage to a lack of qualified applicants.  In fact, the job site, Indeed, ranks Britain's digital security skills gap as the second worst in the world.

Demand for cybersecurity personnel is simply outpacing supply and this dearth of talent is putting companies across the globe at risk.   According to the Global Information Security Workforce Study (GISWS), there will be a shortage of 1.8 million cyber workers in the year 2020.  In fact in 2015 there were approximately 209,000 unfilled cybersecurity positions in the United States alone.  

Yet another report published by Intel Security who partnered with the Center for Strategic and International Studies (CSIS), to implement the study found that 82% of those interviewed reported a lack of cyber-security skills within their organization. One in three say the shortage makes them prime hacking targets.  One in four say it has led to reputational damage and the loss of proprietary data via cyberattack.  These types of losses are indeed substantial.  A 2017 article in CSO magazine reports that the average cost of a data breach in North America is $1.3 million for enterprises and $117,000 for Small and medium-sized businesses (SMBs).  Cybercrime as a whole was a 445 billion dollar industry last year and that number is only supposed to grow larger.  The fact is, we need to do something to fill the gaps, and quickly.

IT security experts attribute the shortage to more than just the accelerating pace of innovation.  Some argue that governments are not investing enough to build suitable cybersecurity forces they will so desperately need in the future.  Others point to the fact that companies are obsessed with only pursuing applicants with the traditional college credentials of a degree in computer science.  With practically every industry today requiring people with cybersecurity skills, many feel that companies need to look towards a broader pool of prospects.  This probably explains why some of the hottest IT certifications are in the cybersecurity field.

Some of the cybersecurity skills that continue to be in demand include:

• Intrusion Detection –ID is about locating potential malicious activities that can undermine the integrity, confidentiality, and availability of a company’s data. Without it, companies are exposed to the growing digital threats that are prevalent throughout the world.  
• Cybersecurity Auditors –CAs are especially important in cloud security where companies do not have direct control of the security controls implemented by their cloud service providers.  Because of this, transparency is paramount, involving the ability to gain visibility into security practices carried out by them in order to gain visibility into the security state of your environment. 
• Attack Mitigation – With the proliferation of DDOS attacks throughout the world, attack mitigation skills are in high demand for positions such as network engineers, system administrators and dev ops. 
• Secure Software Development – The app is now the quintessential tool in which companies communicate with their customers today and as a result, apps have obtained a ubiquitous presence in modern life.  Creating applications with secure code from the very beginning helps to limit zero day attacks as well other vulnerabilities. 

Closing the skills gap will remain a matter of critical importance for the foreseeable future. With many companies unable to fill key cyber-security roles, we will see an increase in the outsourcing of I.T. and security to I.T. services companies. There are many reasons why choosing to use a service provider  can make sense for an organization; to reduce costs, improve flexibility, increase service levels, reduce management overhead and  rapidly deploy new security features. Whatever option your organisation chooses there can be no doubt that unless the skills gaps is closed cybercrime will continue to pose a greater threat to your organization.

Are you an IT professional that wants to ensure sensitive data and devices are protected?  Sign up for a product demo or  email us at info@titanhq.com with any questions.