MORE than 40 percent of companies worldwide are facing a shortfall of qualified cybersecurity professionals, according to a recent Kaspersky study.
It noted that amid the escalating frequency and complexity of cyber attacks, a notable shortage of personnel is particularly prevalent in the fields of malware analysis and information security research.
A research conducted by (ISC)2 cybersecurity workforce study revealed that the workforce gap was almost four million information security workers in 2022.
Kaspersky conducted its own research “The portrait of modern Information Security professional” to evaluate the current state of the labor market and analyze the exact reasons for the cybersecurity skills shortage.
The research surveyed more than 1,000 information security professionals from Asia-Pacific, Europe, the Meta (Middle East, Turkey and Africa) region, North America and Latin America.
The study found that 41 percent of the companies questioned describe their cybersecurity teams as “somewhat” or “significantly understaffed.”
Russia reported the largest cybersecurity staff shortage, followed by Latin America, Asia Pacific and Meta.
In the Philippines, the Department of Information and Communications Technology (DICT) said the country is suffering from a scarcity of cybersecurity professionals.
“Singapore has about 2,000 cybersecurity professionals, and the Philippines has about 200. And of the 200, 80 percent of that are working abroad,” said DICT Secretary Ivan John Uy.
Uy said high demand for cybersecurity professionals was observed at the height of the Covid-19 pandemic with all brick and mortar businesses quickly shifted online to remain in business. The shift resulted in the rapid increase of cybercriminal activities, among others.
Results of the study
Meanwhile, the respondents highlighted information security research and malware analysis as the most understaffed roles, with over 40 percent of companies identifying them as the most challenging to fill. This heightened demand for these positions was reported across Europe, Russia and Latin America.
Security operations center (SOC), security assessment and network security professionals are slightly less understaffed at 35 percent and 33 percent, respectively. The shortage of SOC experts was particularly noticeable in Asia-Pacific, while the shortage of security assessment and network security analysts is mainly a concern in Meta.
The role with the least number of vacancies, but still in high demand is threat intelligence at 32 percent.
Looking at cybersecurity needs across industries, the government sector reported the highest demand for cybersecurity practitioners, and admitted that nearly half or 46 percent of the information security roles it required remain unfilled.
The telecom and media sectors are understaffed by 39 percent followed by retail and wholesale and healthcare with 37 percent of its roles remaining vacant.
Industries that had the fewest information security vacancies are information technology at 31 percent and financial services at 27 percent but alarmingly, the figures still hovered close to one third.
Vladimir Dashchenko, security evangelist, ICS CERT, Kaspersky, said that to reduce the shortage of qualified information security professionals, companies offer high salaries, better working conditions and bonus packages, while also investing in up-to-date training with the latest knowledge.
However, he noted that these measures are not always enough as shown in the results of their study.
“The growth rate of the domestic IT market in some developing regions is changing so rapidly, the labor market cannot manage to educate and train the appropriate specialists with the necessary skills and expertise in such tight deadlines. On the contrary, regions with developed economies and matured businesses do not report such an acute shortfall of information security professionals as their rates are below market average,” said Dashchenko.
Recommendations
To minimize negative consequences of global cybersecurity staff shortfall, Kaspersky encouraged companies to invest in additional cybersecurity courses for your staff to keep them up-to-date with the latest knowledge.
It also urged firms to use centralized and automated solutions to reduce the burden on the IT security team and minimize the possibility of making mistakes, as well as adopt managed security services to get additional expertise without additional hiring.
Kaspersky said it helps to protect against cyberattacks and investigate incidents even if company lacks security workers. / KOC