Lack of security skills risks derailing cyber defence efforts

Reported shortfall in information security specialists highlights importance of cyber security training.

  • Tuesday, 3rd November 2015 Posted 9 years ago in by Phil Alsop
The mounting cyber security skills shortage in the industry poses a significant threat to organisations’ defence strategies. For APMG International, high quality, rigorous and professional Information Assurance training schemes hold the key to closing the skills shortage gap and bolstering businesses’ cyber security defences.
 
The Frost & Sullivan 2015 (ISC)? Global Information Security Workforce Study lays bare the scale of the cyber security skills shortage, demonstrating that while demand for security professionals is growing, the supply of these professionals is not able to keep pace. The report estimates a global shortfall of 378,000 information security staff today, a figure that is projected to increase to 1.5million by 2019.
 
Echoing these findings, Harvey Nash’s 2015 CIO Survey found that 23 per cent of CIOs report a skills shortage in security and resilience and that only around a quarter (23 per cent) feel that they are very well prepared for a serious cyber security incident.
 
According to APMG, who has produced an intelligence paper on the topic in conjunction with QA, the figures drive home the importance of cyber security training schemes, which play a critical role in ensuring that staff are well equipped to face the mounting threats to organisations’ data.
 
Richard Pharro, CEO of APMG, said: “Staff are the foundation of every cyber defence initiative and, unfortunately, have it within their power to derail the best thought out security strategy. Investments in technology designed to keep company data safe can be heavily compromised if staff lack the knowledge and skills to counter the opportunistic attacks we face daily. It’s therefore critical that those individuals standing at the front line of our cyber defences possess the skills to meet real-world challenges.”
 
Pharro pointed to the CESG Certified Training (CCT) scheme as a way of helping to address the skills shortfall. The scheme, launched last year and managed by APMG, has been designed to assure high quality cyber security training courses delivered by training providers and to enhance the professionalism of those working in the industry. The scheme allows businesses to identify cyber security training providers and courses that are aligned with the high standards of GCHQ, which in turn will help to upskill their workforces.
 
“Cyber security is no longer just a technology risk, but a business one, and therefore requires the full attention of senior management as pressures increase. Cyber attacks can have near existential consequences for organisations, which face the loss of Intellectual Property, the loss of their data and damage to their reputations. Although it is impossible to eliminate 100 per cent of the threats businesses face, equipping staff with appropriate cyber security skills can help to make a significant impact,” he concluded.