The information security skills shortage and how to solve it
The information security skills shortage and how to solve it

A growing dependency on technology coupled with the alarming frequency at which cyber- threats occur is seeing organisations face an uphill struggle on how to keep their data safe. This comes as the information security sector is suffering from an acute shortage of workers which is predicted to reach a staggering 1.8 million within four years*.  

The traditional boundaries of the enterprise are dissipating yet the arrival of cloud-based services, mobile devices, big data, and the internet of things is seeing the footprint expand. Add for good measure a dose of compliance in the shape of GDPR, not to mention a host of other global regulations, and the squeeze on cyber-security resources exacerbates the need for cyber-security professionals still further. 

Clearly, a problem of this scale isn't going to be solved overnight but there are measures that organisations should be taking which will set them on the right track: 

Planning and strategy 

In 2016, 62 percent of organisations reported having too few information security workers, a figure which has now grown to 66 percent** so ignoring the problem is not an option. Cyber-crime presents a huge challenge for businesses the world over and they are finding it hard to keep up. Recognising the problem and putting a plan and strategy in place on how you're going to tackle it is the essential first step. 

Risk assessment

Better and informed decisions on where resource is required are fuelled by a comprehensive review of the whole business which will enable you to prioritise those areas most at risk and those requiring more focus. If expertise is unavailable for this to be carried out internally then enlist the support of an external specialist.  As the threat landscape evolves it is more important than ever before for organisations to think about risk and security management and their exposure in relation to other commercial objectives.

Strengthen with investment

While your internal team make the most obvious candidates for cyber-security roles they will still need to be trained and should have both soft and technical skills to communicate effectively with non-IT colleagues and understand business processes, compliance and analytics. 

Training is only part of the problem; the recruitment of specialist security professionals to bolster the team will also be necessary. Don't forget to factor in the additional management challenges as well as the time investment. Regular training and certification requirements all need to be considered too. 

Expanding the recruitment pool

There is no doubt that more work needs to be done in attracting a far more diverse group of people into cyber-security and that should begin with schools and universities. Promoting cyber-security as a worthy career prospect that offers great prospects, stability, excellent financial rewards not to mention a great deal of job satisfaction can all be used to strengthen its appeal. 

Look beyond skilled workers to add those with people and business skills to your team who can also contribute significantly. 

Enlisting external expertise

One way that will significantly reduce the pressure on internal teams is to enlist the support of an external professional security services provider who can provide a level of expertise and knowledge that is unlikely to be attained in-house. Having a provider that is continually monitoring all of your networks and taking away onerous, repetitive workloads will allow you to focus on strategy and, most importantly, managing your business. 

The advancing threat landscape is like a ticking time bomb which is leaving organisations in a perilous position on how they keep pace with ever more sophisticated attacks all when skilled workers are in such short supply. Assigning adequate time and consideration to a having a robust cyber-security strategy in place are a pre-requisite in today's world and whether you choose to outsource all or some aspects of your security operations to an expert do not delay as there is no time to waste.  

*Eighth Global Information Security Workforce Study (GISWS) – 2017
**NTT Security Risk:Value Report 2017

Contributed by Stuart Reed, senior director at NTT Security

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.