Blog
Report: Cybersecurity Skills Gap Creates Vulnerabilities
Finding qualified cybersecurity personnel is never easy. Recruitment has become an even bigger challenge in the last two years as workforce shortages intensified and corporate networks expanded into employees’ homes.
Worldwide, 60% of organizations say they are struggling to recruit cybersecurity talent, while 52% struggle to retain qualified people, according to a new report by Fortinet. The report is based on a survey of 1,223 IT and cybersecurity decision-makers across the globe.
The struggle has a cost: 67% of respondents say the cybersecurity talent shortage creates additional risks for their organizations. Already, 80% of organizations have suffered at least one cybersecurity breach attributable to “a lack of cybersecurity skills and/or awareness.”
When it comes to staffing cybersecurity teams, organizations have many needs. Among the most sought-after roles are cloud security specialists, security operations analysts, security administrators, security architects, and security awareness and training administrators.
The hardest roles to fill, according to the report, include cloud data center and application security positions; security operations related to advanced threat protection, SOC platforms and endpoint security; network security; and risk management.
All of these challenges come at a time when cybersecurity is needed more than ever as a result of the sharp increase in work-from home environments during the COVID-29 pandemic. “The sudden expansion of the corporate network, where millions of employees were logging in from their unsecured home offices, led to significant spikes in malicious cyber activity,” the report says.
Tempering Expectations
Fortinet’s findings confirm (ISC)²’s own research regarding the difficulty of finding and retaining qualified cybersecurity professionals. The 2021 (ISC)² Cybersecurity Workforce Study estimated a cybersecurity workforce gap of 2.7 million worldwide.
To fill vacancies, organizations are taking approaches such as placing greater emphasis on non-technical skills such as problem solving and analytical thinking when recruiting. However, as (ISC)² research has shown, recruiters and hiring managers often have unrealistic expectations for job candidates, particularly in the area of certifications.
The Fortinet report indicates these expectations are still very much in play. The survey found that “95% of decision-makers believe technology-focused certifications positively impact both their role and their team. As such, 81% of leaders prefer to hire people with certifications. However, 78% indicate it’s hard to find certified people.”
As a positive sign, however, Fortinet found that 91% of organizations are willing to pay for certifications.
Another positive development is a willingness to diversify the cybersecurity workforce. Fortinet found that “three out of 4 organizations implemented formal processes to hire more women, and 9 out of 10 actively engaged women and new graduates during the last three years.”
Workforce diversification is one of the primary strategies for organizations to build their cybersecurity teams. In the Workforce Report, (ISC)² found that organizations are using a number of methods, including establishing diversity goals and providing membership and support at all levels, as well as flexible working conditions.
In its report, among other recommendations, Fortinet encourages organizations to “expand their search and focus on diversity,” make it possible for cybersecurity professionals to earn certifications, and “to provide all employees, both technical and non-technical, with cybersecurity awareness training so they can develop critical cyber-hygiene skills.”