Getting the right-skilled people, not acquiring newer tech tools, may soon become your topmost challenge to effectively fight cybersecurity challenges
In the Managed Security Survey 2016 released by IT Next and CIO&Leader recently, information security managers in large Indian enterprises identified “expertise in relevant security standards” as the top expectation from a managed security service provider. Respondents felt that is more important than such capability as “effective and rapid response to incidents”, governance, and sticking to SLAs.
How do you explain that? “It’s actually simple,” explains a senior executive of a security solution provider. “You talk about issues where you find a gap. Right?” he said, while pointing to an acute shortage of skilled and certified manpower. In informal conversations, most CISOs admit to that.
That includes India’s CISO, Dr Gulshan Rai. Dr Rai, officially designated as National Cyber Security Coordinator, National Security Council, and responsible for all information security strategy and planning for India. In the recently concluded Cybersecurity Roadmap 2016 conference organized by CSO Forum, , he identified skill gap as one of the major challenges facing Indian cybersecurity. While dealing with the topic at length, he informed that the government has identified 26 areas where “we badly need skilled people.” He said the higher education institutions are not yet ready to conduct these short, skill training workshops. He said the industry and academia need to work together to create the skilled workforce. “Only the government cannot achieve this objective,” he added.
This is not restricted to India, it seems. A recent report, State of Cybersecurity: Implications for 2016, based on a research conducted among 461 cybersecurity managers and practitioners globally by ISACA and RSA Conference, reinforced this at a global level.
More than 60% of the respondents said that they take more than three months to fill up an information security position. Out of which, more than 60% take more than 6 months to fill it or cannot fill the position at all.
On being asked how many applicants are qualified on hire, 59% said more than half are not qualified on hire. This figure was just about 50% in the previous year. So, the cybersecurity skill gaps do not just exist significantly, they are growing too.
While ability to understand business emerged as the top gap among security professionals, as many as 61% did identify lack of technical skills as a gap too.
While most of the discussion in events and conferences are around rise of newer threats and the solutions and tools to counter them, skills shortage may be the biggest immediate battle that the information security fraternity may have to fight. And the battlefield may not be the sophisticated labs but the educational and training institutes.