Attendees for next week's 2018 Black Hat USA conference said they are still facing significant challenges when...
it comes to cybersecurity staffing and budgets.
According to the 2018 Black Hat USA Attendee Survey, which was conducted in May with 315 infosec professionals, a majority of respondents said they don't have "the staffing or budget to defend adequately against current and emerging threats." Sixty-five percent of infosec professionals said they do not have enough qualified staff members to deal with potential threats; this is the fourth consecutive year, according to the study, that approximately two-thirds of respondents believed they had inadequate staff.
In addition, 66% of respondents said they do not possess enough skills and training to perform all of the job functions required of them by their organizations. The cybersecurity skills shortage was also the most frequently cited answer from respondents (34%) when asked for the primary reason for why enterprise security strategies fail.
"While the shortcomings of current security technology and potential vulnerabilities in emerging cloud services are new aspects of security's current landscape, it is an old nemesis -- staffing shortages -- that continues to plague the data centers and minds of Black Hat Attendee Survey respondents," the report states.
Another cybersecurity staffing issue reared its head in the survey: Nearly half the respondents (47%) said the lack of women and minority infosec professionals was a concern to them. The gender gap in the infosec industry has been cited as a major issue in recent research from other organizations such as ISACA.
While cybersecurity staffing continues to be a major obstacle, budgets are also a consistent pain point, according to the survey. Fifty-three percent of respondents said they do not have enough of a cybersecurity budget to defend their organizations against current threats. However, that number is an improvement from both 2016 and 2017, when 63% and 58% of respondents said they had inadequate budgets.
This year's Black Hat conference has several Community track sessions that deal with cybersecurity staffing and related workforce issues, including a session on hiring and retaining female engineers. Other sessions will focus on negative influences on the cybersecurity workforce such as sexual harassment, addiction, depression, suicide and post-traumatic stress disorder.
Black Hat USA will take place Aug. 4 to 9 in Las Vegas.