Article

• Aug 01 2022

Finger in the dam: spotting cyber security skills gaps in your business

4 min read

Cyber security is a lot like a dam.

A dam holds back huge volumes of water, and if any gets through, it could mean disaster. Even a small crack needs immediate attention. Not only could it let water out, but it could also easily become bigger and cause a major flood.

In the same way, your cyber security is responsible for holding back myriad threats. The smallest weakness could be the way in for one of those threats, and once that happens, the rest of the defences could be rendered ineffective.

The cyber security skills gap

- ICASA reports that almost 70% of businesses that suffered a cyber attack were understaffed in their cyber security department.

- Cyber security accreditation body(ISC)2 found that understaffing means that systems are misconfigured and patched too late, risk assessments are not thorough enough, businesses aren’t fully aware of all threats, and security deployments are rushed.

- The Department for Culture, Media, and Sport (DCMS) revised its estimate for the shortfall of cyber security workers. It had published that the industry would be short of 10,000 workers, but increased that figure to 14,000.

Here are the cyber security skills your business needs, and how to know what you’re missing.

The cyber security skills your business needs

Risk management

There will always be risks, and realistically, you can never hope to keep out all cyber threats, so cyber security risk management handles them in three stages: prevention, cure, and resolution.

Prevention: As the name suggests, the first line of defence is to try and stop attacks from succeeding or penetrating in any way.

Cure: If and when a threat gets through, the priority is to contain it, then, if possible, remove it.

Resolution: Repairing any damage from the attack, learning how to protect against similar hacks in future.

Patch management

Maintaining the latest versions of business software is part of basic cyber security. Your teams need to be fully aware of all the relevant patches and updates, and know how best to roll them out to the wider company.

Cyber security professionals must have a truly thorough understanding of which providers are rolling out patches, and what those patches are. Otherwise, they can be easily duped by malware masquerading as software updates.

Cloud Security

An increasing amount of business software is cloud-based, and teams need to fully comprehend the unique challenges that the cloud presents to cyber security.

Leadership

The more senior the cyber security hire, the more they will require management experience, and the ability to lead initiatives and secure buy-in from employees, sometimes company-wide.

How to find out which skills you’re missing

Conduct self-assessments

Survey your teams and ask them to assess as honestly as possible what skills they have, and where they could improve.

Run interviews

As above, but as dialogue in which you can explore answers in more detail.

Analyse past breaches

Are there any patterns in your prior breaches that might indicate one or more specific weaknesses?

Actively test your security

Hire (permanently or on contract) ethical hackers to try and breach your security measures and test the response of your cyber security teams and establish where they’re weak.

How to keep the talent you have

You might fear that this level of scrutiny and testing may disgruntle and drive away talent, but the evidence suggests you don’t need to worry — if it serves continued development, and the employer invests in the workforce’s cyber security skills, the opposite is true.

75% of cyber security professionals believe that their employer’s investment in development affects their decision to stay in the business, and 48% consider leaving because they don’t get the resources to develop their skills.

By investing in the skills and experience of your cyber security teams, you also increase the chances of them remaining in your business, so you address two major vulnerabilities in one.

How to find the talent you need

In a market of intense competition for cyber security talent, you’ll need expert help attracting the skills that’ll plug any leaks in the cyber security dam. RPI specialises in finding specialists who can lead and execute transformational change — get in touch today at people@rpint.com.

RPI provides access to the top leadership and technology talent globally