The nation faces a serious shortage of skilled cybersecurity professionals and the lack of skilled staff is making it hard for organizations to prevent cyber-attacks and is seriously hampering many organizations’ breach response efforts.
There is considerable demand for skilled cybersecurity professionals; however, a shortage of suitable applicants leaves many positions unfilled. A recent survey conducted by Dimensional Research on behalf of Tripwire has highlighted the extent of the problem. The study was conducted on 500 IT security professionals in August this year. Questions were asked about IT department staffing to identify some of the key cybersecurity and compliance challenges currently being faced.
The survey revealed that 75% of organizations lacked the necessary staff to allow them to detect and respond to security breaches effectively. Six out of ten respondents admitted their organizations were facing increased security risks as a direct result of a lack of skilled cybersecurity staff.
Finding skilled staff is a major challenge. 72% of respondents said they struggled to hire skilled cybersecurity staff, while programs for training staff were also falling short. 50% of respondents said they lacked an effective program to train skilled cybersecurity staff. One of the ways that many organizations are addressing staff shortages is by purchasing technology solutions. 69% of respondents said they have tried to tackle the problem by using security tools which automate a lot of processes. While those solutions can be used to fill a gap, they are often a poor substitute for skilled staff.
As Tim Erlin, director of IT security and risk strategy for Tripwire, explained “A lack of cyber security skills not only degrades an organization’s ability to respond to incidents, it also inhibits organizations from developing and deploying effective prevention.” Erlin went on to say “Having the right tools is only part of the solution. A lack of cyber security skills not only degrades an organization’s ability to respond to incidents, it also inhibits organizations from developing and deploying effective prevention.”
Changes need to be made to address the shortage of cybersecurity professionals, although in the meantime it is essential for organizations to ensure that all skilled staff are using their time wisely. Time spent on manual tasks should be evaluated and automated tools used as far as is possible to allow skilled staff to concentrate on the toughest problems.