Negotiating the cyber threat landscape amid a skills crisis

It’s a threat minefield out there and for organisations it’s a constant challenge as to how best to equip themselves to defend against an increasingly complex security landscape. This combined with the growing shortage of cyber security skills not just in the UK but, across the globe is putting pressure on organisations to fill the security skills gaps in their workforce.

Propelled by impending deadline of the EU General Data Protection Regulation (GDPR), changing compliance and regulation requirements are adding to their woes and thus creating a seemingly monumental task of how best to recruit the right skills and resources to meet these growing demands.

In fact, 66% of organisations said in a Global Information Security Workforce Study conducted last year that they had too few information security workers to meet their needs, highlighting the ongoing challenges faced by HR and recruitment professionals.

>See also: The cyber security skills gap in the UK: a multifaceted problem

There are an estimated one million unfilled security jobs worldwide which is unlikely to decrease anytime in the near future. In fact, the ISC survey predicts that unfilled cyber security jobs globally will rise to 1.8 million by 2022, representing a 20% increase from 2015 so the problem is set to grow substantially.

Due to the resource shortage companies are no longer able to keep pace with the growing range and volume of threats making it virtually impossible to address all aspects of cyber security internally. All of this will lead to gaps appearing in an organisation’s risk posture, potentially exposing them to unnecessary threats.

Organisations are set to face hefty fines for failing to protect data when GDPR comes into force in May and vast numbers of in-house security teams will struggle to cope with new regulatory challenges they are facing at a time when they are acutely under-resourced. So, how can we address this and attract more people to the industry?

A water-tight recruitment strategy

Resourcing certainly presents a huge challenge to companies so finding and recruiting the right people is paramount. Your recruitment strategy is critical and must be reviewed to ensure it is fit for purpose.

Businesses will need an array of specialist IT security staff – including experts in compliance, digital forensics, incident response, threat intelligence and analytics – but it’s important not to overlook those people from outside typical IT security roles.

>See also: Government response to tech skills gap: cyber security and coding

Those with good communication, people and business skills can make important contributions to an IT team, a fact backed up by the ISC report which says that 30% of employees have launched a cyber security career after holding a non-technical job in business, accounting or marketing. HR must take note and recognise the positive impact that staff who are able to listen, empathise and help demystify cyber security within the business could have and the difference they would make.

Grassroots approach and beyond

Above all, more needs to be done at the grassroots level to encourage people to consider a career in security. The industry as a whole needs to better collaborate with government and work to educate teachers and careers advisors at schools, colleges and universities to fundamentally change the way people view working in the industry.

There are also the generational challenges to consider with millennials far more unsettled than their more mature counterparts and leaving their jobs at unprecedented levels. It’s down to HR to look beyond traditional recruitment practices and understand what motivates them.

>See also: Addressing the cyber security skills gap

In addition, the disconnect between what a manager expects and what a new team member requires for a successful and rewarding career is also something that needs to change if the cyber security skills shortage is to be addressed.

Adequate training

The complexity of your operations should not be underestimated. An IT security department needs resource with a broad range of skills and the individuals’ abilities often don’t extend to cover all that is required of them. The answer to this is simple: if you want your IT security staff to ‘wear many hats’ recruit them accordingly or train them up to the standard required.

Recruiting and managing a team of security professionals brings its own trials, unique to other departments and roles within a business. Recruitment costs and the time needed to fill each position are the obvious ones. There is also the need to train individuals and keep their skills and certifications up to date – often very demanding within a cyber security role as threats evolve and technologies change.

What’s the alternative?

An alternative option is to look to outsource these skills to avoid the cost, time and frustration of this process, which may have to be repeated if someone decides to leave (along with their knowledge and skills).

>See also: Women necessary in closing cyber security skills gap

Outsourcing at least some or even all these skills to an end to end provider of cyber security services can help close the gap because they are able to provide the right people with the right skills at the right time.

There is no denying the fact that there are not enough qualified security experts entering the workforce today and it’s a problem that isn’t going to be solved anytime soon. The industry needs to work together better and make cyber security be seen as an appealing career choice with long term opportunities and prospects in order to attract more people into the profession. There really is no better time to start that process than now.

 

Sourced by Randika Fernando, senior global product marketing manager, NTT Security

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...