Light Dark
September 15, 2017 By Mark Samuels 3 min read

Too many businesses are not leveraging the capabilities of their existing IT professionals and fail to provide high-quality training that will boost business preparedness for the ever-increasing cybersecurity threat.

The 2017 Global Information Security Workforce Study by nonprofit membership association (ISC)² suggested that organizations need to direct attention to education and authority. As many as 43 percent of the 3,300 IT professionals worldwide who responded to the survey reported that their organization does not provide adequate security training resources.

Experts warned that a failure to deal with the ever-present security risk could lead to businesses becoming exposed. IT and human resources managers must ensure that in-house workers receive high-quality training, such as certification programs, and they should ensure external candidates have strong cybersecurity capabilities.

Why Are Organizations Failing to Make the Most of Their Talent?

The research highlighted how strong cybersecurity remains a work in progress for many organizations. Just 35 percent of technology workers reported that their suggestions for improved security are acted upon by the rest of the business.

More worryingly still, the research indicated that organizations’ ability to fend off cybercriminals has reduced during the past year. Such is the lack of preparedness for an external threat that 51 percent of IT professionals said they believed their organization’s systems are less capable of defending a cyberattack than 12 months ago.

When it comes to taking proactive steps to manage the threat, David Shearer, chief executive of (ISC)², said too many businesses fail to use the talent they already hold. In-house IT teams will already be aware of the systems and processes within the businesses and will have a good foundation from which to learn more skills.

What Steps Can IT Professionals Take to Boost Internal Skills?

Shearer said the fastest way for most businesses to improve their security stance is to provide ongoing training to retain IT professionals, reported Business Insider. He also said that technology systems and services underlie all modern business operations, and well-trained technology workers provide the best means to ensure security plans are not undermined.

The research indicated that there is much work to be done in terms of training and development. More than half (55 percent) of IT professionals said their organization does not ask its technology workers to receive a security certification. Sixty-three percent said their company simply does not have enough IT security staff.

Alongside the research, (ISC)² announced a new pathway for its Systems Security Certified Practitioner (SSCP) certification to help organizations improve cybersecurity expertise. IT professionals with a computer science degree can now be certified without the one year of paid, full-time work that was previously required to complete SSCP certification.

How Can IT Managers Fill the Cybersecurity Skills Gap?

Experts warned that an IT skills gap in the crucial area of cybersecurity can create immediate and lasting damage to business operations and customer services. Security leaders should use a combination of internal resource development and external recruitment to help prevent cyberattacks.

The (ISC)² research suggested that recruitment managers looking for new staff should view communication skills (62 percent) and analytical skills (52 percent) as the IT skills most in demand. That focus on engagement and analysis is in sharp contrast to the interests of in-house technology workers, who believe new candidates with cloud computing and security (64 percent) are the most welcome additions, followed by applicants skilled in risk assessment and management (40 percent).

IT managers searching for this security talent are likely to face a considerable battle. The skills gap is such that the global cybersecurity workforce shortage is expected to reach 1.8 million by 2022, according to (ISC)² and research from analyst Frost & Sullivan earlier this year. To this end, the analyst discovered 70 percent of employers around the world are planning to increase the size of their cybersecurity capability through 2017.

 | 
Mark Samuels
Tech Journalist

More from

November 21, 2024

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

November 20, 2024

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

November 19, 2024

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature