As emerging technology and threat landscapes experience rapid transformation, the skillsets security professionals need change as well. As a result, 80 percent of IT security professionals believe it’s becoming more difficult to find skilled cyber security professionals, according to a recent Tripwire, Inc. survey. Conducted by Dimensional Research in February, the 2019 Tripwire Skills Gap Report examined how organizations are addressing the cyber security skills gap. Nearly all 336 survey respondents (93 percent) say the skills required to be a great security professional have changed over the past few years.
“The skills gap issue continues to worsen,” said David Meltzer, chief technology officer at Tripwire, “which is troubling, since cyber security threats only continue to grow. Additionally, security teams are in search of new skillsets to deal with evolving attacks and more complex attack surfaces as they include a mix of physical, virtual, cloud, DevOps and operational technology environments. It’s becoming more difficult to maintain critical security controls, and there are fewer people available to do it.”
The survey found that while 85 percent report their security teams are already understaffed, only 1 percent believe they can manage all of their organization’s cyber security needs when facing a shortage of skilled workers. Nearly all respondents (96 percent) say they are either currently facing difficulty in staffing security teams due to the skills gap or can see it coming. Of those, 68 percent are concerned with losing the ability to stay on top of vulnerabilities, 60 percent worry about being able to identify and respond to issues in a timely manner and stay on top of emerging threats, and 53 percent fear they will lose their ability to manage and secure configurations properly.
In addition, respondents were also asked if they would benefit from outside security help and if so, in what areas, with the following results:
- Ninety-three percent say they would benefit from security help outside of their organizations.
- Seventy-one percent say their teams would benefit from security assessment help, 53 percent say penetration testing, and 51 percent say vulnerability management.
- Ninety-four percent say they have invested in or are likely to invest in managed services for security.
Lamar Bailey, senior director of security research at Tripwire added: “Because security teams are stretched thin, it’s going to be more important than ever to build strong partnerships. Organizations can collaborate with trusted vendors to take pressure off their in-house resources. Approaches could include more automation of security tasks and support through managed service to ensure that no critical security controls are dropped. Maintaining a strong foundation of security is non-negotiable, so it’s imperative that organizations partner across the info security community to continue meeting security goals effectively.”
The full 2019 Tripwire Skills Gap Report is available online.