Call for more training amidst rising cyber-security threats

by L&D06 Sep 2016
Companies in Australia should invest more in training programs in light of increasing security threats from cyber-criminals, claims a new report.

Cyber-attacks can potentially impact the entire business and result in financial, operational and reputational damages.

The report commissioned by specialist recruiter Robert Half found that 64% of Australian CIOs said the number of detected security threats has increased compared to 12 months ago.

The top three cyber-security risks facing organisations in the next five years are spying/ransomware (49%), data abuse/data integrity (49%), and cyber-crime (46%).

The days when IT security was perceived as just an IT problem are over, said David Jones, Senior Managing Director Robert Half Asia Pacific.

“In order to successfully confront a proliferating breed of cyber-attackers, companies need a resilient cyber-security strategy that brings together the right mix of technology and people,” said Jones.

In response to the cyber-attackers, 22% of Australian CIOs said they will be adding new permanent IT security professionals to their team in the next 12 months.

Moreover, 16% state they are planning to hire IT professionals for newly added contract positions within their team. Seventy five per cent of CIOs expect the number of cyber-attacks to increase in the next five years due to a shortage of skilled IT security professionals.

“The most sought after candidates are familiar with new security software and hardware, have an understanding of emerging protection systems and are able to confidently use devices and related applications,” Jones said.

“New technologies raise new security concerns. This trend has resulted in an IT security skills gap since the available expertise has not kept pace with the evolving IT threats.

“As demand for new cyber-specialists entering the IT market outstrips supply, companies are being forced to reconsider their training and retention programs.

“They are also recruiting from overseas, partnering with educational organisations, and developing flexible hiring strategies that include both permanent and contract specialists, including external risk agencies.”

As organisations are confronted with additional security threats (including mobile, application and Big Data analytics security) a number of areas within cyber-security are experiencing higher demand for specialised skills.

CIOs said cloud security (54%), hacking and penetration testing (38%), and Big Data and data analytics (32%) as the top three technical skills in demand.

However, these competencies are also amongst the most challenging security skills to find.

“Having a robust talent management program is essential to efficiently manage the IT security skills shortage,” said Jones.

“If companies want to stay abreast of industry developments and successfully tackle IT security issues, they need to assess what areas of expertise are missing in-house and either invest in training programs for existing IT professionals or hire additional IT security experts.”

Even though technical skills are still must-have competencies for a specific position, soft skills have also become substantially more important.

“There is no doubt that highly specialised technical skills are vital, but the ability to clearly articulate cyber-security issues in a language that senior management and non-IT employees understand not only increases security awareness, it also enhances the reputation of the IT department as business partners who add value across the business,” said Jones.

According to Robert Half, analytical skills and providing insights, in addition to strong business acumen and communication skills, have become highly sought-after skills for an IT security role.