According to a Tripwire study, 93% of security professionals are concerned about the cyber security skills gap, while 72% believe it is more difficult to hire skilled security staff to defend against today’s complex cyber attacks compared to two years ago.
The changing face of cyber security has impacted the necessary skills required – indeed, 81% of those surveyed believe that the skills required to be a great security professional have changed in the past few years.
The report found that 20% of respondents said their organisations had hired people with expertise not specific to security over the past two years, and another 17 percent stated they plan to do the same in the next two years.
Additionally, Tripwire’s study found that 50% plan to invest more heavily in training their existing staff to help with the looming skills shortage.
“It’s evident that security teams are evolving and maturing with the rest of the cyber security industry, but the pool of skilled staff and training simply aren’t keeping up,” said Tim Erlin, vice president of product management and strategy at Tripwire.
“For example, beyond their technical duties, security practitioners may now be expected to spend more time in boardrooms or in the CFO’s office to secure more budget. While the makeup of the cyber security workforce may be changing, the fundamentals of protecting an organisation have not. It will be critical during this transition to ensure there’s a long-term strategy in place around maintaining their foundational security controls.”
Tripwire’s study also looked at how organisations expect to tackle the skills gap in the future and found that 91% of those surveyed plan to supplement their team by outsourcing for skills.
At the same time, the vast majority felt managed services would add value to solving the skills gap problem, while 98% expect other functions like non-security teams to be more involved in cyber security moving forward. Automation of security will also play a key role.
Erlin added: “The skills gap doesn’t have to be an operational gap. Security teams shouldn’t overburden themselves by trying to do everything on their own. They can partner with trusted vendors for managed services or subscribe to service plans where outside experts can act as an extension of the team.”
>See also: Demand for cyber security skills increasing
“Organisations should also understand that security is a shared responsibility across different functions, so people from other parts of the business should be involved in the cyber security program. And, of course, automation can add value not only in reducing manual work, but also in ensuring that everything is up-to-date and working as it should in real time. Security teams may just need to work more creatively.”