Story image

Aussie organisations unknowingly contributing to cyber security skills shortage

29 Nov 16

Australia is suffering a cyber security skills storage, and organisations may be unknowingly contributing to the problem.

According to a new study by the Australian Information Security Association, organisations that fail to recognise the importance of cyber security expertise within their organisation may be playing a role.

The study suggests that the skills shortage is better characterised as a ‘failure of some organisations to resource appropriately’, rather than the belief that there are not enough people to fill available jobs.

Seventy eight per cent of AISA members surveyed believe that there is a shortage of qualified cyber security workers for available positions in Australia. However, further analysis of the data suggests that the problem is deeper than demand simply outstripping supply. 

AISA members believe a large proportion of organisations are not putting the right number of people with the right skills into appropriate positions, although many acknowledge there are several organisations which do support well-resourced security teams, the study shows.

This resourcing problem is fuelled in part by a failure on the part of management to appreciate information security risks, according to the study. This failure may in turn be a consequence of the relative immaturity of the Australian cyber security skills market, AISA suggests.  

From the supply side, AISA says there is evidence of high levels of frustration from those looking to enter the cyber security work force, with too much focus by employers and recruiters on prior experience and detailed knowledge of very narrow and specific areas, which it says unnecessarily narrows the pool of available candidates.

“The reluctance of many employer organisations to invest in development of entry level cyber security workers is a particular concern, given the average Australian cyber security worker is 36 or older, with a large number looking to retire in the next 10 to 20 years,” the company says.

“It also raises questions about the career prospects of graduates from vocational and tertiary courses, more of which are being rolled out to address the perceived crisis.”

AISA CEO Arno Brok says there are several organisations in the Australian economy that do cyber security well, while many do not even have cyber security on their radar or see it as irrelevant to their business. 

“Those who are doing it well have the budget and understanding of their own requirements to recruit and train the people they need,” says Brok. 

Ms Siganto, AISA’s Director of the Cyber Security Academy (CSA) says a more mature appreciation of how important information security is to ensuring trust and protecting organisational reputations will help raise the profile of the profession and provide a more clearly marked pathway for cyber security workers.

“AISA has an important role to play in helping employers understand the kinds of skills information security practitioners can bring,” says Siganto. 

Based on the findings from this research AISA is pursuing a number of important initiatives including:

·         Publishing a Cyber Security Careers Guide identifying job roles and career pathways for those interested in pursuing a cyber security career, employers and recruiters to improve their understanding of the cyber security skills ecosystem

·         Working with employers to increase their understanding of the need to invest in and grow Australia’s cyber security capability

·         Working with the Australian Professional Standards Council to identify Cyber Security as a profession under the scheme.

What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Bitdefender announces security integration with Kaseya
The new partnership will allow VSA by Kaseya’s cloud and on-premises users to deploy and manage security with Bitdefender Cloud Security for MSPs.
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.