Home / Software & Service News / Digital organizations face a huge cybersecurity skills gap

Digital organizations face a huge cybersecurity skills gap


Over the past five years, organizations have become more aware of cybersecurity, and yet DDoS, spear-phishing attacks, botnets, and other attack vectors have continued to get worse. Digital insecurity will continue for the foreseeable future, with the biggest reason being that we don’t have enough well-trained, skilled cybersecurity professionals to go around.

There are a few reasons for this gap.

First, from a hiring perspective, the trickle of security students emerging from post-secondary schools may not be fully prepared to tackle complicated security issues — what we need are people who can protect businesses environments from everything from spam and BYOD vulnerabilities to complex threats like APTs and spear phishing.

Second, certain companies may not know what to look for in a professional.

Third, when skilled professionals are hired, they can often be overworked to the point where they don’t have the time to keep up with the latest developments in the field — and even in their own security tools.

The result is that most positions go unfilled. In fact, according to the Information Audit and Control Association (IACA), about a quarter of all cybersecurity positions are left unfilled for about six months. The IACA study isn’t the only report with these dismal takeaways.

Another study by the Information Systems Security Association and Enterprise Strategy Group, reports that about 70 percent of surveyed organizations say the cybersecurity skills gap has impacted their business, with 54 percent reporting they’ve suffered at least one security event in 2016. Fifty-five percent of respondents also said the lack of skilled workers added to their security team’s workload so much that, in some cases (35 percent), their team couldn’t familiarize themselves with the security tools they use.

These are all systemic issues needing systemic answers that could take years to resolve. Still, these problems need to be addressed, and they won’t be until we change how cybersecurity experts are hired, retained, and educated.

Setting expectations is a good first step. Companies should have a clear understanding of what they need from a security professional and set their expectations accordingly. Typically, this will range from evaluating network and system ecosystems to routinely testing and prodding the companies’ security to establishing protocols and analyzing network attacks. Here, professional experience and the ability to communicate effectively within the organization are very important.

Companies should also have a robust mix of technical and theoretical problem solving questions for candidates. It should be long. It should be exhaustive. It should be tiring — but it’s necessary. The reason is simple: Candidates should have the endurance, determination, and focus to lay out how they came to their conclusions and the ability to explain their reasoning — clearly — in order to do their job. Good hackers think creatively to overcome technical problems, and your security engineers need to do the same in order to defend the company properly. Sticking with a problem for awhile and not giving up is a key trait to look for. Just remember: “Thinking like a hacker” is a must in this industry.

Another tactic is to give security teams the tools they need to succeed — and sometimes that just means giving them room to work. Giving employees the time to test new techniques, research new attacks, and analyze events is an important part of healthy security. Cybersecurity is a unique industry because it must identify and mitigate a variety of vulnerabilities in technologies that are constantly changing. Attack vectors come and go, but sometimes they resurface. Patches need issuing, and suspicious behavior needs analyzing — especially when executive-level endpoints are in play. Companies that don’t provide the space and the time for their security staff to keep their skills sharp, are setting themselves up to fail. Companies with successful security teams give them the time to conduct internal evaluations and regularly send them to security conferences for fresh perspectives and hands-on training.

The fundamental problem facing the skills gap, however, is that there aren’t enough people coming into the field to begin with. Here, companies need to do two things: step-up their advocacy when it comes to promoting cybersecurity careers, and look internally for employees who have the skills and desire to take on a security position but need the training and support to succeed. The first half is a long-term solution requiring a good deal of cooperation with career counselors in both high schools and post-secondary schools. The second half, however, is more of a short- to mid-term solution, but it’s just as viable — in some cases — as hiring dedicated security professionals. This is because cybersecurity shares many skills common to tech positions: creative thinking, technical know-how, and a dogged obsession with solving difficult problems.

Finally, businesses need to recognize that security threats today go well beyond just one department. Every employee should be responsible for knowing what to look for in an attack, how to report a suspected threat, and how they can simply disengage from content and files they deem suspicious. Basic security training needs to become a part of the onboarding process for any employee — especially for those in the C-Suite, where a greater number of spear-phishing attacks occur.

Closing the cybersecurity skills gap isn’t going to happen overnight — or likely even over the next decade. It’s going to be a long process because it’s going to take a fundamental shift in how businesses recruit, hire, and keep security talent. But it’s worth it in the long run for the company, its employees, and its customers.

Ryan Barrett is VP of Security and Privacy at Intermedia.

Click Here For Original Source Of The Article

About Ms. A. C. Kennedy

Ms. A. C. Kennedy
My name is Ms A C Kennedy and I am a Health practitioner and Consultant by day and a serial blogger by night. I luv family, life and learning new things. I especially luv learning how to improve my business. I also luv helping and sharing my information with others. Don't forget to ask me anything!

Check Also

What we’re watching: ‘Raw’ and ‘Feast of Fiction’

Welcome back to Video IRL, where several of our editors talk about what they've been watching in their spare time. This month we're kicking things off with some seasonally-appropriate horror fare, that you can catch right away on Netflix or Amazon Prime. Then it's time for a Gundam throwback before Kris Naudus points out a couple of YouTube food channels perfect for binge eating or binge watching.

Them / Raw


Timothy J. Seppala

Timothy J. Seppala
Associate Editor

To get into the Halloween spirit, I've been watching at least one horror movie a day since the end of September -- the lower the budget, the better. Problem is, so many of the American low-budget or indie horror offerings on Amazon and Netflix are crappy Paranormal Activity clones, cheap-thrill gore-fests or uninspired found-footage "documentaries." Whether it's by design or coincidence, I've found that French horror movies have held my attention the most lately. Specifically, 2016's Raw, as well as Them, from ten years prior. They're more psychological thrillers than straight-up horror, but that didn't stop me from being more on edge while watching them one afternoon than I was during A Haunting in Saginaw, Michigan, late at night. Both start with a car crash, but they couldn't finish any more differently.

