Proactive approach needed for cyber security: report
Although businesses recognise security as a growing imperative, many remain on the defensive, fighting cyber threats with dated tactics and training.
This is according to a report released by global technology association CompTIA.
The report, titled The Evolution of Security Skills, states companies need to adopt various proactive measures to identify weak links before they are exploited; broaden the security skills of their technology professionals, as well as to implement top to bottom security training throughout the organisation.
The report is based on an online survey of workforce professionals at 350 global businesses within the ICT industry. It further reports that 33% of companies surveyed say security is significantly higher priority for them today than it was two years ago, while 49% expect security will be a significantly higher priority in two years than it is today. Meanwhile, 34% of the companies feel that there is a low understanding of new threats while 28% admit to a low understanding of security tech.
Seth Robinson, senior director, technology analysis at CompTIA, says new training is needed to lessen the skill gaps.
"Some companies are in a position to hire or partner in order to meet security needs, but the most common approach is to improve the existing workforce. For technical workers, 60% of companies use training to build security expertise, and 48% pursue certifications. Many companies are also extending training to the general workforce. "
Ongoing programmes that measure knowledge can improve security literacy for employees that are increasingly using and procuring technology. A new, proactive approach combining technologies, procedures and education can help find problem areas before attackers discover them."
According to the survey report, the most difficult positions to fill in the sector are cyber security analyst, security engineers and security managers with 35%, 30% and 29% admitting to such respectively.
A similar study by ISACA, State of Cyber Security 2017, alludes to the same sentiments stating that applicable cyber security talent is becoming increasingly difficult to find in today's ever-growing cyber security field.
According to this report, which was compiled following a global survey of 633 professionals in the EMEA and North America regions whose primary job function is cyber security or information, filling open cyber security/information security positions is difficult.
"Almost 27% of respondents state that they are unable to fill open cyber security positions in their enterprises - with another 14% of respondents unaware as to whether their enterprises could fill these positions or not. This leaves a quarter of cyber security positions unfilled," it said.
Joey Jansen van Vuuren, manager of the cyber security centre of innovation and business development at the CSIR, says the shortage of cyber security capability is a worldwide phenomenon where companies and citizens are left vulnerable due to a lack of cyber security skills. "SA is no exception. A key step is the availability cyber security education for pipeline (students and new incumbents) and current workforce. This involves the adaption of education programmes (degrees and diplomas) to include cyber security and the development of new focused cyber security qualifications," she noted.