Security skills shortage?

1 May 2017 Information Security, Training & Education

It’s no secret that we’re currently faced with a global information security skills crisis. Given that the predicted increase in demand for information security professionals is exceeding the current rate of supply, we should be expecting a shortage as large as 1.5 million within five years, according to the Global Information Security Workforce Study.

Skilled security personnel are already feeling the effects of the crunch, evidenced in longer reaction times and the fact that only 20% of respondents felt confident that a system or data compromise response could be carried out within a single day, numbers that have dropped from 33% in 2013.

Simeon Tassev, MD and QSA, Galix Networking.
Simeon Tassev, MD and QSA, Galix Networking.

A recent Tripwire study discovered that roughly two-thirds of respondent organisations faced increased security risks due to the skills shortage, of these respondents, 69% have attempted to use technology solutions to fill the gap. It’s important to remember that technology can only fulfil its potential when interfaced with humanity, so businesses need to look at smarter ways to beef up on protection by applying intelligent security solutions that are outsourced to and overseen by security professionals.

No shortage of cyber threats

The skills shortage is both a problem and a challenge for South African businesses, however it’s not a challenge that is uniquely local. The main reason for such a global shortage is due to the length of time it takes to qualify as a security professional. With the various international certifications, even the most generic (like the Certified Information Systems Security Professional (CISSP) certification) has a minimum requirement of four to five years of working experience, and this is applicable to other certifications like compliance as well.

While it might take a long time for an individual to qualify, technology doesn’t wait. As we’ve seen, every year new technologies and new threats appear, and security professionals can’t qualify quickly enough to keep up with evolving cyber threats. Furthermore, there’s no quick-fix for this situation as it is not possible to fast-track the process, as the knowledge and experience is critical – the certification requires five years of experience because it takes time for individuals to be exposed to the various aspects of security and technology to gain the necessary skills.

This is a dangerous situation for South African businesses as the International Data Corporation has pointed out that some 52% of data that should be protected, isn’t. Furthermore, the IDC predicts that by 2018, roughly two-thirds of corporate networks will have experienced an Internet of Things security breach, while the Network Barometer Report points out that in 2015, at least 60% of all network devices had at least one security vulnerability, of which 76% were identified being more than two years old. All of these stats and figures point to the fact that organisations simply aren’t doing enough to ensure network security.

Bridge the gap, intelligently

It’s clear that security should be the single largest end-user computing concern for digital businesses. Nevertheless, what can organisations do when there simply aren’t enough professionals with the right skills for hire? Are automated security solutions effective enough to fill the gap?

The reality is that while there are various tools and automated security solutions that will assist, all of those tools will be exactly that – a tool for somebody to use. Individuals in charge of monitoring and using security solutions will require the skills and knowledge to interpret the output delivered by such tools in order to be truly effective. The most common way of working around a skills shortage is outsourcing.

This approach is successful when the right combination of tools is in place in order to minimise the amount of time required for a specialist to be physically involved in the security system. From an outsourcing perspective, instead of spending time sifting through logs, with the right tools, the specialist can turn to a summary report of all actions, or drill down and report on whatever is deemed necessary. This helps the specialist to maximise time, making it possible to provide the same functionality to many companies, not just one.

Technology is an ever-evolving entity – the pace of growing threats is simply too rapid to keep up with, causing the skills gap to widen even further. Given that it’s a problem that has no quick fix, it would be prudent for businesses to look to solutions that incorporate artificial intelligence – not in the Hollywood sense of the word, but rather more of an automated system with built-in intelligence.

By utilising such automated systems with intelligence, it is possible to minimise the amount of input needed from a security specialist to such an extent that he would only need to intervene in the case of an exception or crisis. With the right tools in place, and the right information security specialist, it becomes possible to automate 90% to 95% and reduce the required input of that specialist to only 5% to 10%, which should serve sufficiently to bridge the skills gap, allowing businesses to shield their digital assets effectively.

For more information contact Galix, 086 124 2529, [email protected]





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Want effective Attack Surface Management? Think like an attacker.
Information Security
Effective ASM requires companies to think like attackers, anticipate risks, and act decisively to reduce exposure by knowing their environment, deploying a structured approach, leveraging capable tools, and addressing both internal and external risks.

Read more...
South African fire standards in a nutshell
Fire & Safety Editor's Choice Training & Education
The importance of compliant fire detection systems and proper fire protection cannot be overstated, especially for businesses. Statistics reveal that 44% of businesses fail to reopen after a fire.

Read more...
The growing role of hybrid backup
Infrastructure Information Security
As Africa’s digital economy rapidly grows, businesses across the continent are facing the challenge of securing data in an environment characterised by evolving cyberthreats, unreliable connectivity and diverse regulatory frameworks.

Read more...
POPIA non-compliance puts municipalities at risk
Information Security Government and Parastatal (Industry)
Digital responsibility must go beyond POPIA compliance to recognising that privacy and service delivery are fundamentally linked. Despite this, only 51 out of 257 municipalities submitted their mandatory data protection and access to information reports in 2024.

Read more...
Choicejacking bypasses smartphone charging security
News & Events Information Security
Choicejacking is a new cyberthreat that bypasses smartphone charging security defences to confirm, without the victim’s input or consent, that the victim wishes to connect in data-transfer mode.

Read more...
Most wanted malware
News & Events Information Security
Check Point Software Technologies unveiled its Global Threat Index for June 2025, highlighting a surge in new and evolving threats. Eight African countries are among the most targeted as malware leaders AsyncRAT and FakeUpdates expand.

Read more...
Welcome to the new cyber battleground
Information Security
The Iran-Israel conflict is rapidly redefining modern warfare, pushing the boundaries of cyber capabilities and creating a new, borderless digital battlefield. Fortinet’s CISO, Dr Carl Windsor, offers a critical, in-depth analysis of the escalating tactics and global implications in his latest report.

Read more...
African industries may overestimate cyber defences
Information Security
A significant perception gap exists in security awareness training: 68% of leaders believe training is tailored to roles, yet only a third of employees feel adequately trained. Many organisations only conduct annual or biannual generic training that may not effectively change behaviour.

Read more...
SMARTpod talks to Sophos and Phishield
SMART Security Solutions Technews Publishing Sophos Videos Information Security News & Events
SMARTpod recently spoke with Pieter Nel, Sales Director for SADC at Sophos, and Sarel Lamprecht, MD at Phishield, about ransomware and their new cyber insurance partnership.

Read more...
Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.