Skip to main content

Skills gap is leading to major security worries

(Image credit: Image Credit: Deepadesigns / Shutterstock)

Finding skilled cybersecurity staff is an increasingly difficult task, new research has claimed.

A new report by Tripwire found it’s not just about not having actual people to do the job – it’s also due to the rapidly transforming technology and threat landscapes.

Consequently, the required skillset transforms equally fast, and that becomes a huge challenge for businesses. Almost all respondents (93 per cent) confirmed that the skills required to be a great security professional changed over the past few years.

"The skills gap issue continues to worsen," said David Meltzer, chief technology officer at Tripwire, "which is troubling, since cybersecurity threats only continue to grow. Additionally, security teams are in search of new skillsets to deal with evolving attacks and more complex attack surfaces as they include a mix of physical, virtual, cloud, DevOps and operational technology environments. It's becoming more difficult to maintain critical security controls, and there are fewer people available to do it."

The main worry of organisations that are faced with staff shortages is the ability to stay on top of vulnerabilities. They also worry about being able to identify and respond to issues fast enough. Half fear they’ll no longer be able to manage and secure configurations properly.

Almost all would benefit from external help, including security assessment, penetration testing and vulnerability management. Ninety-four per cent said they have invested in managed services for security.

Lamar Bailey, senior director of security research at Tripwire added: "Because security teams are stretched thin, it’s going to be more important than ever to build strong partnerships. Organisations can collaborate with trusted vendors to take pressure off their in-house resources. Approaches could include more automation of security tasks and support through managed service to ensure that no critical security controls are dropped. Maintaining a strong foundation of security is non-negotiable, so it’s imperative that organisations partner across the info security community to continue meeting security goals effectively."

The full report can be found here.

Image Credit: Deepadesigns / Shutterstock