Shortage of cyber-security specialists set to reach crisis point
Symantec CEO Michael Brown has been quoted as saying that the global demand for cyber-security professionals is set to grow to six million by 2019 with the shortfall expected to be around 1.5 million, a cause of concern for HR professionals seeking to attract and retain talent.
Measures introduced by the UK Government, including Cyber Essentials, a programme aimed at providing basic cyber-security awareness at quickly and cheaply for SMEs are laudable and should be continued. However, these initiatives are decidedly insufficient when it comes to combating modern Advanced Persistent Threats (APTs) which threaten British businesses.
In 2015 alone, Ashley Madison, TalkTalk, Harvard University and the IRS have all be victims of sophisticated and damaging hacks.
Farida Gibbs, CEO and founder of Gibbs S3, the hybrid IT consulting and staffing solutions company, commented, “The range and severity of threats, coupled with the desperate shortage of skilled staff means that the majority of British companies are fighting an increasingly complex war with clearly insufficient resources.
"This issue is compounded by the fact that standing still is not an option – firms need to be far more proactive in beefing up their digital defences as the hackers who are looking to get in are constantly evolving and mutating their attacks.”
The dangers are not limited purely to larger companies either. Recent research from KPMG has found that 70% of SMEs can do significantly more to protect sensitive client data. It is a truly worrying statistic when considering that the same research found that 94% of enterprise procurement departments considered cyber-security protocols to be a key factor in deciding which suppliers to use. The inability for small firms to provide adequate cyber-security protection is now causing small businesses significant revenue losses, an untenable state of affairs.
Punam Tiwari, senior legal counsel and data protection specialist at Gibbs S3, said, “We’ve now seen CEOs of major companies lose their jobs because of cyber-attacks which should be a serious wake-up call about the consequences.
"Companies should start from the assumption that their systems have been infiltrated by criminals and operate on that basis, yet many businesses are simply failing to act. Companies can no longer afford to casually dip in and out of the market, assuming that they will find qualified people when they need them.
"There needs to be a greater commitment to data protection and cyber-security education and training across the UK with businesses also carefully assessing and planning how they will bring on cyber-security experts at a moments notice – whether that is for a crisis scenario or not.”