A recent survey of 775 IT decision-makers by Intel Security, in conjunction with the Center for Strategic and International Studies, reported some interesting data culled from the respondents. Findings include:
- 82% of respondents report a shortage of cybersecurity skills in their organization.
- 71% say the lack of qualified IT security professionals is responsible for direct and measurable damage to organizations whose lack of talent makes them a more desirable hacking target.
- 25% of respondents report that their organizations have lost proprietary data as result of this skills gap.
- The study reports that research has shown that 209,000 cybersecurity jobs went unfilled in the US in 2015.
- Large majorities of respondents worldwide believe that basic skill sets are lacking in every major IT security skill category (intrusion detection, attack migrations, ability to communicate effectively, etc.)
Although the report, entitled Hacking the Skills Shortage recommends more funding by companies and governments, we know from other research, talking to end users, and the investment money pouring into the infosec space that funding is increasing fairly rapidly. You’ll never see a survey of security specialists (IT or physical) where respondents are not calling for significantly more spending as a solution. With the black hats having the upper hand right now, that’s understandable.
But moving beyond just spending, what’s notable about these recommendations that suggestions for bridging this skills gap are starting to move beyond simply recommending “throw more money at it” as a solution. One of the conclusions suggested in the report is to “redefine minimum credentials for entry-level cybersecurity jobs,” which is a refreshing look at the problem. Making it easier to enter a field that offers salaries at nearly triple that of the average worker would project to have some beneficial results.
We’ll be running a podcast next week where one IT security expert calls for an intriguing redefinition of the traditional IT security job, along with some practical suggestions for greater integration between security specialists and other IT professionals. The overall security approach needs to change, as highly-credentialed security experts are not going to appear out of thin air, and hackers are not moving into more reputable fields.
Image found here.