September 15, 2017 By Mark Samuels 3 min read

Too many businesses are not leveraging the capabilities of their existing IT professionals and fail to provide high-quality training that will boost business preparedness for the ever-increasing cybersecurity threat.

The 2017 Global Information Security Workforce Study by nonprofit membership association (ISC)² suggested that organizations need to direct attention to education and authority. As many as 43 percent of the 3,300 IT professionals worldwide who responded to the survey reported that their organization does not provide adequate security training resources.

Experts warned that a failure to deal with the ever-present security risk could lead to businesses becoming exposed. IT and human resources managers must ensure that in-house workers receive high-quality training, such as certification programs, and they should ensure external candidates have strong cybersecurity capabilities.

Why Are Organizations Failing to Make the Most of Their Talent?

The research highlighted how strong cybersecurity remains a work in progress for many organizations. Just 35 percent of technology workers reported that their suggestions for improved security are acted upon by the rest of the business.

More worryingly still, the research indicated that organizations’ ability to fend off cybercriminals has reduced during the past year. Such is the lack of preparedness for an external threat that 51 percent of IT professionals said they believed their organization’s systems are less capable of defending a cyberattack than 12 months ago.

When it comes to taking proactive steps to manage the threat, David Shearer, chief executive of (ISC)², said too many businesses fail to use the talent they already hold. In-house IT teams will already be aware of the systems and processes within the businesses and will have a good foundation from which to learn more skills.

What Steps Can IT Professionals Take to Boost Internal Skills?

Shearer said the fastest way for most businesses to improve their security stance is to provide ongoing training to retain IT professionals, reported Business Insider. He also said that technology systems and services underlie all modern business operations, and well-trained technology workers provide the best means to ensure security plans are not undermined.

The research indicated that there is much work to be done in terms of training and development. More than half (55 percent) of IT professionals said their organization does not ask its technology workers to receive a security certification. Sixty-three percent said their company simply does not have enough IT security staff.

Alongside the research, (ISC)² announced a new pathway for its Systems Security Certified Practitioner (SSCP) certification to help organizations improve cybersecurity expertise. IT professionals with a computer science degree can now be certified without the one year of paid, full-time work that was previously required to complete SSCP certification.

How Can IT Managers Fill the Cybersecurity Skills Gap?

Experts warned that an IT skills gap in the crucial area of cybersecurity can create immediate and lasting damage to business operations and customer services. Security leaders should use a combination of internal resource development and external recruitment to help prevent cyberattacks.

The (ISC)² research suggested that recruitment managers looking for new staff should view communication skills (62 percent) and analytical skills (52 percent) as the IT skills most in demand. That focus on engagement and analysis is in sharp contrast to the interests of in-house technology workers, who believe new candidates with cloud computing and security (64 percent) are the most welcome additions, followed by applicants skilled in risk assessment and management (40 percent).

IT managers searching for this security talent are likely to face a considerable battle. The skills gap is such that the global cybersecurity workforce shortage is expected to reach 1.8 million by 2022, according to (ISC)² and research from analyst Frost & Sullivan earlier this year. To this end, the analyst discovered 70 percent of employers around the world are planning to increase the size of their cybersecurity capability through 2017.

More from

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Quishing: A growing threat hiding in plain sight

4 min read - Our mobile devices go everywhere we go, and we can use them for almost anything. For businesses, the accessibility of mobile devices has also made it easier to create more interactive ways to introduce new products and services while improving user experiences across different industries. Quick-response (QR) codes are a good example of this in action and help mobile devices quickly navigate to web pages or install new software by simply scanning an image.However, legitimate organizations aren’t the only ones…

Cybersecurity Awareness Month: 5 new AI skills cyber pros need

4 min read - The rapid integration of artificial intelligence (AI) across industries, including cybersecurity, has sparked a sense of urgency among professionals. As organizations increasingly adopt AI tools to bolster security defenses, cyber professionals now face a pivotal question: What new skills do I need to stay relevant?October is Cybersecurity Awareness Month, which makes it the perfect time to address this pressing issue. With AI transforming threat detection, prevention and response, what better moment to explore the essential skills professionals might require?Whether you're…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today