Cyber Skills Gap Grows Along With Threats

A corporate job opening typically draws as many as 250 applicants with varying qualifications.

In stark contrast, a new survey of the growing cyber security skills gap reveals that just over half of US companies looking to fill corporate IT security positions receive five applications. Of those, fewer than one in four candidates possess the qualifications companies are seeking.

"As enterprises invest more resources to protect data, the challenge they face is finding top-flight security practitioners who have the skills needed to do the job," information security executive Christos Dimitriadis told the RSA security conference this week. "When positions go unfilled, organizations have a higher exposure to potential cyber-attacks."

Fifty-five percent of respondents to a cyber security skills survey said they place greatest emphasis on hands-on experience. Nevertheless, 25 percent said candidates lack technical skills. Hence, most recruiters emphasise performance-based certification and training over candidates with college degrees in cyber security.

More than two-thirds of respondents "view certifications as equally, if not more, important as formal education," according to the workforce study released this week by the cyber training and certification group ISACA.

Sensing an opportunity, companies such as IBM have moved to address the cyber security skills gap with automation tools based on its Watson cognitive computing platform. In one scenario, security teams dealing with hundreds of thousands of security events each day could hand off lesser threats to automated systems to reduce the amount of time wasted on false positives.

A new IBM research projects code-named Havyn based on a voice-powered security assistant leverages Watson conversation technology to respond to verbal commands and natural language from security analysts, the company said.

Indeed, cyber security organisations such as ISACA endorse the use of emerging cognitive tools as a way to close the cyber skills gap and address the more mundane but critical aspects of cyber-security. "Where security operational tasks can be automated, it can decrease the overall burden on staff and thereby help make best use of staff that an organisation already has," the study recommended.

It also recommended that companies take steps to retain and invest in its cyber defenders as demand for those talents increases in parallel with threats to corporate networks.

The urgency to retain cyber specialist was underscored by another finding:

Roughly one in four companies surveyed reported that the time to fill priority cyber-security and information security positions can be at least six months.

In Europe, almost one-third of cyber security job openings remain unfilled, the study found.

Another factor at work in the cyber realm is a phenomenon known as "security fatigue," defined as "weariness or reluctance to deal with computer security."
Hence, unremitting cyber-attacks and the mundane nature of the cyber security are contributing to the cyber skills gap, the study warns.

EnterpriseTech:

You Might Also Read

How AI Will Solve The Skills Shortage:

Staff Training 'Not enough to stop most data breaches':

Difficult: Attracting Women To Cybersecurity:

 

 

« Snowden Helping To Protect Journalists
Cyber-Workforce Shortage to Increase »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Contrast Security

Contrast Security

Contrast Security is the leader in modernized application security, embedding code analysis and attack prevention directly into software.

CYBERPOL

CYBERPOL

CYBERPOL is the leading Public Utility Agency for investigating cyber crimes and cyber attacks by criminals, international adversaries.

SonicWall

SonicWall

SonicWall provide products for network security, access security, email security & encryption.

mnemonic

mnemonic

mnemonic helps businesses manage their security risks, protect their data and defend against cyber threats.

Lutech

Lutech

Lutech is an Italian ICT engineering and services company. Business solution areas include cyber security.

Averon

Averon

Averon's technology is the new gold standard for digital identity - the easiest, fastest and most secure verification solution for users on both WiFi and LTE.

Exostar

Exostar

Exostar is the cloud platform of choice for secure enterprise and supply chain collaboration solutions and identity and access management expertise.

NetGuardians

NetGuardians

NetGuardians is a leading Fintech company recognized for its unique approach to fraud and risk assurance solutions.

InstaSafe Technologies

InstaSafe Technologies

InstaSafe®, a Software Defined Perimeter based (SDP) one-stop Secure Access Solution for On-Premise and Cloud Applications.

NextVision

NextVision

NextVision is a Cybersecurity and Technology company offering a range of solutions and services for Security, Compliance and IT Infrastructure Management.

SPARTA Consortium

SPARTA Consortium

SPARTA tackles hard innovation challenges, leading the way in building transformative capabilities and forming a world-leading cybersecurity competence network across the EU.

Cyber Griffin

Cyber Griffin

Founded by the City of London Police in 2017, Cyber Griffin is an initiative that supports businesses and individuals in the Square Mile to protect themselves from cyber crime.

Have I Been Pwned (HIBP)

Have I Been Pwned (HIBP)

Have I Been Pwned is a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach.

OSI Security

OSI Security

OSI Security's primary services include penetration testing, security auditing, web application security testing and risk management.

CaseMatrix

CaseMatrix

Discover a new era of legal intelligence with CaseMatrix. We identify potential class action cases arising from cyber incidents and data breaches.

Cybermate

Cybermate

Cybermate is the first affordable, gamified ‘Psybersecurity’ awareness training platform that reduces behavioural risk and achieves compliance with Australian cybersecurity standards.