A Problematic Shortage
It seems like there is a new cyberthreat announced every day, and that may actually be the case. According to security services provider Symantec, last year saw a 62 percent increase in data breaches, and 2.5 billion records have been exposed in malicious incidents over the past five years. This may be due to the worsening shortage of IT security professionals which, according to estimates from Cisco, has reached one million people.
Enterprise Strategy Group, an IT market research and analytics firm, recently published a study looking at IT spending intentions for 2014. Twenty-five percent of all organizations surveyed said they have a “problematic shortage” of employees with the necessary information security skill set.
By The Numbers
Looking at the shortage by industry, the hardest hit organizations are those in the public sector. Thirty-six percent of government agencies say they have a severe lack of security professionals. Manufacturing, financial services and retail enterprises follow close behind, all having between 27 and 29 percent of organizations categorizing their shortage as causing a problem. The healthcare industry fell lower on the list, with 22 percent of organizations finding trouble with their IT shortage. However, some analysts believe this number may be smaller than the reality, as anecdotal evidence suggests the problem is a much bigger problem in that sector.
The Information Systems Audit and Control Association also recently released a report that highlighted how the skills crisis is putting added stress on companies’ security departments. Eighty-three percent of enterprises currently lack the skills and resources to protect their IT interests. One in every five organizations has fallen victim to an advanced persistent threat, but of those, a third aren’t sure they know where it came from. In fact, one in three information security professionals say they’re not familiar with advanced persistent threats to begin with.
“Unless the industry moves now to address the cybersecurity skills crisis, threats like major retail data breaches and the Heartbleed bug will continue to outpace the ability of organizations to defend themselves,” declared ISACA president-elect Robert Stroud.
Making IT Education Accessible – Security is Everyone’s Business
While the need for IT security professionals has never been greater, not many people are interested in pursuing such a vocation. Less than 2.4 percent of graduating college students are entering the workforce with a degree in computer science, but studies show that now is the best time to go start a career in IT security.
According to research from Burning Glass Technologies, demand for cybersecurity skills has increased almost four times faster than for any other IT jobs over the past five years and more than 12 times faster than for all other non-IT jobs. The previous ESG study found that 42 percent of organizations plan to increase their number of information security positions.
To try and fix the discrepancy between the number of college students studying computer science and IT positions available, ISACA has started a cybersecurity nexus program. The initiative, developed with CISOs and cybersecurity experts from across the globe, aims to give current technology professionals and recent graduates the IT training necessary to keep up with the current threat landscape. The nexus program is ISACA’s first security certificate and will be comprised of four qualifications, each needing both an exam and proof of work experience.This is a perfect compliment to CCNA security training and other programs that may have already been taken by individuals interested in an IT career.
“Enterprises cannot rely on just a handful of universities to teach cybersecurity. With every employee and endpoint at risk of being exploited by cybercriminals, security is everyone’s business,” explained ISACA international president Tony Hayes. “We need to make cybersecurity education as accessible as possible to the next generation of defenders.”