Kaspersky's latest survey found that 48% of companies require over half a
year to find a qualified cybersecurity professional. A lack of proven
experience was cited as one of the biggest challenges, along with the high cost
of hiring and global competition in talent acquisition.
With global labor
markets continue clamoring for InfoSec professionals, the latest Kaspersky research
revealed
41% of companies admit their cybersecurity teams are understaffed. "The
portrait of
the modern Information Security professional" survey seeks
to evaluate the current state of the labor market and analyze the exact
reasons it lacks cybersecurity experts. The study also
identifies the skills
and characteristics bosses demand when hiring staff.
Respondents
said it
takes more than six months to fill an average information
security position. As
expected, recruitment for senior level positions takes the
longest, with 36% of
companies saying it requires almost a year or more, while junior
jobs can be filled in the shortest time, one to three months, according
to 42% of respondents. These figures are
alarming since companies that operate for long periods of time
without the necessary
staff are at huge risk, as the absence of cybersecurity
personnel provides
cybercriminals ample opportunity to penetrate business
infrastructure and damage
business processes.
When asked about the biggest challenges in finding and hiring the "right"
InfoSec professional, the majority of respondents cited a discrepancy between
certification and real practical skills (52%) and lack of experience (49%) emphasizing
that proven professional expertise is one of the most important characteristics
companies are looking for searching in a cybersecurity practitioner.
The
high cost of hiring these specialists is an obstacle for 48% of bosses, and
global competition, expressed through aggressive and competitive hiring practices
by multiple organizations, bothers more than 41% of respondents. Figures like
these show that, even if a company finally finds candidates who meet all the
requirements, it doesn't mean that they will work for that company as another
organization may headhunt them, continuing the process indefinitely.
"Companies
often spend a lot of time not only on the hiring process, but also on trainings
for the team in an attempt to develop a diverse workforce within the company with
the right knowledge and skills," said Ivan Vassunov, vice president of corporate
products at Kaspersky. "This strategy is effective for big companies and for
organizations that have to comply with many local standards and regulations. As
for small and medium-sized businesses, it's usually recommended to outsource
cybersecurity tasks to managed security services providers (MSSP) because it
helps them close talent gaps in a short time and with minimum loses."
To minimize
negative consequences of global cybersecurity staff shortfall, Kaspersky
experts recommend the following:
- Adopt managed security services such as Kaspersky Managed Detection and Response (MDR) and/or
Incident Response thus acquiring additional
expertise without hiring additional personnel. This helps protect against
cyberattacks and investigate incidents if the company lacks cybersecurity staff.
- Regularly
educate IT and InfoSec staff about
actual cyber risks and investin
their training to advance their
skills in detecting and responding to even sophisticated cyber
threats.
- Use
centralized and automated solutions such as Kaspersky Extended Detection and Response (XDR) to reduce the burden on the IT security team and minimize the possibility of making mistakes. By
aggregating and correlating data from multiple sources in one place and
using technologies of machine learning, such solutions reduce the mean
time to detect threats (MTTD) and provide fast automated response.
The full report with more findings on global
shortfall of qualified InfoSec professionals is available via the link.