New Report Reveals Just How Bad The Cybersecurity Skills Gap Is

The Cybersecurity Skills Gap

It’s not difficult to find worrying predictions from experts who say the cybersecurity sector desperately needs to figure out how to address its skills shortage.

However, a new report from McAfee titled “Navigating a Cloudy Sky” highlights that skills gap in a targeted way that some other research documents overlook.

It takes a deep dive into all aspects of security in the cloud computing industry. Some of the statistics the report uncovers are positive, such as that 97 percent of worldwide respondents are using some cloud technologies in their organization, representing a 4 percent growth compared to a year ago.

Cybersecurity Skills Gap

However, businesses that are either planning to implement cloud computing into their organizations or already have done so must not overlook security strategies.

That’s because the McAfee report reveals that one in four organizations using Infrastructure-as-a-Service (IaaS) or Software-as-a-Service (SaaS) have experienced cybersecurity threats resulting in stolen data, while one in five were infiltrated by advanced attackers targeting their public cloud infrastructures.

Most Organizations Implement Cloud-First Strategies

In 2017, 65 percent of companies in the survey reported they were moving directly to the cloud by using cloud-first strategies.

The report suggests that the reason for the majority percentage is that the businesses polled had undergone periods of experimentation that allowed them to try out the best options and choose the ones that were most applicable.

One downside to the cloud-first approach, though, is that compared to organizations that chose not to adopt it, they are twice as likely to have realized that malware originated from a public cloud service such as Dropbox or office 365.

Increasing the IT Budget Could Aid in Hiring and Learning Efforts

Companies reportedly devote 27 percent of IT security budgets to cloud-related matters and expect that amount to grow by 10 percent over the next year.

If company decision-makers are serious about reducing some of the security risks already described, they could encourage the allocation of additional funds to spur the hiring process or set aside portions of the budget to hear tips from experts in the field.

Taking the latter approach could give companies crucial information about some of the emerging trends in the cybersecurity industry, allowing them to better prepare for them.

Compared to attacks carried out in previous years, the ones that have occurred recently often provide higher payouts to criminals, making them more alluring to attempt. Also, as it turns out, apps are the main sources of breaches within organizations.

Cybersecurity Skills Shortages Delay Cloud Adoption

Sometimes the lack of cybersecurity talent at a company not only puts it more at risk, but also delays implementing cloud technologies. The percentage of organizations that reported they did not have a cybersecurity skills shortage rose in 2017 to 24 percent, up from 15 percent.

Importantly, though, the problem is nonetheless severe. About 40 percent of those polled said such shortages prevented them from moving to the cloud as swiftly as they’d have liked.

Data from the 2017 ISACA State of Cyber Security study included statistics that potentially revealed more details about those delays. For example, 32 percent of businesses said it took them at least six months to fill security roles, and only 13 percent got at least 20 applicants.

Sometimes those issues mean companies have to become particularly resourceful. A CTO interviewed as part of the McAfee findings agreed there are not enough cybersecurity experts to cater to all the companies that want to hire them.

The individual said they are partnering with consultants, managed Service Providers and their cloud providers to deal with the skills gap in ways that make sense.

Businesses Want a Centralized System to Manage Multiple Providers

The McAfee study found that when possible, companies prefer to use one cloud management system that’s compatible with all the services and providers they use.

From the security side of things, they conclude that dependence on many management portals makes it too easy for cybercriminals to gain access without being noticed.

Having a centralized system also has advantages concerning control of the cloud. However, in cases when complete control of the cloud wasn’t possible, those surveyed admitted they’d value total visibility of what’s happening in the cloud instead of only being able to exert control over a portion of it.

McAfee’s report highlights how although fewer companies report cybersecurity skills shortages, the lack is problematic for those that cannot fill positions and want to move to the cloud.

Therefore, continued efforts to reduce the skills shortage are essential.

By Kayla Mathews

Louis
Manufacturers’ Top Demands For Quality Software Competing on product quality has never been more urgent as rising raw material and component costs continue to squeeze manufacturers’ margins. At the same time, unpredictable supply chains make ...
Yuliya Melnik
Heroku or AWS Cloud infrastructures are gradually starting to penetrate into an increasing number of areas and various businesses. And this is not surprising because such a ploy allows you to improve internal processes, protect ...
Jonathan Custance
IoT –  Part of Your Essential Kit Jonathan Custance, Co-Founder of Green Custard outlines how industrial organisations can leverage IoT to dramatically reduce their carbon footprint  Technological progress and environmental sustainability have always been at ...
Stacey Farrar
Document Migrations Require More Diligence Data creation has risen dramatically in recent years and shows no signs of slowing. According to analyst firm IDC, widespread remote work led to a spike of new data in ...
Gary Bernstein
Test Data Management How do you test your data management systems? With Delphix, you can automate your tests by running your data against a virtual copy of your production environment. Today, the amount of data ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.