INFORMATION SECURITY PROFESSIONALS don't have the proper skills to deal with cyber attacks, despite ranking software vulnerabilities as a "top concern", the International Information Systems Security Certification Consortium (ISC2) has reported.
The security organisation's sixth Global Information Security Workforce Study (GISWS) polled 12,000 security experts worldwide and revealed that many don't fully understand the need for security and the industry as a whole.
For example, ICS2 found that 15 percent of firms are not able to put a timeframe on their ability to recover from an attack on their networks and computer systems, even though service downtime is one of the highest priorities for nearly three-quarters of respondents.
The GISWS report also found that almost half of security departments are not involved in software development, and security is not among the most important factors when considering an outsourcing provider for software development. Strange, then, that 69 percent of these companies reported application vulnerabilities as their "top concern".
"Now, more than ever before, we're seeing an economic ripple effect occurring across the globe as a result of the dire shortage of qualified information security professionals we've been experiencing in recent years," said ISC2's executive director W. Hord Tipton. "Underscored by the study findings, this shortage is causing a huge drag on organisations."
The report concludes that the major shortage of skilled cyber security professionals is having a negative affect on companies and their customers, leading to more frequent data breaches.
The report also found that hacktivism (43 percent), cyber-terrorism (44 percent), and hacking (56 percent) are among the top concerns identified by security departments worldwide. However, the report further supports an ongoing trend that, though many organisations are aware of the growing risks of cyber attacks, effectively acting upon them is a different story altogether. µ