Lack of skilled infosec pros creates high-risk environments

82 percent of organizations expect to be attacked in 2015, but they are relying on a talent pool they view as largely unqualified and unable to handle complex threats or understand their business.

More than one in three (35 percent) are unable to fill open positions. These are the key findings of a study conducted by ISACA and RSA Conference.

Based on a global survey of 649 cybersecurity and IT managers or practitioners, the study shows that 77 percent of those polled experienced an increase in attacks in 2014 and even more (82 percent) view it as likely or very likely that their enterprise will be attacked in 2015.

At the same time, these organizations are coping with a very shallow talent pool. Only 16 percent feel at least half of their applicants are qualified; 53 percent say it can take as long as six months to find a qualified candidate; and more than a third are left with job openings they cannot fill.

A portrait of the ideal cybersecurity professional emerges from this list of shortfalls: the top three attributes are a formal education, practical experience and certifications.

The study reveals that organizations are experiencing attacks that are largely deliberate, and they lack confidence in the ability of their staff. The top four threat actors exploiting organizations in 2014 were cybercriminals (46 percent), non-malicious insiders (41 percent), hackers (40 percent) and malicious insiders (29 percent). 64 percent are very concerned or concerned about the Internet of Things, and less than half feel their security teams are able to detect and respond to complex incidents.

Despite these gaps, this specialized area is growing in prominence within the business. The report documents a job function that is quickly attracting increased visibility and investment:

  • 79 percent say their board of directors is concerned with cybersecurity
  • Close to a third report either to the CEO (20 percent) or to the board (11 percent)
  • 55 percent employ a chief information security officer (CISO)
  • 56 percent will spend more on cybersecurity in 2015 and 63 percent say their executive team provides appropriate funding.

“If there is any silver lining to this looming crisis, it is the opportunities for college graduates and professionals seeking a career change. Cybersecurity professionals are responsible for protecting an organization’s most valuable information assets, and those who are good at it can map out a highly rewarding career path,” noted Robert E Stroud, international president of ISACA and vice president of strategy and innovation at CA Technologies.