The shortage of skilled cybersecurity professionals is worsening—taking a toll on both security professionals and the organizations that need their services. For some companies, the relatively few security experts that they have been able to find and employ are stretched so thin that they simply can’t keep up with even the most serious threats. Many of the analysts are working so many extra hours and days that they are exhausted, or even burned out.
None of these situations bode well for organizations faced with ever-increasing numbers of cyberattacks.
The Shortage is Escalating
The recently published, 2018 report from ESG Research on the State of IT presents a troubling picture. The study surveyed 620 IT professionals across North America and Western Europe. According to CSO, The participants listed the shortage in cybersecurity skills as the number one hiring problem they face, with 51 percent of organizations reporting a “problematic shortage” of cybersecurity skills in 2018. That number is up from 45 percent in 2017.
This shortage in cybersecurity skills has a number of consequences:
- Under the best of circumstances, security analysts are typically only able to investigate a portion of high-security alerts. The skills shortage means even less of these potential threats are investigated, and very few, if any, medium or low-risk threats are evaluated.
- Security teams often lack specific skill sets, like security analytics, cloud computing security, malware mitigation, or forensic investigations. Work that requires these skills is poorly addressed, or altogether ignored.
- The long hours and high stress work loads take a big toll on analysts, leading to unhappy employees and high turnover.
- The security staff is frequently so shorthanded that they are unable to undertake appropriate training regarding new threats, or to even deploy new and updated security tools that would dramatically help them.
- The organization’s security culture, posture, and ability to detect and stop threats is weakened, putting the entire organization at an increased risk of a data breach.
The shortage of skilled cybersecurity professionals is not an easy problem to fix. Schools are doing a better job at offering security courses, but it will be years before a new crop of security experts complete their schooling and enter the workforce. Even so, more will need to be done. Organizations will likely need to increase on-the-job training and be willing to pay larger salaries in order to attract and keep qualified personnel. Deploying security tools that utilize machine learning and artificial intelligence can also help.