Symantec has revealed the findings of its 2011 Threat Management Survey, which revealed a worrying shortage of staff equipped with suitable security skills.
The poll revealed that most enterprises are not confident in their security posture and that staffing is a major issue limiting IT security’s effectiveness.
The survey also found that 46 percent of those who lacked confidence indicated insufficient security staff was a top factor. A similar number (45 percent) cited a lack of time to respond to new threats for their existing staff.
Overall, 43 percent of organisations worldwide reported they are somewhat or extremely understaffed. In North America, respondents were much more likely to report understaffing, with 53 percent reporting staffing challenges.
“Although organisations are more concerned than ever about keeping up with the evolving threat environment, many still fall short of achieving high confidence in their security posture,” said David Dorosin, director of product marketing for the threat and risk management group at Symantec.
Those who lack confidence in their ability to respond to threats also reported issues with staff effectiveness. Sixty-six percent rate their staff as less than effective and only 4 percent rate their staff as completely effective.
The top three issues impacting staff effectiveness were recruiting (46 percent), retention (42 percent) and skill set gaps with existing staff (35 percent). The findings suggest that effectiveness is linked to both staffing levels as well as staff experience and skill set.
Beyond these staffing issues, the other top concerns noted by respondents were keeping up with changes in the threat landscape, maintaining adequate visibility of their own infrastructure and managing security log and alert data in a timely and effective manner. Sixty-eight percent identified threat intelligence as one of their top two concerns.
Concerns about the potential for new avenues of attack in an evolving infrastructure are reflected in the 49 percent who ranked security visibility as a top concern. Finally, a significant number (45 percent) reported they are concerned about their ability to properly correlate and analyze the security information and alerts that are being generated by their security solutions.
Symantec’s recent 2011 State of Security Survey found cyberattacks were the top concern of the organizations surveyed and the importance of these threats has increased for many respondents. Probing deeper into an enterprise’s ability to manage these threats, 57 percent of respondents to the 2011 Threat Management Survey said they lack confidence in their IT security staffs’ ability to respond to new and emerging threats.
CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation
Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…
Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
View Comments
The education system isn’t – or shouldn’t – be solely about turning out people whose skills are an exact match to whatever businesses currently regard as desirable for their purposes. There has been a significant increase in recent years in academic courses with a pronounced security bias, so presumably there has been a demand for such courses. Any university course with the word forensics in the title, for example, seems to attract lots of interest. However, forensics is a very easy job market to saturate, especially in the current climate where important initiatives have been abandoned because of resource starvation.
There are plenty of non-academic qualifications and certifications, though. The problem is that business (again, partly because of resource starvation in many areas) usually wants its security people (like all its other recruits) supplied fully competent, rather than taking people with some of the attributes required and training them up to fill the gaps in their knowledge.