Finding the right security professional: The true skills challenge

Backed by a $19 trillion industry, cyber criminals are finding new and complex ways of compromising systems and are evading detection more than ever before. In fact, Cisco alone blocks more than 20 billion threats a day and 1.5 million of these are unique malware samples.

With the media landscape dominated by high profile attacks, it is clear that no company is immune to cyber threats - to put it simply, it is not a case of if a company is hacked, but when. In order to survive and thrive in this landscape, companies need to have a cyber security strategy in place. That includes hiring the right staff with the right certification to keep up with evolving threats, while also putting in place the right security architecture to free them up to focus on innovation and creating business value.

However, demand for talented security professionals far outweighs supply. Cisco predicts that there will be a shortfall of 2 million by 2019. If businesses are to protect its customers, employees and importantly brand confidence against potential cyber attacks, there is a vital need to increase the number of skilled security professionals in the cyber security sector.

In this digital era, a comprehensive and agile cyber security policy empowers organisations to not only protect themselves, enable trust, be more agile and ultimately to add value to the business and grow. However, with the volume and sophistication of cyber attacks continuing to rise, it is essential that we readdress the balance and invest in talent to lessen the shortage.

Why the fuss?

The estimated annual cost of cyber crime to the global economy is predicted to be anywhere between $375bn, to as much as $575bn. As such, significant cyber threats and ongoing attempts to breach network security and capture data are outpacing the ability for businesses to address these threats, leaving themselves vulnerable to attack.

By 2019, there will be approximately two million cyber security jobs available around the world without enough talent to fill them. The lack of trained personnel and the skills deficit of existing personnel represents one of the greatest barriers organisations face to securing and safeguarding their own and their customers’ information.

According to Cisco’s 2016 Annual Security Report, businesses are struggling to keep pace with the rapid advancements of attackers for three main reasons. The first is that a typical enterprise has 30-40 different security vendor products in its network due to the increasing complexity of the security landscape. 

Secondly, the changing nature of attacks – attacks are being generated, not just by individual hackers, but also by well-funded organisations with a lot of resource at their disposal. Thirdly, the internet of things – while the IoT has created a wealth of new opportunities, the increased number of devices connected to the network has given cyber criminals myriad access points to target systems.

The security talent shortage makes dealing with this problem very challenging. The reality is that we don’t live in a warm glow of effective cyber security, but under the dark shadow of cyber threat. In order to survive and thrive in this landscape, companies need to be able to keep up with evolving threats and invest in people with the right experience to pre-empt criminal activity.

Leaning on external experts can provide access to this necessary business intelligence in the absence of skilled professionals to hire directly into the business.

Cyber security – essential to digital success

Cyber security is essential to digital success; however the ability for businesses to innovate is hampered by the inherent and very real security threat. One way to address the cyber security skills gap is to help retrain people already in the IT space.

Anyone from veterans to those early in their careers could be inspired to enter the cyber security profession. We need to take a look beyond just training those new to the workforce - which is still an important route to take to address this vast skills shortage and build the talent of the future.

Building an effective cyber security strategy needs to take a holistic approach and must include simplifying the security infrastructure. Businesses should aim to reduce fragmentation and compartmentalisation between IT and security while increasing visibility and accountability. They must also adopt an unrelenting approach to security efficacy particularly regarding processes and threat intelligence.

That said, these processes are only as strong as the talented security experts able to bring it all together. In the case of security, people are just as important as technology when mitigating the effects of a security breach.

Terry Greer-King, Director of Cybersecurity, Cisco UK, Ireland & Africa

Image source: Shutterstock/Sergey Nivens