A recent survey of 315 IT security professionals at companies with over 100 employees found that 79 percent of respondents believe the need for technical skills among security staff has increased over the past two years, and 72 percent said it’s more difficult to hire sufficiently skilled security staff now than it was two years ago.
In response, 97 percent of respondents said technology vendors can help address the skills gap.
Ninety-one percent said they plan to outsource security skills in order to address the gap, and 96 percent believe automation will play a role in solving the skills gap in the future.
The survey, sponsored by Tripwire and conducted by Dimensional Research, also found that 47 percent of respondents are worried about losing security capabilities altogether in the event of a skills gap.
Specifically, 52 percent said they’re concerned about keeping up with vulnerabilities, 29 percent are worried about keeping track of devices and software on the network, and 24 percent are concerned about identifying and responding to issues in a timely manner and keeping up with emerging threats.
Eighty-one percent of respondents said the skills required to be a great security professional have changed in the past few years — and 50 percent plan to invest more heavily in training for their current staff in response.
“Considering the recent high-profile threats that have been attributed to unpatched systems, it’s no wonder respondents are concerned that a technical skills gap could leave their organizations exposed to new vulnerabilities,” Tripwire vice president of product management and strategy Tim Erlin said in a statement.
More than half of respondents said the most important technical skills needed on security teams are network monitoring (52 percent), IT fundamentals (51 percent) and vulnerability management (51 percent).
When asked how they expect their security team’s skills to grow in the new few years, 87 percent said they expect the need for expertise in the cloud to increase, 77 percent expect the need for expertise in IoT to increase, and 77 percent expect the need for expertise in DevOps to increase.
“Growing adoption of cloud, IoT and DevOps brings about new challenges that security teams with need to keep up with, and if organizations want to bridge a technical skills gap they should look to work with security vendors and managed security providers who can help them address today’s major attack types, while also offering training to their existing IT teams,” Erlin said.
“As security continues to become an even bigger challenge for organizations, we can expect to see more and more businesses outsourcing to gain security expertise in the future,” he added.
Need for Training
A separate (ISC)2 survey of more than 3,300 IT professionals found that 43 percent of respondents said their organization doesn’t provide adequate resources for security training, and 55 percent said their organization doesn’t require IT staff to earn a security certification.
Just 35 percent of respondents said their security suggestions are acted upon, and 63 percent said their organization has too few security workers. IT pros said cloud computing and security (64 percent), and risk assessment and management (40 percent) are the top skills needed in their organizations.
Over 50 percent of respondents said they’re less able to defend against a cyber attack than they were a year ago.
“Security is a shared responsibility across any enterprise or government agency,” (ISC)2 CEO David Shearer said in a statement. “Unless IT is adequately trained and enabled to apply best practices across all systems, even the best security plan is vulnerable to failure.”