skills gap Archives - Security IT Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts Tagged :

skills gap

McAfee on cybersecurity for the ‘new normal’ while managing the skills gap

960 640 Stuart O'Brien

Cybersecurity is now in the midst of an unprecedented challenge. While the scale, complexity and financial impact of data breaches and cyber attacks continue to increase, the pool of skilled professionals to fill security roles is dwindling.

According to research in March from the Department for Digital, Culture, Media and Sport, approximately 653,000 (48%) businesses have a basic skills gap, which means that those in charge of cybersecurity at those organisations lack the confidence to carry out the tasks laid out in the Government-backed Cyber Essentials scheme and do not have external support to do so. 

In practice, this means that almost half of UK businesses are unable to tackle the cybersecurity basics, such as setting up firewalls, storing or transferring personal data and detecting and removing malware. A further 408,000 organisations have “more advanced skills gaps”, covering areas such as penetration testing and security architecture.

Being unable to recruit skilled talent is simply exacerbating this problem, with employers identifying 35% of their security vacancies in the last three years as “hard to fill”.

Security teams are now being tasked with greater responsibility than ever, including getting entire workforces mobilised to work from home efficiently and securely, while battling a changing threat landscape. In light of the challenges they face today, it is more important than ever to take an intelligent, cloud-native approach to endpoint security.

We spoke to Adam Philpott, EMEA president at McAfee, about ways of managing the skills gap without compromising on security…

What can be done to tackle the skills gap issue in cybersecurity?

“To tackle such a complex issue requires both “top-of-the-funnel” intervention and investment from government organisations, but also collaboration across the cybersecurity industry and concrete measures from companies themselves.

“We can try to bring talent in further down the line, for example training employees later in their careers, but ensuring we have more talent available in the first place is essential. That is why nationwide investments in training in the technology sector, such as the establishment of a new UK Cyber Security Council to provide a framework for cybersecurity qualifications, are crucial and instrumental to closing the widening skill gap.

“However, there’s much that individual businesses can do to tackle the issue at their level, including implementing initiatives (whether it’s in collaboration with others in the industry or on their own) to promote greater diversity and attract more talent. For example, at McAfee we are targeting talent from outside of IT and security for many roles – an approach that requires thoughtful support mechanisms for onboarding and ongoing development.”

How much of an impact is a lack of diversity having on the wider skills gap, and how can it be combatted?

“A lack of diversity in recruitment processes, often coming through unconscious bias, means that businesses are missing out on large parts of the talent spectrum. This leads to slower progress in tackling the technical skills gap currently facing the industry.

“Building diverse teams should be a no-brainer for businesses, as doing so has clear benefits – from boosting creativity to achieving greater financial success. Companies in the top quartile for gender diversity are 15% more likely to have financial returns above their respective national industry medians, as well as benefitting from a wider bank of perspectives and expertise to draw on. Above all, diversity in the workforce is attractive to new talent and leads to better problem solving as well as improved service for customers of all backgrounds and perspectives.

“When working to combat the skills gap, companies should aim to weave diversity into every single process, programme and initiative. In practice, this means constantly thinking about different ways to access a more diverse talent pool, such as implementing flexible working practices. Alongside this, it’s important that companies are addressing the problem in the recruitment and interview processes, to ensure that hiring is as fair as possible. For instance, if an organisation is looking to recruit a better balance of men and women, it could change the wording in job adverts to make them more gender neutral or ensure that there is at least one woman on every interview panel making a recruitment decision on a candidate.”

How can organisations ease the burden on stretched IT teams without compromising on security?

“The average IT department manages thousands of endpoints, from desktops to IoT devices and everything in-between. Unfortunately, many security solutions simply dump too much information on stretched security teams and rely on senior analysts to investigate threats. When the skills gap issue is factored in, this can lead to serious holes in an organisation’s security posture.

