Cybersecurity skills gap worsens, security teams are understaffed

As emerging technology and threat landscapes experience rapid transformation, the skillsets need to change as well.

80 percent of 336 IT security professionals Dimensional Research polled on behalf of Tripwire believe it’s becoming more difficult to find skilled cybersecurity professionals, and nearly all respondents (93 percent) say the skills required to be a great security professional have changed over the past few years.

Key survey findings

“The skills gap issue continues to worsen,” said David Meltzer, chief technology officer at Tripwire, “which is troubling, since cybersecurity threats only continue to grow. Additionally, security teams are in search of new skillsets to deal with evolving attacks and more complex attack surfaces as they include a mix of physical, virtual, cloud, DevOps and operational technology environments. It’s becoming more difficult to maintain critical security controls, and there are fewer people available to do it.”

The survey found that while 85 percent report their security teams are already understaffed, only 1 percent believe they can manage all of their organization’s cybersecurity needs when facing a shortage of skilled workers. Nearly all respondents (96 percent) say they are either currently facing difficulty in staffing security teams due to the skills gap or can see it coming.

Of those, 68 percent are concerned with losing the ability to stay on top of vulnerabilities, 60 percent worry about being able to identify and respond to issues in a timely manner and stay on top of emerging threats, and 53 percent fear they will lose their ability to manage and secure configurations properly.

In addition, respondents were also asked if they would benefit from outside security help and if so, in what areas, with the following results:

• 93 percent say they would benefit from security help outside of their organizations.
• Seventy-one percent say their teams would benefit from security assessment help, 53 percent say penetration testing, and 51 percent say vulnerability management.
• 94 percent say they have invested in or are likely to invest in managed services for security.

“Because security teams are stretched thin, it’s going to be more important than ever to build strong partnerships,” notes Lamar Bailey, senior director of security research at Tripwire.

“Organizations can collaborate with trusted vendors to take pressure off their in-house resources. Approaches could include more automation of security tasks and support through managed service to ensure that no critical security controls are dropped. Maintaining a strong foundation of security is non-negotiable, so it’s imperative that organizations partner across the info security community to continue meeting security goals effectively.”