Direct Relationship Between Talent Crisis And Breach Frequency?



Dan Gunderman
01/01/2018

Just when you thought that the cyber security skills gap and mega-breaches were bad enough – when mutually exclusive of each other – it turns out there may be a correlation between the two.

A measurable amount of organizations say they are affected by the cyber security skills gap. Apparently, this workforce setback has progressed to the point where enterprises feel vulnerable and open to cyber-attacks.

These findings come from a new survey carried out by the Information Systems Security Association (ISSA) and the analyst firm Enterprise Strategy Group (ESG). In it, ISSA and ESG polled 343 information security professionals.

A whopping 70% of them believe the widespread cyber security skills gap/talent crisis has had an effect on their organization, according to the results, relayed by HealthDataManagement.com.

Outside of executive anxiety, the survey also pointed to a connection between the depleted ranks and the frequency and scale of data breaches. Forty-five percent of respondents said that they’ve dealt with at least one security event in the past two years. Ninety-one of those surveyed believe that their enterprise is susceptible to a damaging data heist or cyber-attack.

Survey authors are pointing to the skills gap as an underlying reason for the uptick in cyber-attacks – and their crippling effects, both amid the incident and in the forensic and restorative actions afterward. Another element that’s plagued the field is a lack of training for non-technical employees. Should the enterprise come under attack, there are employees, it seems, who are not aware of, or equipped to deal with, the proper cyber protocols.

See Related: Cyber Security Skills Gap Becoming Increasingly Worrisome

To highlight this point, the survey pointed to 62% of the respondents who said that their organization does not offer proper training for its cyber security staff.

Narrowing down the findings even further, the survey found that the following areas (within the vertical) were feeling the shortage most: analysis and investigations, application security and cloud computing security.

Despite the shortages and the feelings of vulnerability, one out of five respondents said that cyber security – best practices, visibility, forensics, threat mitigation, etc. – is not a top priority amongst the C-suite.

ESG Senior Principal Analyst Jon Oltsik, who authored the report, said, “It is clear that the solution must be about more than filling jobs. It is about creating an environment from the top down of cybersecurity as a priority.”

Oltsik’s comments show that the issue is both systemic and ever-widening.

The bigger the gulf between the cyber security workforce (or lack thereof) and the C-suite, the more these debilitating attacks will continue, or target more sensitive or marketable data sets.

See Related: 'Tech Won't Run Itself': Analyzing Cyber Security's Talent Crisis

In a previous episode of “Task Force 7 Radio,” a cyber security talk show, information security executive and host George Rettas called the talent crisis a “must-win battle.”

The conclusion of said battle must be a “multi-prong” solution,” the host continued, before acknowledging the complexity of the subject.

Rettas said the talent crisis has been particularly exacerbated in the past 12 months, as scores of headlines have circulated across the web.

In a call to arms, Rettas added, “Cyber security programs are essential to protecting critical infrastructures that support and facilitate our freedoms, our liberties and our way of life. This is no exaggeration.”

Don't Forget To Check Out: Cyber Security Spending Is Going Up And Here's Why