“During the last few months of Covid-19 and the shift towards remote working, many businesses have been forced to accelerate a process of digitization, which in turn gives rise to two dimensions of complexity. Firstly, the infrastructure complexity that comes with more devices being connected and more cloud services being consumed. All of this needs protecting within the security OpEx envelope.

Secondly, there’s the security complexity, where a fragmented (or “best of breed”) solution weakens an organisation’s overall security posture. Both of these complexities put an undue burden on talent, exacerbating the ongoing skills gap issue.

“Some businesses look to outsource their threat detection and analysis, but in essence this only shifts the need for experts from one business to another. Rather than take this approach, organisations need to invest in the right cloud-native tools that identify and contain threats, but also help to upskill more junior staff and lighten the load for employees.

“Integrated solutions monitor and collect activity data from endpoints that could point to a threat, providing the visibility and context needed for security personnel to act. By analysing the data to identify threat patterns, its AI-driven response capabilities can automatically remove or contain threats and notify analysts, while the forensics and analytics tools hunt for identified threats and suspicious activities.

“Automation plays a key role here, handling a high volume of low intellect threats, which frees staff up to focus on higher-value work. By trusting in automated investigation, organisations can reduce alert noise and set up processes which enable staff to do more with less. This is vital for the business to maintain a consistently strong security posture, while allowing human personnel to focus on tasks that do more than just keep the lights on.”

Cybersecurity skills gap increases to 2.9 million globally

960 640 Stuart O'Brien

New research shows a widening of the global cybersecurity workforce gap to nearly three million across North America, Latin America, Asia-Pacific (APAC), and Europe, the Middle East and Africa (EMEA).

The 2018 (ISC)² Cybersecurity Workforce Study (formerly the Global Information Security Workforce Study) is based on feedback from a sample of professionals responsible for securing their organisations around the world.

It includes IT/ICT staff within organisations ranging from large enterprises to small businesses who may or may not have formal cybersecurity roles but do have hands-on responsibility for securing critical assets every day – spending at least 25% of their time on such activities.

Key insights revealed in the study include:

  • Of the 2.93 million overall gap, the Asia-Pacific region is experi­encing the highest shortage, at 2.14 million, in part thanks to its growing economies and new cybersecurity and data privacy legislation being enacted throughout the region
  • North America has the next highest gap number at 498,000, while EMEA and Latin America contribute a 142,000 and 136,000 staffing shortfall, respectively
  • 63% of respon­dents report that their organisations have a shortage of IT staff dedicated to cybersecurity. 59% say their companies are at moderate or extreme risk of cybersecurity attacks due to this shortage.
  • 48% of respondents say their organizations plan to increase cybersecurity staffing over the next 12 months
  • 68% of respondents say they are either very or somewhat satisfied in their current job
  • Women represent 24% of this broader cybersecurity workforce (compared to 11% from previous studies), while 35% are Millennial or Gen Y (compared to less than 20% from previous studies)
  • More than half of all respon­dents globally (54%) are either pursuing cybersecurity certifications or plan to within the next year

Some of the biggest career progression challenges respondents reported are:

  • Unclear career paths for cybersecurity roles (34%)
  • Lack of organisational knowledge of cybersecurity skills (32%)
  • The cost of education to prepare for a cybersecurity career (28%)

The four areas cybersecurity pros feel they will need to develop most or improve on over the next two years in order to advance in their careers include:

  • Cloud computing security
  • Penetration testing
  • Threat intelligence analysis
  • Forensics

“This research is essential to fostering a clearer understanding of who makes up the larger pool of cybersecurity workers and enables us to better tailor our professional development programs for the men and women securing organizations day in and day out,” said (ISC)2 CEO David Shearer, CISSP. “We will share these powerful insights with our partners in government and the private sector to help establish the programs necessary to advance the cybersecurity profession. By broadening our view of the workforce to include those with collateral cybersecurity duties within IT and ICT teams, we discovered that professionals are still facing familiar challenges, but also found striking differences compared to previous research, including a younger workforce and greater representation of women.”

Download the full study at www.isc2.org/research.