This post was originally published here by (ISC)² Management.
A severe cybersecurity skills gap in EMEA (European, Middle East and Africa) is making it hard for cybersecurity staff to cope with their workloads or acquire the skills they need to handle emerging technologies, according to a new report by Symantec.
Cybersecurity workers believe they are at a serious disadvantage against attackers. Simply finding the time to learn emerging technologies, such as those related to mobility and cloud, is a challenge for a workforce whose experience as a group ranges from 10 to 30 years, the report says.
“Declining skills are highly problematic for cyber security professionals, who are effectively in an arms race, in which talent and skill are their most important weapons. Unfortunately, enterprises feel they are falling behind in precisely this area,” according to the report, High Alert: Tackling Cyber Security Overload in 2019. The report is based on the findings of a study conducted by the University of London for Symantec of more than 3,000 security decision makers in France, Germany and the United Kingdom.
Citing an IDC statistic, the report says 97% of European enterprises agree a skills gap exists and that it has negative effects. “It means only 3% of enterprises in Europe believe the industry has the requisite talent to deliver on its mandate – to ensure business integrity and protect sensitive company, customer and shareholder data,” the report says.
The cybersecurity skills gap is well documented. (ISC)²’s Cybersecurity Workforce Study, 2018 found that the EMEA region has a shortfall of 142,000 cybersecurity workers. Worldwide, the skills shortage is nearly 3 million, with Asia Pacific experiencing the biggest gap, 2.14 million. The shortfall in North America is about 500,000.
Cyber Struggles
The Symantec report paints a dire picture of the current struggles of cybersecurity teams in Europe. Nearly half of survey participants (45%) say technological change is happening faster than their businesses can adapt; 48% believe attackers “have a raw skills advantage over defenders;” and 44% say their team lacks the necessary skillset to fight cyber threats.
In addition, 33% say the volume of threat makes it harder to protect their organizations. Perhaps not surprisingly, 49% of participants say attackers have unprecedented access to resources and support provided by bad actors.
Even with all these challenges, the report says only 4% to 8% of IT budgets are allocated to security. Those amounts often don’t even cover the costs of hiring and retaining security professionals, which forces CIOs, CISOs and security managers to ask for more money.
Citing information from the Symantec CISO Forum in February 2019, the report says that hiring a cyber professional takes at least six months and often takes even longer – nine to 12 months. As a result, CISOs are taking a pragmatic approach of teaching skills on the job to candidates who make up for lack of experience with “attitude, mindset and potential.”
To help address the skills gap, the report recommends that cyber workers do a better job of learning from each other and take advantage of cloud-based security solutions, managed services and automation. These steps will help reduce repetitive, mundane tasks and let cyber workers focus on higher-value work.
(ISC)² offers free on-demand courses to its members and associates online through its Professional Development Institute in order to help cybersecurity professionals learn new skills at a pace and timing that works for them. These courses are also available for purchase to non-members. To see a listing of available courses, please visit: https://www.isc2.org/development