A survey of 3,300 IT professionals by the industry body (ISC)2 has found that widespread under-funding in training in-house IT talent is contributing to what it calls the critical cybersecurity skills gap.
The report suggests that businesses are exposing themselves to cyber threats by ignoring and neglecting IT professionals, with 65pc of IT workers reporting their security advice is not followed. Almost half of IT workers say their firms do not invest sufficiently in ensuring their IT staff are security-trained, despite a shortage of cyber security workers across 63pc of businesses.
This indicates according to (ISC)2 that the cyber skills deficit is rooted in businesses failing to listen to advice from IT staff and upskill in-house talent. The report suggests this is a leadership issue, with 49pc of respondents accusing business leaders of a failure to understand cybersecurity requirements. The result, according to the report, is that majority of companies are even less able to cope with a cyber attack than they were last year.
In February 2017, (ISC)2 found that the cybersecurity skills gap will grow to 1.8m by 2022 if hiring and training trends continue. The latest research is based on responses from more than 3,300 IT professionals from around the world who participated in the 2017 Global Information Security Workforce Study. Visit http://www.isc2.org.
– 43pc said their organisation doesn’t provide adequate resources for security training
– Only a minority, 35pc agreed their security suggestions are acted upon
– 55pc said their organisation doesn’t require IT staff to earn a security certification
– 63pc said their organisation has too few security workers
– 51pc of organisations are less prepared for a cyber attack than 12 months ago
– 49pc blame business leaders for lack of understanding of cyber threats
– 51pc said their systems are less able to defend against a cyberattack compared to a year ago
– Hiring managers rank communication skills (62pc) and analytical skills (52pc) as their top priority, while IT pros cite cloud computing and security (64pc), and risk assessment and management (40pc) as top skills needed
(ISC)² CEO David Shearer said: “Our findings suggest too many organisations are fixated on their inability to attract top cybersecurity expertise that they often overlook a tremendous pool of talent already on staff and intimately familiar with their infrastructure and processes. The quickest way for many organisation to protect themselves against cyber threats is through continuous education and empowerment of their IT team. Security is a shared responsibility across any organisation, but unless IT is adequately trained and enable to apply best security practices across all systems, even the best security plan is vulnerable to failure.”
(ISC)2 has announced an experience waiver for its Systems Security Certified Practitioner (SSCP) certification. Those who have earned a cybersecurity or computer science degree from an accredited college or university can attain full certification without completing one-year of paid, full-time work experience as previously required after passing the SSCP exam and completing the (ISC)2 endorsement process.