Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Why You Should Be Losing Sleep over the Security Skills Shortage

We've written a few  times in this space about the seemingly ineradicable security skills shortage that exists in organizations worldwide. Bad news: The picture doesn't appear to be getting any rosier. The latest ominous headline comes from Burning Glass, a labor market analytics firm, which has documented a 74 percent spike in cybersecurity job postings from 2007 to 2013, double the rate of all IT jobs.

For a long time, many business leaders have viewed security as little more than a nuisance. This mentality, which still persists in some places, resulted in the limited cultivation and development of proficient security professionals. But over the past decade, massive breaches became commonplace, the cyber black market rapidly matured and professionalized, and the attack surface dramatically expanded as emerging technologies and network-connected devices entered the corporate mainstream.

Chief executive officers and other bosses have since perked up to the seriousness of the whole situation, but the demand for security talent has long surpassed the supply. Astonishingly a reported one million security jobs are unfulfilled worldwide. Industry, government and academia efforts to bolster education and training will help, but the road remains long and convoluted. The proverbial barn door is open, and the horse has bolted.

Coming off arguably the most prolific year in history for data compromises - and staring even more egregious attacks directly in the face - security groups can ill afford to be staffed with inexperienced, incompetent or strictly compliance-minded individuals. This goes not only for prevention and detection obligations, but also for the seemingly inevitable duty of incident response   .

Meanwhile, in an attempt to repel their sly adversaries, organizations have unwittingly created an additional problem for themselves: They have purchased feature-rich security technologies they hope will stop modern-day threats like malware. But with features comes complexity, and many businesses have been unable to properly adopt or effectively deploy these solutions.

Our just-released 2015 Security Pressures Report, which polled more than 1,000 security decision-makers in the United States, U.K. and Canada, found that 84 percent of respondents want to see the size of their IT security team increased. And more than two-thirds feel pressure to adopt security technologies containing all of the latest features, but only 29 percent believe they have the proper resources on hand to use those purchases.

The Pressures Report offered a number of recommendations in its conclusion section, but one specifically spoke to the lack of skills and product complexity challenges facing organizations. It encouraged organizations to consider managed security service providers, which already are seeded with deep expertise and intelligence, and can scale their offerings to meet the demands of any size organization.

The final section of the report also noted the importance of organizations ingraining security into their culture. Entities that prioritize security and IT risk reduction from the top down are stronger situated to ensure the most qualified candidates for security roles are the ones who are hired - and once they are brought on board, they stay.

We encourage you to download the 2015 Security Pressures Report to see all of the pressure-related stats that may be hampering your job, in addition to the rest of our list of practical suggestions for alleviating these points of tension.

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More