Security teams are understaffed as cybersecurity skills gap worsens
Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organisations, today announced results of a survey conducted by Dimensional Research that examines how organisations are addressing the cybersecurity skills gap. The survey was administered to 336 IT security professionals in February.
Eighty percent of survey respondents believe it’s becoming more difficult to find skilled cybersecurity professionals. As emerging technology and threat landscapes experience rapid transformation, the skillsets needed change as well. Nearly all respondents (93 percent) say the skills required to be a great security professional have changed over the past few years.
“The skills gap issue continues to worsen,” said David Meltzer, chief technology officer at Tripwire, “which is troubling, since cybersecurity threats only continue to grow. Additionally, security teams are in search of new skillsets to deal with evolving attacks and more complex attack surfaces as they include a mix of physical, virtual, cloud, DevOps and operational technology environments. It’s becoming more difficult to maintain critical security controls, and there are fewer people available to do it.”
The survey found that while 85 percent report their security teams are already understaffed, only 1 percent believe they can manage all of their organisation’s cybersecurity needs when facing a shortage of skilled workers. Nearly all respondents (96 percent) say they are either currently facing difficulty in staffing security teams due to the skills gap or can see it coming. Of those, 68 percent are concerned with losing the ability to stay on top of vulnerabilities, 60 percent worry about being able to identify and respond to issues in a timely manner and stay on top of emerging threats, and 53 percent fear they will lose their ability to manage and secure configurations properly.
In addition, respondents were also asked if they would benefit from outside security help and if so, in what areas, with the following results:
- Ninety-three percent say they would benefit from security help outside of their organisations.
- Seventy-one percent say their teams would benefit from security assessment help, 53 percent say penetration testing, and 51 percent say vulnerability management.
- Ninety-four percent say they have invested in or are likely to invest in managed services for security.
Lamar Bailey, senior director of security research at Tripwire added: “Because security teams are stretched thin, it’s going to be more important than ever to build strong partnerships. Organisations can collaborate with trusted vendors to take pressure off their in-house resources. Approaches could include more automation of security tasks and support through managed service to ensure that no critical security controls are dropped. Maintaining a strong foundation of security is non-negotiable, so it’s imperative that organisations partner across the info security community to continue meeting security goals effectively.”