Lack of security talent threatens Irish organisations
22 April 2016 | 0
Irish trends in information security recruitment are mirroring global ones, according to IT, engineering and science recruitment specialist Experis, with serious implications for the security of Irish organisations.
The company cites global research that shows businesses are currently ill-equipped to deal with security issues, with nearly one third (32%) of those in a survey identifying information security as an in-demand yet hard to find skill. The average cost of dealing with a data breach can now cost businesses up to $3.8million (€3.3million), while the cost of each individual lost or stolen file containing sensitive information rose by 23% to $154 (€135).
This is in the context of a rise in IT security breaches of 38% in just 12 months, the upsurge having occurred between 2014 and 2015, with expectations for even more this year.
Experis said currently in Ireland based on its own research, the roles most difficult to fill are penetration testers, or ethical hackers, policy writers, network security analysts, technical security solutions engineers, senior information security consultants, information security architects and network security specialists.
The company said its research showed the growing Bring Your Own Device (BYOD) culture has resulted in operational inconsistencies that have become security vulnerabilities. Strong perimeter security architecture can no longer adequately protect business processes and information, it said, but providing more advanced governance that goes beyond simply locking down users through firewalls and network controls requires security talent that many organisations do not possess.
“Security breaches are making headlines regularly in Ireland,” said Andrew Crawford, head of Experis Ireland, “and around the world and with the increased sophistication of the technology behind these breaches and the continued move towards remote working, businesses have been eclipsed by the situation. The fact is there simply isn’t enough mature security expertise to go around, either today or for the foreseeable future. At the core of the problem is the conundrum that mature skills and security experience cannot be taught by any academic course. It takes time in the right jobs to develop.”
“Currently more than half of employers use only permanent staff to fill critical IT roles and this model greatly reduces the ability of an organisation to incorporate fast-evolving technologies or react to emerging threats as needed. Companies need to break from the traditional mould of full time permanent staff and look at other options to secure the cyber security and IT skills they need. The shortage of information security talent is not going to ease and organisations need to be imaginative and innovative in finding ways to leverage the talent they acquire in the most effective way possible,” said Crawford.