Is the lack of IT specialists to blame for less IT security?

More than half of the companies surveyed worldwide stated in an ESG study that the current and future shortage of qualified workers in IT security is affecting their business. But how can companies address this skill shortage? Corporate learning specialist Skillsoft has put together five measures.

Convincing the management

According to Frost & Sullivan’s “Benchmarking Workforce Capacity an Response to Cyber Risk” report, one of the key “brake pads” for building more IT security skills in companies is a lack of understanding of management requirements and skills. Over 42 percent of respondents worldwide and 41 percent of European study participants cited this factor as the second most important factor, after “hard-to-find specialists”. Therefore, one of the first steps for safety initiatives should be to convince management with meaningful information and facts.

Building up qualifications and showing perspectives

The lack of qualified specialists is not only mentioned as problem number 1 in the above-mentioned report. Training measures to close the skills gaps are therefore a logical alternative or complement to the search for IT security experts. This approach can be applied both to the search for candidates and to existing personnel. It is advisable to examine what previous knowledge and skills employees and applicants have that could possibly be developed with a manageable degree of additional qualifications.

Relieving and retaining skilled workers

The shortage of skilled workers also increases the risk of losing important employees. On the one hand they are hotly courted, on the other hand their workload often increases due to increasing stress and resource pressure. In many companies, few IT experts have to perform more and more tasks. Just updating security updates or securely onboarding devices and components in increasingly complex IT environments is a never-ending Sisyphus task. Building skills with more employees can help relieve the strain on existing experts and keep them in the organization.

A further starting point is the modernization of infrastructure and processes. Here it is worth checking whether it is worth switching to (partially) automated solutions that implement routine tasks such as security updates without manual effort.

Sensitization of all employees

Another key aspect for IT security in companies is the sensitization and increase of the technology awareness of all employees. Security gaps often arise due to a lack of understanding and the resulting negligent handling of security aspects. For example, Verizon’s Data Breach Investigation Report shows that 81 percent of hacker attacks investigated in 2017 were due to stolen or weak passwords. Regular, short training sessions for the entire workforce are a must to explain topics such as password security or phishing and to communicate responsibility for the security of corporate and customer data.

Planning for the future

Forward-looking companies are already thinking about the next generation of potential candidates. A connection to educational institutions can contribute to the recruitment base in several ways. On the one hand, it offers the opportunity to attract talented people who have already undergone training to your company. On the other hand, it is also possible to advertise for the desired professional profile. Appropriate development programs for careers in IT security are a good way to increase the competence pool for the future. 

Source image: iStock/ BrianAJackson