pixel_dreams - Fotolia
- Kathleen Richards, Information Security
More than 80% of the IT professionals surveyed in a new report said they had problems filling security roles within their organization. As adversaries become more organized and well-funded, companies face security gaps due to a cybersecurity skills shortage.
"Hacking the Skills Shortage," a global report sponsored by Intel Security and the Center for Strategic and International Studies, is based on independent research conducted in May 2016. Research firm Vanson Bourne surveyed 775 IT professionals in eight nations who said they took part in their organization's cybersecurity decision making. All of the respondents worked in public or private sector organizations with 500 or more employees. Information was also gathered from interviews with experts and open source data.
When survey respondents were asked what skills mattered most for an entry-level security position, roughly 40% said their organizations required a bachelor's degree in computer science, technology, engineering or mathematics. However, when hiring decisions were actually made, hands-on experience, professional certifications and even "gaming" ranked higher as recommended skills for security. Almost 70% of those surveyed said national hacking competitions played a role in developing cybersecurity workforce skills for their companies. Computer hacking is increasingly featured in the storylines and gameplay of popular video games, such as BioShock and Watch Dogs, researchers noted.
More than 50% of the IT professionals surveyed said the cybersecurity skills shortage was "somewhat or far greater" than gaps in other IT disciplines. Of the skills that were in short supply, intrusion detection, secure software development and attack mitigation ranked the highest.
The cybersecurity skills shortage is putting companies at risk, according to those surveyed. Among the adverse effects, 35% of respondents said they can't maintain adequate staff, 33% said their organizations are targets for hackers who know their cybersecurity isn't strong and 25% have lost proprietary data through cyberattacks.
Many companies are investing in training and technology to address cybersecurity. And 60% of those surveyed reported that their organization has outsourced security functions such as risk assessment and mitigation, network monitoring and assessment and repair of compromised systems. Many of these outsourced functions are moving toward automation, according to the report.
Will education and outreach solve the security talent shortage?
Skills to look for in CISO candidates
Should you hire an ex-hacker?