“Untrained and neglected IT staff increasing cyber security skills gap” warns (ISC)²

A survey of 3,300 IT professionals conducted by (ISC)² has revealed that widespread underfunding in training in-house IT talent is contributing towards the critical cyber security skills gap. The report shows that businesses are exposing themselves to cyber threats by ignoring and neglecting IT professionals, with 65% of IT workers reporting that their security advice isn’t followed.

Almost half of IT workers say their firms don’t invest sufficiently in ensuring that their IT staff are security-trained, despite a shortage of cyber security workers across 63% of businesses. This indicates that the cyber skills deficit is rooted in businesses failing to listen to advice from IT staff and upskill in-house talent.

The report suggests that this is a leadership issue, with 49% of respondents accusing business leaders of a failure to understand cyber security requirements. According to the report, the end result is that the majority of companies are even less able to cope with a cyber attack than they were last year.

In February this year, (ISC)2 suggested that the cyber security skills gap will grow to 1.8 million by 2022 if current hiring and training trends continue.

The latest research is based on responses from more than 3,300 IT professionals from around the world who participated in the 2017 Global Information Security Workforce Study. The report can be downloaded here.

Key findings from the study

Key findings from surveyed IT professionals include the following:

*43% said their organisation doesn’t provide adequate resources for security training

*only 35% agreed that their security suggestions are acted upon

*55% said their organisation doesn’t require IT staff to earn a security certification

*63% said their organisation has too few security-focused workers

*51% of organisations are less prepared for a cyber attack than they were 12 months ago

*49% blame business leaders for any lack of understanding of cyber threats

*51% said their systems are less able to defend against a cyber attack compared to a year ago

*hiring managers rank communication skills (62%) and analytical skills (52%) as their top priority, while IT pros cite cloud computing and security (64%) and risk assessment and management (40%) as the top skills needed

“Our findings suggest that too many organisations are so fixated on their inability to attract top cyber security expertise that they often overlook a tremendous pool of talent already on staff and intimately familiar with their infrastructure and processes,” said (ISC)² CEO David Shearer CISSP. “The quickest way for many organisations to protect themselves against cyber threats is through continuous education and empowerment of their IT team’s constituent members. Security is a shared responsibility across any organisation, but unless IT is adequately trained and enabled to apply best security practices across all systems, even the best security plan is vulnerable to failure.”

Education and certification 

To help companies easily train their own IT workers in cyber security, (ISC)2 has also announced an experience waiver for its Systems Security Certified Practitioner (SSCP) certification. IT professionals and others who have earned a cyber security or computer science degree from an accredited college or university can attain full certification without completing one year of paid, full-time work experience as previously required after passing the SSCP exam and completing the (ISC)² endorsement process.

SSCP is an ideal cyber security certification for those IT professionals responsible for the hands-on operations of securing their organisations. Those who earn the SSCP certification demonstrate their technical skill to implement, monitor and administer IT infrastructure using security policies and procedures, as well as an ability to protect the confidentiality, integrity and availability of data.

The SSCP encompasses security operations and administration, risk identification, monitoring and analysis, incident response and recovery, network and communications security, system and application security and cryptography.

Organisations can leverage (ISC)² Enterprise Solutions to educate and prepare their IT teams to pass the SSCP exam and start contributing to stronger cyber defence immediately.

*Learn more about the SSCP certification and (ISC)² cyber security education opportunities at www.isc2.org

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014.

Related Posts