Too many businesses are not leveraging the capabilities of their existing IT professionals and fail to provide high-quality training that will boost business preparedness for the ever-increasing cybersecurity threat.
The 2017 Global Information Security Workforce Study by nonprofit membership association (ISC)² suggested that organizations need to direct attention to education and authority. As many as 43 percent of the 3,300 IT professionals worldwide who responded to the survey reported that their organization does not provide adequate security training resources.
Experts warned that a failure to deal with the ever-present security risk could lead to businesses becoming exposed. IT and human resources managers must ensure that in-house workers receive high-quality training, such as certification programs, and they should ensure external candidates have strong cybersecurity capabilities.
Why Are Organizations Failing to Make the Most of Their Talent?
The research highlighted how strong cybersecurity remains a work in progress for many organizations. Just 35 percent of technology workers reported that their suggestions for improved security are acted upon by the rest of the business.
More worryingly still, the research indicated that organizations’ ability to fend off cybercriminals has reduced during the past year. Such is the lack of preparedness for an external threat that 51 percent of IT professionals said they believed their organization’s systems are less capable of defending a cyberattack than 12 months ago.
When it comes to taking proactive steps to manage the threat, David Shearer, chief executive of (ISC)², said too many businesses fail to use the talent they already hold. In-house IT teams will already be aware of the systems and processes within the businesses and will have a good foundation from which to learn more skills.
What Steps Can IT Professionals Take to Boost Internal Skills?
Shearer said the fastest way for most businesses to improve their security stance is to provide ongoing training to retain IT professionals, reported Business Insider. He also said that technology systems and services underlie all modern business operations, and well-trained technology workers provide the best means to ensure security plans are not undermined.
The research indicated that there is much work to be done in terms of training and development. More than half (55 percent) of IT professionals said their organization does not ask its technology workers to receive a security certification. Sixty-three percent said their company simply does not have enough IT security staff.
Alongside the research, (ISC)² announced a new pathway for its Systems Security Certified Practitioner (SSCP) certification to help organizations improve cybersecurity expertise. IT professionals with a computer science degree can now be certified without the one year of paid, full-time work that was previously required to complete SSCP certification.
How Can IT Managers Fill the Cybersecurity Skills Gap?
Experts warned that an IT skills gap in the crucial area of cybersecurity can create immediate and lasting damage to business operations and customer services. Security leaders should use a combination of internal resource development and external recruitment to help prevent cyberattacks.
The (ISC)² research suggested that recruitment managers looking for new staff should view communication skills (62 percent) and analytical skills (52 percent) as the IT skills most in demand. That focus on engagement and analysis is in sharp contrast to the interests of in-house technology workers, who believe new candidates with cloud computing and security (64 percent) are the most welcome additions, followed by applicants skilled in risk assessment and management (40 percent).
IT managers searching for this security talent are likely to face a considerable battle. The skills gap is such that the global cybersecurity workforce shortage is expected to reach 1.8 million by 2022, according to (ISC)² and research from analyst Frost & Sullivan earlier this year. To this end, the analyst discovered 70 percent of employers around the world are planning to increase the size of their cybersecurity capability through 2017.