It has been long documented that cybersecurity organizations are struggling to hire qualified personnel. A recent study on the cybersecurity professional gap has reaffirmed this dilemma.
Intel Security and the Center for Strategic and International Studies (CSIS) released a global report that outlined the cybersecurity talent shortage crisis. The report, Hacking the Skills Shortage, outlined how the talent shortage crisis has impacted both companies and nations. Eighty-two percent of respondents said there is a clear shortage in cybersecurity, while 71 percent of respondents said this talent shortage has been a primary contributor to the amount of cyber-attacks — because organizations who lack qualified personnel are more desirable hacking targets.
“A shortage of people with cybersecurity skills results in direct damage to companies, including the loss of proprietary data and IP,” said James A. Lewis, senior vice president and director of the Strategic Technologies Program at CSIS. “This is a global problem. A majority of respondents in all countries surveyed could link their workforce shortage to damage to their organization.”
As we noted in June, more companies need talent, so companies are going to continue to be easier targets.
The lack of qualified candidates makes using the resources your organization does have that much more important. That’s one of the many reasons SurfWatch Labs stresses the importance of threat intelligence.
The Hacking and Skill Shortage report also mentioned diversity as being a huge challenge in the cybersecurity skills gap. The report referenced a 2014 Taulbee Survey and an ISC report to address the women and minority diversity challenge:
“In North America, a dearth of women and minorities in the cybersecurity industry mirrors trends in academia, according to a survey of academic institutions that provide degrees in computer science and engineering or information security. In this study, only 2.6% of doctoral graduates of these programs in 2014 were non-Asian minorities, a decrease from 3% in 2013. Women comprise only 17 to 18% of doctoral graduates in computer science, engineering, and information security. This mirrors industry trends, as an (ISC) study of 306,000 professionals in cybersecurity revealed only 11% were women. Anecdotal evidence from our interviews suggests that while relevant technical programs are slowly adding more women, black and Hispanic students remain in short supply.”
If women and minorities are so poorly represented in the cybersecurity workforce, organizations need to recognize this issue and put a plan in action. This is the same with threat intelligence; it’s not enough to do the bare minimum and meet security requirements, you have to recognize where your organization is vulnerable and address those threats head on with practical tools and intelligence.