A lack of qualified cybersecurity personnel has created a worldwide crisis, according to a new report from Intel Security, McAfee and the Center for Strategic and International Studies (CSIS). The Hacking the Skills Shortage study indicates that 71 percent of respondents say this shortage has directly damaged their company by making them a target of hackers, leading to a loss of proprietary data.
Last year, the reports say that 209,000 cybersecurity jobs lay fallow in the U.S. alone, and that trend looks to continue. An average of 15 percent of those positions will still be unfilled by 2020. In particular demand are skills with intrusion detection, secure software development and attack mitigation. Other expertise, such as collaboration, leadership and effective communication, fell to the bottom of the demand bucket.
“The security industry has talked at length about how to address the storm of hacks and breaches, but government and the private sector haven’t brought enough urgency to solving the cybersecurity talent shortage,” said Chris Young, senior vice president and general manager of Intel Security Group. “To address this workforce crisis, we need to foster new education models, accelerate the availability of training opportunities, and we need to deliver deeper automation so that talent is put to its best use on the frontline.”
Unsurprisingly, companies and countries that spend more on cybersecurity are better equipped to handle hackers. Almost half of the respondents indicate that lack of training or qualification sponsorship are common reasons for talent departure. Plus, 76 percent say that governments are not investing enough.
Just 23 percent of those surveyed say that education programs are preparing students for cybersecurity jobs. More common training is coming from non-traditional sources such as gaming, hackathons and just plain old hands-on experience.
To combat the shortage, the report recommends companies redefine their minimum credentials for entry-level jobs, accepting non-traditional sources of education. It goes on to say companies should provide more opportunities for external training. But it also admits perhaps personnel isn’t the end-all-be-all, suggesting companies and countries invest in intelligent security automation that offers up better metrics that quickly identify threats.