The cyber security skills gap is reported to be narrowing but there is still a large deficit between demand and supply creating recruitment issues for companies globally. Could you gain your employees engagement to up-skill them for your organisation and save yourself searching for those with specific infosec skills already?
Security in the news
Data and information security, and how to protect it from exploitation is very much at the forefront of people’s minds in the digital age after such high profile hacks as Wannacry, allegations of Russian hacking in the US election, and high profile breaches like Yahoo, TalkTalk, and Wonga.
Just this week 800,000 Virgin Media customers were told to change their passwords as it was revealed that a common home hub could be breached allowing cyber criminals into your home virtually.
GDPR is coming
The new GDPR legislation is also coming into play from May 2018 and will be a game changer for many businesses around the world. Wide ranging changes to data protection laws in the UK and Europe include tougher fines, better management of data, consent to its use, storage and destruction will mean at the least organisations will need to show all reasonable steps they have taken and in some cases they will need to appoint a Data Protection Officer.
With the amount of legislation time is of the essence to ensure businesses are compliant. You can get up to speed on GDPR with security expert Gary Hibberd in our most recent episode of the ITSM Crowd.
Cyber security skills are in demand
Latest research from job site Indeed shows that the shortage of staff with the most in demand skills eased by 36% for 2015 to the 1st 3 months of 2017. Job postings for cyber security roles increased just under 3% with clicks rising 40%. But demand is still outstripping supply with cloud security being the most sought after skill.
Statistics from ISC state that by 2022 there will be a shortage of over 1.5m cyber security workers with two thirds of companies reporting a lack of cyber security personnel.
The report also identifies millennials as a great potential source of a new wave of infosec talent in a sector where as an age band they are not yet hugely represented. The workers in this category were seen as the most diverse and open to change, as well as being more interested in training and mentorship programmes.
The average cost of a breach of a company now stands at $3.63 million in the US (source IBM Ponemon Report) and £1.2m in the UK. Cyber crime is costing $450bn per year globally not to mention the loss of customer confidence and reputation which follows a breach. With financial losses like this cyber security is number one priority for the modern workplace.
What should businesses do?
So what should your next steps be as an organisation, or as a staff member looking seriously at your vulnerabilities?
- The Government department The National Cyber Security Centre provide a wide range of free advice for business and individuals.
- The Foundations for Professionals Security Focus package includes ITIL, COBIT & RESILIA and is the perfect introduction to a wide range of service management approaches to streamline business processes and their related IT
- Company wide training such as RESILIA or ISO20000
RESILIA offers practical guidance, training and learning for your whole organisation including the boardroom, IT, risk and business professionals. The certification is aimed at IT and security and all core business functions including HR, operations, marketing and finance. It can be used to change staff behaviour through awareness.
ISO20000 will help you to establish an ongoing culture of continual improvement and learning which is essential in the ever changing digital, IT and cyber security sector. It can help identify skills and expertise and enable businesses to adopt a structured approach to service management using best practice guidance.