Monday, 11. December 2017

IT Security Team Staffing Shortages: Managing Risks and Attracting Talent 

A company's C-suite has multiple priorities during this time of year: Getting next year's budget squared away while also ensuring the business is on a path toward its upcoming goals are two items high on this list. Another key element that executives must consider heading into 2018 is staffing their IT security team.

As cybercriminals continue to leverage increasingly innovative and damaging attack strategies, and do so more frequently, supporting an enterprise with proper security resources and personnel is critical. However, the cybersecurity industry has experienced a shortage of talent for years now, and this problem will persist into 2018.

Employment opportunities for IT security workers According to predictions from non-profit information security advocacy group ISACA, there will be a staggering shortage of security professionals – through 2019, experts forecast a lack of two million cybersecurity professionals, Forbes reported. 

"Every year in the U.S., 40,000 jobs for information security analysts go unfilled, and employers are struggling to fill 200,000 other cybersecurity roles," Forbes contributor Jeff Kauflin wrote. "And for every ten cyber security jobs that appear on careers site Indeed, only seven people even click on one of the ads, let alone apply."

Overall, a lack of trained, skilled IT security professionals is an issue that organizations across every industry are dealing with. And as the threat landscape continues to grow, IT staffing shortages become a more pressing problem.

"Through 2019, experts forecast a lack of two million cybersecurity professionals."

Thankfully for cybersecurity staffers and their employers, once talent is recruited and brought on board, positions are considerably stable. Gartner noted that the cybersecurity industry currently has a zero percent unemployment rate – a phenomenon not seen in nearly any other sector.

"We are one of the few industries experiencing zero-percent unemployment," noted cybersecurity expert Robert Herjavec. "Unfortunately, the pipeline of security talent isn't where it needs to be to help curb the cybercrime epidemic. Until we can rectify the quality of education and training that our new cyberexperts receive, we will continue to be outpaced by the Black Hats."

Recruiting top IT talent Experts have called cybersecurity the least populated field in technology, and it isn't difficult to see why – demands for trained professionals simply exceed the number of currently skilled and experienced individuals. And until the next crop of qualified applicants has been trained and is ready for positions in the field, the pool of available talent continues to be small, and getting smaller.

This puts companies in a position where they must work harder than usual in order to attract top IT security talent to their organization in the hopes of overcoming staffing shortages. Thankfully, there are a few helpful strategies that enterprises in this position can utilize to better support their internal IT team:

•  Consider applicants with nontraditional backgrounds: Harvard Business Review contributor Marc van Zadelhoff noted that one of the driving issues behind the cybersecurity staffing shortage is the fact that most businesses seek out candidates with more traditional experience and training, including four-year degrees and other credentials. While higher education is no doubt a boon, in the face of a shortage, hiring managers should open up their options and consider applicants that may not have taken part in a college computer science program. What's more, bringing someone on board with less traditional training could offer the kind of new perspective a company needs to bolster its security stance.
•  Leverage the company's social presence to engage with young talent: Companies that are looking for that fresh-out-of-college batch of applicants must be able to attract the attention of younger talent. CIO contributor Sharon Florentine suggested starting conversations with potential applicants on social and professional networks like LinkedIn and Twitter. While cybersecurity professionals will be more guarded in their interactions online, this can help businesses connect with entry-level talent – as well as more trained professionals.
•  Offer incentive beyond salary: Competition for hiring cybersecurity employees is considerably fierce. In order to stand out, it can be helpful to offer work perks beyond just traditional salary. This can include opportunities to work remotely, additional paid days off or other incentives to help swing applicants' choice to the company's favor.

Man in a suit standing in front of bank of computer servers holding out hand. Hovering above hand is digital lock image with username and password spaces. Cybersecurity staff play an important role in enterprise data protection. Managing risks in the face of staffing shortages As businesses work to attract talent, they must still be able to maintain their security stance and protect the organization's IT and data assets from prying, malicious actors. 

One of the first steps is ensuring that everyone across the enterprise – from the IT team to employees within all other departments – understand the risks that the business faces, as well as their own responsibilities in supporting the company's security posture. Providing recurring education to employees outside of IT can be considerably helpful. Employee education – particularly when it comes to awareness of the latest attack strategies and data protection best practices – is key to making sure that the company's own employees don't represent the weak link in overall cybersecurity.

It's also imperative that the internal IT team is properly supported. With limited staffing resources, C-suite leaders should work to free their IT workers from manual or administrative tasks and ensure that these staffers are using their time and skills in the most impactful ways possible. Automating less critical tasks or offloading certain activities to a managed service provider can provide more time for IT workers to focus on more pressing security issues.

It can also be beneficial to lean on robust security software solutions to help bridge the staffing gap. Executives should work with IT administrators to seek out proactive systems that include monitoring and notification – in this way, should suspicious or questionable activity pop up within the network, IT workers can respond before a large-scale problem breaks out.

In order to achieve a security stance of this style, enterprises must work with industry-leading solution providers. Trend Micro is a best-in-class provider of business security solutions, helping to support end-to-end, robust data protection.

To find out more about managing risks in the face of IT cybersecurity staffing shortages, contact the experts at Trend Micro today.