Organizations struggling to find skilled security staff, leaving 82% of security teams understaffed
83% of IT security professionals feel more overworked going into 2020 than they were at the beginning of 2019, and 82% said their teams were understaffed, according to a Tripwire survey.
Hard to find skilled security staff
The strain on cybersecurity teams is exacerbated by the inability to find experienced staff, and 85% acknowledged it has become more difficult over the past few years to hire skilled security professionals.
“It’s getting harder and harder for organizations to fill open positions on their security teams,” said Tim Erlin, vice president of product management and strategy at Tripwire.
“Larger organizations, which you might assume have more resources, are experiencing the skills gap issue even more acutely than smaller organizations. It’s a challenge to hire the right skill sets – they keep changing along with security, which is always evolving.
“Nearly all of those we surveyed said the skills required to be a great security professional have changed over the past few years.”
In recent years, cybersecurity conferences and online communities have been emphasizing the need to manage work stress and increase focus on mental health. While 93% expressed interest in understanding wellness issues, only 19% of companies provide resources for managing the stress associated with the specific issues of IT security.
Addressing the skills gap
In assessing the various ways organizations address the skills gap and strain on their teams, the survey found the following:
- A large majority (85%) believe managed services are a good option for addressing security skills gaps.
- Nearly half (46%) said they plan to use more managed services in 2020.
- Half (50%) said they will invest more heavily in training existing staff.
CISO involvement
The survey also explored views on chief information security officer (CISO) involvement. Of the 85% that said they have CISOs in their organizations, 40% said their CISOs are not involved enough in day-to-day operations, while 10% believed their CISOs are already too involved.
Erlin added: “CISOs should be focusing on high-level strategy, but because their teams are understaffed and have an overwhelming volume of work on their desks, they may have to get involved in daily operations, if they haven’t already. To solve the problems caused by skills gap issues, training and managed services are both good approaches.
“By partnering with providers, organizations can free themselves from operational work and gain insights that will help inform decisions. And because recruiting and training isn’t always possible, managed services provide businesses a way to augment their teams.”