It’s widely accepted that there is a shortage of people with cyber security skills, yet a new study shows that companies are failing to give IT professionals — the people implementing and operating security strategies for most organizations — the training and responsibility they need to take on a more proactive cyber security role.
The study, from security training company (ISC)2 also reveals that many IT professionals feel their security guidance is being ignored by business leadership.
More than 3,300 IT professionals participated in the survey and the findings show that almost half of IT organizations don’t provide adequate resources for IT security training and professional development and that their ability to defend against cyber attacks has declined in the past year. Although IT professionals are on the front line implementing cyber security strategies, only 35 percent agree their security suggestions are followed, while 28 percent say they are asked for advice, but it falls on deaf ears.
Just 35 percent of respondents say their company requires IT staff to have an information security certification, while 63 percent say their organization has too few information security staff. A worrying 51 percent say their systems are less able than a year ago to handle a cyber attack.
“The report further emphasizes the need for organizations to stop looking externally for cyber security talent, but to train current employees,” says Wesley Simpson, COO of (ISC)2. “Instead of focusing on the lack of cyber security talent, companies should invest and train the employees they currently have to be cyber aware. The best way to strengthen cyber defenses is to make cyber security training a company-wide priority, ensuring all employees are cyber smart starting with IT.”