IT Skills Gap Hurts Enterprise Security: Survey - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership // Security & Risk Strategy
Commentary
7/6/2016
09:06 AM
50%
50%

IT Skills Gap Hurts Enterprise Security: Survey

A survey of IT executives, managers, and practitioners finds the biggest challenges in infosec are around skills, not technology.

Security Threats Hiding In Plain Sight
Security Threats Hiding In Plain Sight
(Click image for larger view and slideshow.)

When the subject is security, the conversation tends to center on spending. But, according to the results of a new survey sponsored by cloud security vendor SkyHigh Networks and conducted by the Cloud Security Alliance, budget is only one of the issues concerning IT executives when it comes to protecting data and networks in the age of the cloud and mobility.

That's not to say budget isn't a factor. In fact, more than half of the survey's 228 respondents (53.7%) said they expect their organization's IT security budget to increase in the next 12 months. Survey respondents were professionals working in IT or IT security around the globe. Fewer than half of the survey respondents (43%) had the title of manager and above, while the rest of the respondents held various hands-on staff roles in IT or IT security.

But focusing on budget only tells part of the story. In a telephone interview with InformationWeek, Kamal Shah, senior vice president product and marketing at SkyHigh Networks, highlighted several additional points from the survey that could deeply affect IT security.

One item Shah focused on was the skills gap many IT departments face. Incident response management was cited by 80.4% of respondents as one of the most important IT skills in the next five years. Experience with large datasets was cited by 74.7% of respondents, and 66.4% said communication with non-IT departments is essential.

As Shah said, "You can't be operating in a silo. You have to be able to talk to users to help reduce the risk to the enterprise."

[Should some of the new enterprise security hires be women? Making that happen could be harder than you think. Read: Why Aren't There More Women in IT Security?]

Experience with large data sets is a desired employee trait not limited to the security group. Within security, though, it's tied to two other factors that directly affect security. "When you get an alert, what do you do with it? What we find is there is a little bit of alert fatigue going on," Shah said. The sheer volume of alerts in an enterprise system pairs with complaints echoed in the survey results.

Four in ten respondents (40.4%) said alerts don't carry information that can be acted upon. In addition, 31% of respondents said they have ignored alerts because of the number of false positives they see on an ongoing basis. Some 27% said they have experienced incidents requiring action for which they received no alerts from their security tools.

The majority of those responding to the survey, regardless of their position, felt that the security budget will increase during the next year.
(Image: SkyHigh Networks)

The majority of those responding to the survey, regardless of their position, felt that the security budget will increase during the next year.

(Image: SkyHigh Networks)

All of this indicates that a lack of information is not what respondents view as their primary security problem. Rather, it's lack of the knowledge and lack of ability to do anything with the information they're given.

In our interview, Shah said one of the things he took away from the survey is that a company can't simply spend its way out of an enterprise security deficit. "It's not just about buying new tools and new toys, but making sure that the employees are trained and have the skills to take advantage of those technologies in the most effective way," he said.

A wide range of skills are seen as important for infosec workers in the coming years.

(Image: SkyHigh Networks)

A wide range of skills are seen as important for infosec workers in the coming years.

(Image: SkyHigh Networks)

Executives and staff members responding to the survey differed regarding how to best address the employee skills deficit. "Employees feel that the best answer is training existing teams, while executives looked at hiring and training new people," Shah said.

More than a third of respondents in hands-on staff roles (38.1%) said better training for existing IT employees was the best way for a company to respond to the skills deficit. Conversely, 46% of senior executives and 36.7% of manager-level professionals said increasing the hiring and training of junior IT professionals was the best way to respond to the skills deficit.

Practically no one thinks that outsourcing security is the right answer. The only disagreements are about who, precisely, should get the new training.

(Image: SkyHigh Networks)

Practically no one thinks that outsourcing security is the right answer. The only disagreements are about who, precisely, should get the new training.

(Image: SkyHigh Networks)

The takeaway from all the surveyed job functions is that people skills are more important than technology innovation for improving enterprise technology. If only those skills could be purchased as easily as new technology, the impression is that CISOs, CIOs, managers, and technical workers would all sleep better at night.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
9 Steps Toward Ethical AI
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/15/2019
Commentary
How to Assess Digital Transformation Efforts
Lisa Morgan, Freelance Writer,  5/14/2019
Commentary
Is AutoML the Answer to the Data Science Skills Shortage?
Guest Commentary, Guest Commentary,  5/10/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
Slideshows
Flash Poll