Businesses have suffered at least one cyber incident due to a lack of qualified cybersecurity staff, according to a report by the cyber firm Kaspersky. While sourcing more qualified cybersecurity staff might be one of the solutions to tackle this problem, businesses worldwide are facing a severe lack of information security (InfoSec) people, the cyber firm notes.
The general cybersecurity skills gap is accompanied by the fact that many new starters in the industry must cope with the gaps in practical and theoretical knowledge, resulting in initial struggles and errors in their job. Failure to update software (43pc), using weak or guessable passwords (42pc) and neglecting to perform back-ups in a timely manner (40pc) turned out to be some of the most common mistakes made by InfoSec people, early in their careers. In APAC (Asia-Pacific) and North America, the use of outdated security measures was also a common mistake cyber security people made as they began their career.
As cyber people acknowledge they might not have had the required skillset and experience when entering, some point at other difficulties with starting their careers. Despite the cyber industry continuously reporting a workforce gap, 34 percent of respondents claim to have had three or more failed interviews before being selected for an InfoSec role.
Marina Alekseeva, Chief Human Resources Officer at Kaspersky, said: “It’s no secret that formal training programmes often struggle to keep up with industry developments, and that is especially true for the cyber-security field. The fact that many employees in the market might have limited practical skills or gaps in their knowledge underlines the importance of a comprehensive onboarding process with a focus on peer learning and means companies must pay more attention to the up-skilling of their employees. For Kaspersky, employ-ees are the most valuable asset, so we have been investing continuously in the education of the company’s corporate staff, enhancing employees’ capabilities and fostering a culture of learning and continuous development. We’ve also been contributing to bridging the exist-ing cybersecurity talent gap by providing industry-leading individual and corporate training courses for IT professionals.”
Initial challenges cyber security people face when they join the industry may explain why nearly half in InfoSec (46pc) say that it took them more than a year to feel comfortable in their first cyber roles. While 31 percent of respondents managed to get to grips with their job within one or two years, fewer than 10 percent of respondents said the process took them two to three years (9pc) and more than three years (6pc). More at the Kaspersky website.
Comment
Chris Denbigh-White, Chief Security Officer at Next DLP, suggested a large part of mistakes is down to education and training. “While this isn’t a surefire way to eradicate each and every mistake, educating employees – particularly at the point of risk – is a powerful strategy to help build knowledge and awareness to identify and act on cyber threats effectively. From simulated phishing exercises and role-based training, creating a human firewall can fortify an organisation’s defence without falling into the trap of scapegoating users.
“However, this doesn’t really work without properly engaging employees; whether that’s gamifying the training or incentivising cyber champions in your organisation, cybersecurity has to be the core of your company’s culture.
“A significant number of users, either inadvertently or due to a lack of awareness, habitually utilise the same password across various platforms. Implementing an all-encompassing educational program would empower individuals to embrace more robust password practices, underscoring the critical importance of maintaining unique passwords for different accounts. This proactive approach, geared towards fostering a culture of cybersecurity awareness, holds the potential to systematically address the root causes of such incidents and contribute to the establishment of a more secure online environment.”
