Story image

Aussie organisations unknowingly contributing to cyber security skills shortage

29 Nov 2016

Australia is suffering a cyber security skills storage, and organisations may be unknowingly contributing to the problem.

According to a new study by the Australian Information Security Association, organisations that fail to recognise the importance of cyber security expertise within their organisation may be playing a role.

The study suggests that the skills shortage is better characterised as a ‘failure of some organisations to resource appropriately’, rather than the belief that there are not enough people to fill available jobs.

Seventy eight per cent of AISA members surveyed believe that there is a shortage of qualified cyber security workers for available positions in Australia. However, further analysis of the data suggests that the problem is deeper than demand simply outstripping supply. 

AISA members believe a large proportion of organisations are not putting the right number of people with the right skills into appropriate positions, although many acknowledge there are several organisations which do support well-resourced security teams, the study shows.

This resourcing problem is fuelled in part by a failure on the part of management to appreciate information security risks, according to the study. This failure may in turn be a consequence of the relative immaturity of the Australian cyber security skills market, AISA suggests.  

From the supply side, AISA says there is evidence of high levels of frustration from those looking to enter the cyber security work force, with too much focus by employers and recruiters on prior experience and detailed knowledge of very narrow and specific areas, which it says unnecessarily narrows the pool of available candidates.

“The reluctance of many employer organisations to invest in development of entry level cyber security workers is a particular concern, given the average Australian cyber security worker is 36 or older, with a large number looking to retire in the next 10 to 20 years,” the company says.

“It also raises questions about the career prospects of graduates from vocational and tertiary courses, more of which are being rolled out to address the perceived crisis.”

AISA CEO Arno Brok says there are several organisations in the Australian economy that do cyber security well, while many do not even have cyber security on their radar or see it as irrelevant to their business. 

“Those who are doing it well have the budget and understanding of their own requirements to recruit and train the people they need,” says Brok. 

Ms Siganto, AISA’s Director of the Cyber Security Academy (CSA) says a more mature appreciation of how important information security is to ensuring trust and protecting organisational reputations will help raise the profile of the profession and provide a more clearly marked pathway for cyber security workers.

“AISA has an important role to play in helping employers understand the kinds of skills information security practitioners can bring,” says Siganto. 

Based on the findings from this research AISA is pursuing a number of important initiatives including:

·         Publishing a Cyber Security Careers Guide identifying job roles and career pathways for those interested in pursuing a cyber security career, employers and recruiters to improve their understanding of the cyber security skills ecosystem

·         Working with employers to increase their understanding of the need to invest in and grow Australia’s cyber security capability

·         Working with the Australian Professional Standards Council to identify Cyber Security as a profession under the scheme.

WhatsApp users warned to change voicemail PINs
Attackers are allegedly gaining access to users’ WhatsApp accounts by using the default voicemail PIN to access voice authentication codes.
Swiss Post asks public to hack its e-voting system
Switzerland’s postal service Swiss Post is inviting keen-eyed security experts and white hats to hack its e-voting system.
Spoofs, forgeries, and impersonations plague inboxes
It pays to double check any email that lands in your inbox, because phishing attacks are so advanced that they can now literally originate from a genuine sender’s account – but those emails are far from genuine.
Flashpoint signs on emt Distribution as APAC partner
"Key use cases that we see greatly benefiting the region are bolstering cybersecurity, combating insider threats, confronting fraud, and addressing supply chain risk, to name a few."
The attack surface: 2019's biggest security threat
As businesses expand, so does their attack surface – and that may be the biggest cybersecurity risk of them all, according to Aon’s 2019 Cyber Security Risk Report.
Opinion: Cybersecurity as a service answer to urgent change
Alan Calder believes a CSaaS model can enable a company to build a cyber resilience strategy in a coherent and consistent manner.
Why SD-WAN is key for expanding businesses - SonicWall
One cost every organisation cannot compromise on is reliable and quick internet connection.
New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.