Connecting to LinkedIn...


Cyber threats caused by failure to upskill IT staff

Largest association of certified cybersecurity professionals enables IT pros to more quickly attain SSCP certification and help defend against threats

- Survey of 3,300 IT professionals finds cyber skills gap exacerbated by firms failing to upskill IT staff

  • - Most IT workers say their security advice is ignored, only 35% say their advice is acted upon

Firms focusing on recruitment instead of cybersecurity training for existing staff

  • - 51% of organisations are less prepared for a cyber attack than 12 months ago
  • - 49% of respondents say business leaders lack of understanding of cyber threats

A survey of 3,300 IT professionals by (ISC)² has today revealed that widespread under-funding in training in-house IT talent is contributing to the critical cybersecurity skills gap. The report shows that businesses are exposing themselves to cyber threats by ignoring and neglecting IT professionals, with 65% of IT workers reporting their security advice is not followed. Almost half of IT workers say their firms do not invest sufficiently in ensuring their IT staff are security-trained, despite a shortage of cyber security workers across 63% of businesses.

This indicates that the cyber skills deficit is rooted in businesses failing to listen to advice from IT staff and upskill in-house talent. The report suggests this is a leadership issue, with 49% of respondents accusing business leaders of a failure to understand cybersecurity requirements. The result, according to the report, is that majority of companies are even less able to cope with a cyber attack than they were last year.

In February 2017, (ISC)2 found that the cybersecurity skills gap will grow to 1.8m by 2022 if current hiring and training trends continue. The latest research is based on responses from more than 3,300 IT professionals from around the world who participated in the 2017 Global Information Security Workforce Study. The report can be download here.

Key findings from surveyed IT professionals include:

  • - 43% said their organisation doesn’t provide adequate resources for security training
  • - Only 35% agreed their security suggestions are acted upon
  • - 55% said their organisation doesn’t require IT staff to earn a security certification
  • - 63% said their organisation has too few security workers
  • - 51% of organisations are less prepared for a cyber attack than 12 months ago
  • - 49% blame business leaders for lack of understanding of cyber threats
  • - 51% said their systems are less able to defend against a cyberattack compared to a year ago
  • - Hiring managers rank communication skills (62%) and analytical skills (52%) as their top priority, while IT pros cite cloud computing and security (64%), and risk assessment and management (40%) as top skills needed

“Our findings suggest too many organisations are fixated on their inability to attract top cybersecurity expertise that they often overlook a tremendous pool of talent already on staff and intimately familiar with their infrastructure and processes,” said (ISC)² CEO David Shearer, CISSP. “The quickest way for many organisation to protect themselves against cyber threats is through continuous education and empowerment of their IT team. Security is a shared responsibility across any organisation, but unless IT is adequately trained and enable to apply best security practices across all systems, even the best security plan is vulnerable to failure.”

IT Security Education and Certification

To help companies easily train their own IT workers in cybersecurity, (ISC)2 has also announced an experience waiver for its Systems Security Certified Practitioner (SSCP) certification. IT professionals and others who have earned a cybersecurity or computer science degree from an accredited college or university can attain full certification without completing one-year of paid, full-time work experience as previously required after passing the SSCP exam and completing the (ISC)² endorsement process.

SSCP is an ideal cybersecurity certification for IT professionals responsible for the hands-on operations of securing their organisations. Those who earn the SSCP demonstrate their technical skill to implement, monitor and administer IT infrastructure using security policies and procedures, as well as the ability to protect the confidentiality, integrity and availability of data. The SSCP encompasses security operations and administration; risk identification, monitoring and analysis; incident response and recovery; network and communications security; system and application security; and cryptography.

Organisations can leverage (ISC)² Enterprise Solutions to educate and prepare their IT teams to pass the SSCP exam and start contributing to stronger cyber defence immediately.

Learn more about the SSCP certification and (ISC)² cybersecurity education opportunities at

Tags: SSCP

Articles similar to SSCP

Articles similar to