Raw, recently added to Netflix, tells the tale of a vegetarian girl in her first week at a prestigious veterinary school. During a hazing ritual, she's forced to eat a raw rabbit kidney. She immediately gets sick, throws up and wakes herself up that night scratching a full-body rash to near bleeding. This bout with food poisoning is just the beginning, though, and soon protagonist Justine finds out she has a taste for forbidden fruit. As the remaining 70-ish minutes unfolded, I lost track of how many times I clasped my hands over my mouth, agape in shock, to stifle my shouts of "OHMYGODWHATTHEFUCKISEVENHAPPENING?!"

But French director Julia Ducournau balances every body-horror scene either with something pedestrian twisted into being unsettling (like a horse on a treadmill) or with something that makes you ask how far Justine can go before someone confronts her about her new diet. And those questions keep coming right until the credits roll. I can't say I enjoyed watching Raw, but it was a hell of a ride.

The same goes for Them, currently streaming on Amazon Prime. Its focus is narrow, centering on a young couple living in a cavernous farmhouse, terrorized over the course of a night by unseen horrors. The camera never quite gives away who (or what) the perpetrators are, and revealing the twist would be a sin. As with Raw, its atmosphere and overall creepiness won me over straightaway. The scariest part? Realizing that I've probably driven past a shot like the final scene countless times and not thought twice about it. If you're willing to read subtitles, both of these should make you shiver and scream more than The Conjuring 2 on HBO Go could ever hope to.

Mobile Suit Gundam The 08th MS Team


David Lumb

David Lumb
Contributing Editor

I'd heard that a lot of anime had left Hulu, but I scanned their selection anyway looking for classic shows I'd missed, like the original Mobile Suit Gundam. They don't have that -- but they did have a series I didn't finish the first time it aired on Toonami, the 1996 classic Gundam side story The 08th MS Team. Unlike the franchise's other show released the year before, the massively successful Gundam Wing, 08th ditches the brand's typical pretty-boys-in-unbeatable-robots for a grounded and sobering story about the people who get caught up in wars -- desperate soldiers, civilians and guerrillas alike. It's dirty, honest, utterly humane and gorgeously animated.

It's also a little preachy and melodramatic, and it shows its age with odd sexist moments. While it's still the Thin Red Line of the Gundam universe, I remember it far more fondly from when my 14-year-old self grazed the series on its first American airing. There's something sad in seeing an old favorite for the flawed media it always was. Much like Waypoint's Rob Zacny, I've grown up and seen a lot since I first caught the show as a starry-eyed teen. I still think The 08th MS Team is a wonderful little 12-episode miniseries with a big heart, but I won't revere it so highly -- and will think a little harder about who I recommend it to.

Feast of Fiction / Binging with Babish


Kris Naudus

Kris Naudus
Senior Editor, Database

Back in March, I came home from a trip only to discover that my oven didn't work. The cooking gas in my building had been shut off due to a leak. My building management seemed to be on it, so I made do with a combination of microwavables, toaster oven and Seamless. Unfortunately, weeks and months went by, calls to the city were made and permits were issued, but, even as I write this in October, gas still has not been restored to my building. My landlords eventually threw their collective hands in the air and began installing electric ranges in every apartment, so a few weeks ago I was finally able to cook for myself again.

I am so jazzed to be able to make food. Hot food! Scrambled eggs! Steak! Cookies! I started reading food blogs and cookbooks, and shopping to refill my pantry. I'm halfway through Kenji Alt-Lopez's The Food Lab, a huge 900-page hardcover that talks about the science of how food cooks. On the lighter side, I've also been reading food-themed comics like Delicious in Dungeon and Food Wars. And the latter title (which is also an anime) ended up sucking me into a YouTube hole of food videos that I've been obsessed with ever since.

You see, the very first chapter of Food Wars features the "Gotcha" Pork Roast, a bacon-wrapped potato loaf that hero Soma Yukihira makes to save his family restaurant. It looks pretty tasty, so I searched for recipes and pics online and stumbled onto Jimmy Wong and Ashley Adams' Feast of Fiction, a series that demonstrates how to make various foods seen in cartoons, video games and comics. If you ever wanted to taste Steven Universe's beloved Cookie Cat ice cream sandwiches or Kirby's super-spicy curry, there's an episode for you. One thing I really enjoy is how they also incorporate crafts into it, showing how to make paper wrappers for your Reptar chocolate bars or genuine-looking Ecto Cooler Hi-C boxes.

I've been marathoning through the episodes, which the YouTube algorithms have definitely picked up on at this point, throwing food show after food show into my suggestions. One that caught my eye was Binging with Babish. Where Feast of Fiction mostly sticks to the realm of kids' cartoons, anime and video games, Binging with Babish is a little more mainstream, covering foods from popular media like Mad Men, Seinfeld and House of Cards. Still, there's a bit of overlap -- both Babish and Feast have done their own takes on the Ultimeatum from Regular Show and Krabby Patties from SpongeBob SquarePants. But the recipes are different, and I watch the shows for the personalities. Feast of Fiction is pretty silly (and there's a cute dog), while Binging with Babish is a little more subdued. Not that Babish can't be ridiculous as well -- the Moist Maker is one of the most ridiculously complicated sandwiches I have ever seen, basically asking you to cook an entire Thanksgiving dinner.

Sadly, I still haven't done a lot of actual cooking since getting my stove back. I'm having too much fun watching other people do it instead, with the added bonus that I don't have to clean up the mess.

"IRL" is a recurring column in which the Engadget staff run down what they're buying, using, playing and streaming.

css.php