New technologies leading to security skills gap

Enterprises are adopting new technologies at a rate so fast that their key security workers are struggling to keep up, leaving some with serious gaps in security protection, according to research from security certifications organisation ISC2.

The Global Information Security Workforce Study of over 10,000 security workers found "critical" problems with security preparedness, which they said were the result of the increase in the use of mobile devices, the cloud and social networking.

Although many workers feel overwhelmed with the new responsibilities, analyst firm Frost & Sullivan and ISC2 said that the impact could be felt for the next few years, as the use of insecure applications gradually takes its toll on man hours and system security.

"In the modern organisation, end-users are dictating IT priorities by bringing technology to the enterprise rather than the other way around," said Robert Ayoub, global programme director of network security at Frost & Sullivan.

"Pressure to secure too much and the resulting skills gap are creating risk for organisations worldwide."

Ayoub explained that enterprises need to tackle the situation now before it gets out of control by investing in new skills and training.

"We can reduce the risks if we invest now in attracting high-quality entrants to the field and make concurrent investments in professional development for emerging skills," he said

However, this is not without its challenges, and the question remains whether enough new professionals and training will come soon enough to keep global critical infrastructures in the private and public sectors protected.

Ayoub added that information security professionals do have support from management, and are being charged with mission-critical tasks, data and systems. However, these responsibilities leave little time to meet emerging security threats.

Interestingly, the perception of threats seems to be changing. Frost & Sullivan found that, while viruses, worms, hacker attacks and internal risks had fallen from being the biggest enterprise worry in 2008, this was no longer the case.

Application vulnerabilities are now the number-one threat facing organisations, cited by 72 per cent as their biggest concern.

The use of mobile devices, which has increased dramatically since the new era of smartphones, was cited as the second biggest concern.

Cloud computing is also a worry and, although 50 per cent of CIOs said that they are using the technology, 70 per cent said that they lack the skills to secure the systems.

Perhaps alarmingly, IT spending is not likely to increase in the face of this enlarged risk, and two thirds of respondents said that budgets for personnel and training are not expected to increase in 2011.