A diverse swath of organizations across the globe are struggling to find cybersecurity talent, a report published Wednesday by Intel Security shows. 71 percent of the study’s respondents said that this irrefutable skills gap is also causing “direct and measurable damage” to their organizations.
“There is absolutely a talent shortage … [and] there are some fairly significant implications to that,” said Intel Security Vice President Candace Worley during an event the Center for Strategic International Studies.
“When you have open [requirements,] when you have open positions that are not filled in your cybersecurity organization, in all probability, that means either the people you have on staff are understaffed — they are working 24 hours a day and heading for burnout — or you’re probably not as alert,” Worley said.
This shortage in capable cybersecurity professionals is forcing both private enterprise and the federal government to pursue unconventional solutions, explained Phyllis Schneck, the Deputy Under Secretary for Cybersecurity and Communications at the Department of Homeland Security.
According to the report, one-in-three [respondents] say a shortage of skills makes their organizations more desirable hacking targets. One in four say insufficient cybersecurity staff strength has damaged their organization’s reputation and led directly to the loss of proprietary data.
The new Intel study — compiled in partnership with CSIS— provides insight into what employers are looking for in candidates and subsequently, how the demand for these unique specialists is shaping the way organizations approach recruitment operations.
A growing number of employers — in comparison to past statistics provided by other similar cyber workforce reports — are less likely to view a college degree as a mandatory requirement for cybersecurity position candidates, according to the Intel Security study.
Some employers said they value professional certifications more than college degrees, because these certificates can more directly represent an attained skill set. And an impressive 68 percent of the Intel study respondents say that experience in hacking competitions is highly valued.
While the report largely covers a variety of well-known and understood industry-related hiring challenges, it also provides a rare window into how organizations believe automation — a type of software that can essentially cut down on manual oversight — will one day help decrease the need for a large, physical cyber workforce.
90 percent of respondents said they believe advancing technology can help mitigate their cybersecurity hiring problems. 55 percent said that within five years, cybersecurity technology will, on its own, be able to meet a majority of their organizational needs. But experts speaking at CSIS cautioned that automation will not present a “silver bullet.”
“What I would remind you is that behind those automation efforts is innovation and creativity, and that’s a whole other [cybersecurity] workforce to make that happen … [automation] is not the silver bullet, it is part of the overall strategy that we need to keep in mind,” said Rodney Petersen, director of the National Initiative for Cybersecurity Education.
“I think automation can play a role, but there will always be a critical need for people who have deductive reasoning and problem solving and critical thinking skills,” Worley agreed.
Earlier this month, the White House announced new measures to strengthen the federal cybersecurity workforce, including policies that will help agencies retain, as well as recruit, highly skilled information security professionals.
Additionally, National Security Agency director Michael Rogers described how the spy agency is also exploring new hiring programs that would help enable recruits to transition from the private sphere into public service and vice versa.
Rogers said, during an appearance at the National Press Club, that these types of programs are necessary to staff the government with the very best talent during a time in which the private cybersecurity sector offers much greater financial incentive.
The Intel Security study was based on an eight-nation survey, complete with 775 interviews of information technology decision makers. Independent technology market research specialist Vanson Bourne was commissioned by the company to complete the required research.