Security firms are losing out when it comes to top tech talent
Half of cybersecurity leaders in the UK, Germany and France think their teams are falling behind in the skills race against “would-be cybercriminals”, according to a new report by Symantec Corporation.
The report claims this way of thinking puts extra pressure on an already heavily burdened profession, in which two thirds of pros want to quit or leave the industry altogether.
Cybersecurity pros believe they lack the skills needed to stand shoulder-to-shoulder with their adversaries, while some can’t handle the load they’re facing.
As these teams struggle to keep pace with ‘would-be attackers’, as well as the speed in which things change in the industry, the skills gap keeps on growing. Cybersecurity teams are too busy handling everyday things to learn new skills, while new tech and new solutions are popping up virtually every day. The respondents claim hackers have ‘unprecedented’ resources and support from organised crime groups and state-sponsored attackers.
“Cyber security professionals are first responders, locked into a constant arms race with attackers – where talent and skill are the most important weapons,” comments Dr. Chris Brauer, Director of Innovation, Goldsmiths, University of London.
“The vast majority find this battle of wits an exciting and deeply intellectual challenge. But, this demanding work comes with high stakes and is fought at a frenetic pace with little support. Add to this the relentless volume of alerts and more mundane tasks, and the job can quickly turn toxic. Highly stressed workers are far more likely to be disengaged and ultimately quit. In an industry already plagued by a skills shortage, this is a significant risk to businesses.”
And when cybersecurity pros are suffering – their organisations are suffering as well. Most of the respondents underestimate the requirements they need to properly address an incident, and they often find themselves rushing when addressing a threat.
Moreover, they feel responsible for a cybersecurity incident, especially if it could have been avoided.