Posted on August 31, 2016 by staff

IT security skills gap poses dire threat to UK businesses


The cyber security landscape is evolving.

Lone cyber-attacks, organised criminal hacking and state-sponsored cybercrime are all on the rise and are a threat to every organisation with a connection to the internet.

These attackers have a more expansive arsenal of digital weaponry than ever before and their main focus of attack is increasingly becoming the businesses sector.

The cyber-security industry needs a pool of trained professionals it can draw upon to help defend businesses against this very real and immediate threat.

However the UK’s IT security skills gap is affecting the industry’s ability to build the workforce of defenders it so urgently needs.

The effect this is having on the business sector is reflected in the Government’s research into cyber security. Over the past year, two-thirds of big businesses have been the victim of a cyber-attack.

The cost of some of these breaches reached millions. However, it’s not just large enterprises that need to be concerned. Attackers are increasingly turning their attention to smaller firms.

According to statistics released by internet security firm Symantec, 43 per cent of the global attacks logged during 2015 were against small companies – a figure that has been rising steadily over the past four years.

There are a number of contributing factors to why businesses, both large and small, have become the prime target of cyber-criminals.

Whilst companies are starting to see the benefits of cyber security, too many still have poor processes in place to effectively secure themselves from internal breaches or external attacks.

What is more, companies now hold more critical information than ever before, storing a wealth of customer and employee data.

Valuable information protected by weak security is an opportunity most cyber attackers won’t, and don’t, pass up.

However, implementing business-wide cyber security processes can be a costly process that requires both knowledge and experience to carry out effectively. The cyber security industry has a drought of trained professionals who can do this.

Unlike many other sectors, there is no streamlined route into cyber-security from education to industry. This means the flow of talented individuals required year on year is virtually non-existent.

The seventh annual (ISC)² Global Workforce Survey, conducted by Frost & Sullivan, predicts there will be a shortage of 1.5 million information security professionals by 2020.

Such a vacuum of man-power has a knock-on effect directly impacting how businesses can respond to cyber attacks.

One in five organisations throughout the public and private sector admitted that it could take between eight days and eight weeks to repair the damage from a cyber-attack. Nearly half – 45 per cent – blamed the lack of qualified staff.

Due to the nature of the threats affecting businesses, certain skills such as intrusion detection, attack mitigation and secure software development are in high demand and require training and experience to develop them.

Despite this, Government research has indicated that only 17 per cent of businesses have invested in cyber security training in the last 12 months.

Fortunately, the UK Government is quickly coming to terms with the critical vulnerability the IT security skills gap is creating for the country’s economic security.

Below: Avecto co-founder and CEO Paul Kenyon on his cyber security firm

With significant investment being a driving force behind much of the Government’s cyber security policy, it is backing initiatives that are enabling businesses to work collaboratively with the cyber security industry to recruit, train and develop IT security professionals.

We at Cyber Security Challenge UK work with UK businesses and cyber-security firms to find individuals with the appropriate skills and inspire them to pursue a career in the industry, helping to build the workforce of cyber-security professionals required to make British enterprises more resilient to cyber-attacks.

The basics of computer security are not taught in schools or covered on the majority of university computer science courses.

As a result, the stream of talented graduates most industries have become used to recruiting from does not exist for the cyber security sector.

UK businesses therefore need to take it upon themselves to invest in the training and education of a skilled cyber-security workforce.

Schemes such as ours offer a platform through which businesses can unearth and develop the UK’s cyber security talent.

This is achieved by providing a gateway through which these businesses can witness this talent first-hand and recruit it directly into their organisations.

The lack of a well-trained workforce poses a dire threat to the future of UK businesses and the pace of technological change which continues to rage on at a blistering rate is only exacerbating the issue.

However, as more and more companies invest in cyber security through collaborative projects and initiatives, the UK will be better prepared to contend with the cyber threat facing the business sector.