The Cyber Space Needs More Security Warriors

by Sohini Bagchi    Apr 16, 2015

cyber warriors

The cyber space is undoubtedly vulnerable with high-level and sophisticated attacks being reported almost every day. While companies are becoming more aware of these challenges, they are often not equipped to deal with such threats. Reason is that they do not have enough skilled security personnel to fight the advanced threats in the cyber space.

According to a new study by ISACA and RSA Conference, 82 percent of organizations expect to be attacked in this year, but they are relying on a talent pool they view as largely unqualified and unable to handle complex threats or understand their business. The study shows that organizations are coping with a very shallow talent pool with only 16 percent ‘qualified’ to deal with high end attacks. Over half the respondents say it can take as long as six months to find a qualified candidate; and more than a third are left with job openings they cannot fill.

More than a techie

It is not always about being a hard core techie, trying to fight with attackers. In recent times, when technologies such as cloud, mobile and big data are changing the cyber space, experts point out the top three attributes are a formal education, practical experience and certifications.

According to Robert E Stroud, VP of strategy and innovation at CA Technologies and ISACA’s global VP, “We need competent, well-trained, cybersecurity professionals dedicated to the job, and good IT Governance framework for effective use of these valuable assets to block a cyber attack.”

He adds that as cyber security incidents increase, it is important to examine the surrounding issues, which RSA and ISACA has explored such as hacks, attacks, flaws, security structures, budgets and policies.

With less than half feel their security teams are able to detect and respond to complex incidents, most companies worry about the Internet of Things that is expected to create widespread threats to the enterprise. It will enable hackers, non-malicious insiders and every kind of cyber criminal to hack into the systems.

Some other recent research also throws light on the matter. A new Intel Security report found that security professionals are inundated with security incidents, averaging 78 investigations per organization in the last year, with 28 percent of those incidents involving targeted attacks – one of the most dangerous and potentially damaging forms of cyber-attacks. Less than half the respondents who took the survey admitted to a lack of knowledge of the threat landscape and security investigation skills, suggesting that even better visibility through technical integration or analytical capabilities will be inadequate if incident response teams cannot make sense of the information they see. Moreover, over 40 percent called for more training to improve cybersecurity knowledge and skills.

Jon Oltsik, senior principal analyst at ESG explains that better detection tools, better analysis tools, and more training on how to deal with incident response issues are the top ways to improve the efficiency and effectiveness of the information security staff.

Earlier, Cisco’s 2014 Annual Security Report suggests that shortage of nearly a million skilled security professionals is impacting organizations’ abilities to monitor and secure networks, while overall vulnerabilities and threats reached their highest levels in the last one decade.

According to John Stewart, Chief Security Officer, Threat Response Intelligence and Development, Cisco, “There is a clear shortage of more than a million security professionals across the globe. The sophistication of the technology and tactics used by online criminals - and their nonstop attempts to breach networks and steal data - have outpaced the ability of IT and security professionals to address these threats.”

The silver lining

Despite these gaps, this specialized area is growing in prominence within the business. The 2015 State of Cybersecurity reports that nearly 80 percent say their board of directors is concerned with cybersecurity. More than half the companies have employed a chief information security officer (CISO) and the figures will significantly grow.

 “If there is any silver lining to this looming crisis, it is the opportunities for college graduates and professionals seeking a career change. Cybersecurity professionals are responsible for protecting an organization’s most valuable information assets, and those who are good at it can map out a highly rewarding career path,” noted Stroud.

Likewise, Stewart believes there is hope for restoring trust in people, institutions and technologies – and that starts with empowering defenders with real-world knowledge about expanding attack surfaces,” says John N. Stewart, senior vice president. He states that to truly protect against all of these possible attacks, security professionals must be trained to understand the attackers, their motivations and their methods – before, during and after an attack.

Intel too recommends CISOs to commit to continuous cyber security education for his team. “They require ongoing cyber-education for their security teams, including an annual series of courses that provide individual professionals more depth of understanding of threats and best practices for efficient and effective incident response,” suggests Oltsik.

The good news is that as ISACA reports, 56 percent organizations are spending more on cybersecurity in 2015 and 63 percent say their executive team provides appropriate funding. These funding can well as used for recruiting and training skilled personnel to combat attacks.