A new research report by Kaspersky Lab has revealed a severe shortage of cyber security experts in the business of safeguarding organisation against Internet attack around the globe.
The 2016 Corporate IT Security Risks survey found that large businesses with a small amount of full-time security experts pay almost three times more to recover from a cyber-attack than those businesses with in-house expertise.
The Kaspersky report cites that “businesses, large and small, don’t have the full-time security expertise to properly handle an attack on their own. Only 15 percent of the employees in an IT department of a large company are dedicated to security.”
[quote font=”georgia” font_size=”22″ font_style=”italic” align=”left” arrow=”yes”]Authors of the report says a survey conducted covered 4,000 companies, in which almost half (48%) of businesses admit there is talent shortage, and another 46% admit that there is a growing demand for more specialists.[/quote]According to the technology security company, ”for example, in a large business that equals 39 specialists in a typical team of 220 experts managing all aspects of the infrastructure. For SMBs, there are only two security experts out of a team of 16 IT professionals. With an average of 315,000 malware threats detected on a daily basis, businesses need to reconsider proactively enhancing their security defenses.”
Authors of the report says a survey conducted covered 4,000 companies, in which almost half (48%) of businesses admit there is talent shortage, and another 46% admit that there is a growing demand for more specialists.
The report also reveal that large businesses hiring outside help pay between $1.2 million to $1.47 million to recover from a cyber-security incident, compared to those large businesses that have in-house skilled IT security experts to handle a crisis who pay between $100,000 to $500,000.
Such additional expenses of hiring external experts can be prevented can be reduced if businesses would employ competent cyber-security experts. Proactively hiring new staff to employ experts before an incident, rather than bringing them in to pick up the pieces, significantly lowers the average IT costs and helps better protect the business.
The report also shows that overall, “68.5% of companies expect an increase in the number of full-time security experts, with 18.9% expecting a significant increase in headcount.”
Proffering solution to this problem, Kaspersky Lab says “higher education is an important part of fulfilling such a demand, but this is also a call for a change within the security industry itself. One of the solutions is to aid universities with relevant experience.”
The security company also recommends sharing of detailed research intelligence on attacks and on-going threats with customers and other fellow cyber-security experts to help make a global cyber defense will aid to solve this problem.
According to Veniamin Levtsov, Vice President, Enterprise Business at Kaspersky Lab, “in this evolving industry the relationship with our customers already goes beyond the shipment of a technology or a product – to providing the skills and training necessary to identify on-going attacks. Sharing detailed research about attacks on other businesses, in the form of intelligence reports, is also necessary, along with actionable, machine-readable data about on-going threats.”
The Kaspersky exec say that “solving the different challenges of threat prevention, detection, incident response and prediction requires a lot of flexibility and experience and we are dedicated to helping grow the security expert workforce around the world.”