IT professionals are often ill-equipped to handle the complex nature of security in combination with other IT issues, despite large enterprises rating cybersecurity among their top priorities, according to a new IT skills survey by CompTIA.
Some of the threats can be very sophisticated and may be beyond the reach of the general IT worker.
Tim Herbert, vice president of research, CompTIA
The “State of the IT Skills Gap” report surveyed 1,061 IT and business managers. Of those employed in a large organization, 92% reported cybersecurity as a top priority for their company. However, only 7% of all those surveyed said their company was exactly where they wanted to be in terms of IT staff skills, which could severely limit their ability to meet their security needs.
“A lot of companies do not have security specialists,” said Tim Herbert, vice president of research at CompTIA. Companies often rely on general IT staff that cannot keep up with the evolution of security along with all other IT fields.
“There continues to be a lag because technology moves very rapidly. Some of the threats can be very sophisticated and may be beyond the reach of the general IT worker,” he said.
Lack of training resources was also credited with causing the IT skills gap by 43% of professionals surveyed. For this reason, many organizations are relying on online self-training to keep staff abreast of new information.
And even though more than half of respondents said they planned to address the gap by training or retraining staff in areas that are lacking, only 38% said they had used in-person or classroom-based training internally.
Herbert cites a lack of financial resources as one cause for the online training trend, but also the fact that online resources give the employee the flexibility to learn on their own time, and the company the ability to maintain in-office productivity. It would be nice if the entire IT staff could take a week off and attend an IT seminar that would update them all at once, he said, but companies can’t afford it.
IT security skills and certifications
Whether starting your career or planning your next step as an IT security professional, this tip will guide you toward the best certifications for your interests and experience.
Enterprises are going to be on the hunt for security professionals with the skills and certifications required to embrace the explosive demand for mobile devices and the cocktail of mobile security threats associated with them, according to security security industry career experts.
They also can’t afford to hire new employees in many cases. Only 28% of respondents cited new hires as a way to close the gaps. There is always concern about not only the hard knowledge base of new employees, but the soft skills they possess as well, Herbert said.
“Hiring someone new still involves a learning curve,” he said. “Soft skills are still important. New employees have to be able to work in a team and learn customer service” among other skills.
Another top priority among two-thirds of businesses is mobility, which is more nascent than security. There is now more demand for flexibility among end users, who don’t want to be limited to using a BlackBerry or other standardized devices.
“Because it has happened so quickly, many organizations and their IT staff are still catching up to understand the technology and make sure they strike the right balance between protecting the technology and giving flexibility for devices to be used,” Herbert said.
“From the security standpoint, there are increasing concerns about mobile malware and data loss. There are not that many companies yet that have full-blown mobile device management (MDM) applications and processes in place,” Herbert said, citing tools like remote wiping as one way to protect corporate info on any device.
However, according to another recent CompTIA survey, only 25% of IT departments use online tracking or swiping, and 40% encrypt the data on mobile devices. Requiring passcodes, which seems the least secure option, was the top choice for 75% of those polled. The “Trends in Enterprise Mobility” report also noted that one-third of the 500 IT and business professionals surveyed had begun developing an overarching mobile security policy.
The one sure thing about the IT skills gap, especially for security, is that it has never been more important or pervasive than it is today, Herbert said. Technology is now more involved in the workplace than ever, he said.
“It is filtered down to all employees and all sizes of companies,” he said. “It used to not be accessible because it was too complex or too expensive. But now we do see more technology being used by more employees than ever before.” As a result, he continued, “general literacy and competency of all staff is becoming increasingly important.”