A recent survey by Tripwire has highlighted a growing concern amongst organizations about a shortage of staff with the relevant training and cyber security skills.
Tripwire, a leading provider of security and operations solutions, revealed that 91% of respondents to their survey believed the shortage so severe that they would need to outsource some security operations. This was due to their inability to fill jobs internally with the necessary cyber security skills.
Widespread adoption of Cloud computing, the Internet of Things (IoT) and DevOps are changing the nature and spectrum of security threats. These technologies, plus an evolution towards more sophisticated attacks (for example the rise of supply chain hacking) has resulted in a shortage of professionals and cyber security skills in specific areas.
This shortage of cyber security skills has led most organizations to believe that they will be unable to protect against security flaws and will therefore be vulnerable to attack.
The Tripwire survey: Key figures
Of the survey respondents, 79% said they had an increased demand for network monitoring and vulnerability management personnel, and some 88% needed more expertise with the Cloud in particular.
Set against this identified need to fill the jobs gap, 50% of respondents were concerned about losing skills, and 24% were concerned over their ability to address security issues and respond to cyber threats. They recognized that the cyber security skills gap would leave their organizations exposed.
Most organizations believe they are vulnerable
A separate piece of research by Thales earlier this year, highlights that one in four (26%) of respondents have experienced a data breach in 2016 and 30% believe their organization is “very vulnerable” or “extremely vulnerable” to cyber attacks. This is very much in line with the Tripwire report which showed that 52% were concerned about keeping up with vulnerabilities.
Tim Erlin, Vice President of Product Management and Strategy at Tripwire, agrees with the respondents’ concerns, “Considering the recent high-profile threats that have been attributed to unpatched systems, it’s no wonder respondents are concerned that a technical skills gap could leave their organizations exposed to new vulnerabilities.”
The recent Equifax and SEC breaches clearly demonstrates the need to keep vulnerabilities in check. Ferruh Mavituna CEO of Netsparker, says: “The Equifax hack is a perfect example that highlights how businesses can get bitten if web application security is not taken seriously. Researchers identified a cross-site scripting vulnerability on their website back in 2016, yet Equifax never responded to their reports and never fixed it.”
The increased demand for cyber security professionals with specific skills will only get worse as companies are faced with the need to secure their environment even as they continue to adopt new and innovative technologies.