7 Cyber-Security Skills In High Demand- Valutrics
Organizations across industries are challenged to address a cyber-security skills shortage leaving their networks open to attacks.
There will be 1 million to 2 million unfilled cyber-security jobs worldwide by 2019, according to a recent report released by Intel Security called “Hacking the Skills Shortage.” The report includes the results of a survey of 775 IT decision-makers involved with security, 82% of whom reported a lack of cyber-security skills within their business.
The lack of security talent is both dangerous and expensive, especially as businesses face growing threats from external internet cyberattacks. Most organizations don’t know how to detect or mitigate attacks that leverage digital channels such as social media and mobile.
Most respondents in the Intel study (82%) reported a lack of security talent within their organizations. One in three said this makes them hacking targets, and one in four claimed they have suffered reputational damage and proprietary data loss as a direct result of the skills shortage.
Part of the problem is a lack of adequate cyber-security training for IT professionals. About half of survey respondents said they prefer entry-level candidates to have a bachelor’s degree, but hands-on experience and professional certifications are typically more useful for developing the skills in greatest demand.
High-value technical skills are especially scarce. Skills such as secure software development, intrusion detection, and attack mitigation are in greater demand than comparatively “soft” skills, such as communication and collaboration, according to the study.
More than half of respondents (55%) believe cyber-security technologies will evolve to help close the skills gap within five years. Some also plan to outsource, but only for skills easily automated — for example, threat detection through network monitoring.
Intrusion Detection
Most respondents (53%) who participated in the survey released by Intel Security claim the cyber-security talent deficit is worse than the skills shortage in other IT professions. Intrusion detection is one of the cyber-security skills in “critically short supply,” according to the report.
Intrusion detection involves discovering potentially harmful activity that could compromise the confidentiality, integrity, or availability of information, according to the SANS Institute. There are a few common types of intrusion detection. Network-based detection attempts to detect unauthorized behavior based on network traffic. Host-based detection tries to find illicit activity on a specific device. Physical detection involves finding threats on physical systems.
Secure Software Development
Secure software development is key to an organization’s security strategy, said Paul Fisher, Research Director for Cyber at PAC, in an interview with InformationWeek. Most data breaches are successful because of vulnerabilities or flaws in software code, and commercial software needs to be patched on a regular basis.
“However, in-house software development can be fraught with danger if coding and QA is poor, and coding errors slip through into production,” he said. “The apps may work, but the hackers will soon find the holes. Secure code developers are worth their weight in gold.”
Secure software can also help save businesses money, Fisher continued. While secure code development may cost more due to the need for high quality engineers and testing, it’s still far less than that of a data breach, which could damage a brand, hit stock value, and cause long-term consumer distrust. Further, data breaches also lead to costs in repairing damaged systems and fixing flawed apps.
Security vulnerabilities in software are often the result of programmers who lack the right skills in secure software development, according to “Cybersecurity Through Secure Software Development,” a paper written by Audun Jøsang, Marte Ødegaard, and Erlend Oftedal. Unfortunately, many IT professionals lack these skills because they are not required as part of university programs. The authors discuss five prominent software development models (waterfall, iteration, V-shaped, spiral, and agile) and how to best address security vulnerabilities.
Risk Mitigation
Risk mitigation involves tracking identified risks, discovering new risks, and keeping track of risk throughout a project. Developing a risk mitigation plan involves creating a process of actions that will reduce threats to a project, according to a Systems Engineering Guide on the Mitre website.
First, it’s necessary to understand that data needs to be protected and why. Businesses must identify their most valuable assets and the threats putting them at risk. Knowing how the information is stored, who has access, and how the data is protected are three critical questions to ask for optimal data protection.
It’s also important to brainstorm what might happen in the event of a breach. Your business must be ready to address a cyber-security attack immediately with a plan to minimize the damage. A risk mitigation professional could prove critical in formulating one of these plans.
In the report published by Intel Security, risk mitigation is one of the skills companies are considering outsourcing as security technology advances in the years to come.
Cloud Security
Research firm ESG surveyed 633 IT and security professionals working at midmarket organizations throughout North America, Western Europe, and Asia Pacific earlier this year. The results were released in the company’s February 2016 report, “Cybersecurity Skills Shortage: A State of Emergency.” One third of respondents identified cloud security as the place their organization has the biggest security skills deficiency. Demand is high as large businesses generate jobs for cloud security architects.
There are several threats particular to cloud security, according to InfoWorld. Some of the top dangers include data breaches, system vulnerability exploits, hijacked accounts, inadequate diligence, and malicious insiders.
In a space where the number of jobs exceeds the number of skilled professionals, IT pros would be wise to explore opportunities to develop cloud security expertise. For example, institutions such as SANS and CSA offer cloud security certifications.
Network Monitoring, Access Management
Network monitoring is critical in defending the enterprise, explained PAC’s Fisher in an interview. All cyberattacks are based on getting malware or spyware inside the organization.
“Often these attacks are successful because criminals discover vulnerabilities in the network that the business is unaware of,” Fisher said. “Attackers can be inside an organization for months, even years, monitoring and exfiltrating the data.”
While advanced network monitoring apps are essential to flag suspicious behavior, he continued, organizations also need professionals who know what they’re looking for and can make quick decisions when suspicious behavior is detected. Network managers who have experience in optimizing network efficiency are well-prepared for this type of security-focused role.
Security Analysis
Many cyber-security specialists often start out as information security analysts, an entry-level position in the security field. In general, these analysts plan and activate security measures to protect their businesses’ systems.
Their responsibilities are growing as cyberattacks continue to increase, reported the US Bureau of Labor Statistics. According to the BLS, the number of jobs for information security analysts is projected to increase 18% between 2014 and 2024. Demand is high because these professionals will be needed to build innovative solutions to prevent hackers from entering corporate networks and stealing sensitive data.
Data Security
The number of job postings for data security professionals has grown as more organizations move to the cloud, reported BankInfoSecurity. Users want instant access to data, but it’s difficult for businesses to make information accessible and secure.
If your business doesn’t have a data security professional, and isn’t seeking one, now is the time. Organizations in vulnerable fields, such as healthcare and financial services, are hiring data-savvy IT pros to protect their information from threats.