The new threat to corporate cybersafety: a lack of IT security talent

Kaspersky lab has identified the threat posed by the difficulty of recruiting security talent as well as the potential for today’s tech-savvy youth to fill the void.

Martijn van Lom, General Manager of Kaspersky Lab Benelux

Kaspersky lab has identified the threat posed by the difficulty of recruiting security talent as well as the potential for today’s tech-savvy youth to fill the void. – By ITnation

In a recent report, global cybersecurity company Kaspersky Lab warned of the growing threat to businesses posed by the shortage of security talent. More and more companies, from small family businesses to international corporations, are looking to reinforce their security measures due to new data security regulations, the evolving threat landscape and a renewed focus on protecting sensitive data. They require the expertise of trained security officers on board, however recruiting candidates with the right combination of skills and expertise is becoming increasingly difficult. Businesses unable to build the right corporate security intelligence may then find themselves paying a premium of up to 200% to recover from a cybersecurity incident. They may also struggle to stay compliant with new regulations, due to the inability to find C-level security experts and carry out annual auditing. Even small businesses can be saddled with heavy fines if they are affected by a security attack and unable to meet new reporting requirements.

Skilled talent increasingly difficult to find

One reason for this is that the demand for cybersecurity expertise has far outpaced higher education. “In recent years, there has been a huge increase in the need for cybersecurity knowledge on the market, but we don’t see this reflected in education, which has led to a worldwide shortage of talent,” explains Martijn van Lom, General Manager of Kaspersky Lab Benelux. According to research from Kaspersky Lab, 68.5% of businesses expect to increase the number of full-time security experts they employ, but there are few candidates who have the requisite training, experience and skills for the position, which leads many companies to recruit internally. Kaspersky Lab notes that on average only 1 in 40 applicants can not only demonstrate the broad IT knowledge and specific experience with programming languages but also the drive and curiosity required for an IT security role within the company.

Harnessing the new generation of digital natives

Kaspersky Labs believes that the key to filling this gap is attracting the new generation of tech-savvy youth into the industry. “Young people are more connected and have a basic understanding of IT at an increasingly younger age,” says van Lom. “Now we need to provide them with the right education around it.” In 2016, Kaspersky Labs launched the university-level Kaspersky Academy in Moscow to impart a new generation of high school graduates with the skills they need to work in the field. The company is also connecting with other universities to provide training courses in cybersecurity worldwide. Van Lom believes that it’s incumbent on industry leaders and governments to take action in order to attract today’s teenagers to the field, warning that youth often have their first experiences with the ‘dark web’ between the ages of 16-20, which can lead to involvement with lucrative cybercrime. “We need to make them aware that cybersecurity is an attractive, growing industry with very good job prospects,” he says.

Sharing security intelligence within the industry

Another important way of tackling the talent shortage is through intelligence sharing. Kaspersky Labs believes that the exchange of expertise on cyberthreats, attacks and vulnerabilities among businesses, despite the hesitance many feel towards it, is a valuable prevention measure and way for companies to more quickly be alerted to ongoing threats they may be facing. In Luxembourg, Kaspersky Labs is investing in the market to connect partners and develop local expertise, while also working with the government to share information on risks. “Our R&D team has close links with government experts and we provide security expertise to a number of clients, particularly banks,” says van Lom. The company believes that this focus on developing better information sharing on threats within the industry combined with new training opportunities in IT security will help to mitigate the shortage and allow businesses to improve their cybersecurity over the coming years.