With human error causing nearly two-thirds of all cyber incidents in the past two years, more than 50 percent of acting cybersecurity professionals admit they made mistakes early in their career due to a lack of theoretical or practical knowledge, a new global study commissioned by Kaspersky has found . The percentage of respondents acknowledging such mistakes increases to nearly 60 percent among those with two to five years’ experience in the field.
According to a recent
Kaspersky study over the past two years, organizations have suffered
at least one cyber incident due to a lack of qualified cybersecurity staff. While
sourcing more qualified cybersecurity staff might be one of the solutions to
tackle this problem, businesses worldwide are facing a severe lack of
information security (InfoSec) professionals. According to current
estimates, the
cyber-workforce shortfall totals nearly 4 million.
The general cybersecurity skills gap is
accompanied by the fact that many new starters in the industry must cope with
the gaps in practical and theoretical knowledge, resulting in initial struggles
and making errors in their job. Failure to update software (43%), using weak or
guessable passwords (42%) and neglecting to perform backups in a timely manner (40%) turned out
to be some of the most common mistakes made by InfoSec professionals worldwide
early in their careers. In APAC and North America, the use of outdated security
measures was also a common mistake cybersecurity experts made at the beginning
of their career.
As
cybersecurity professionals acknowledge they might not have had the required
skillset and hands-on experience when entering the field, some point at additional
difficulties with jump-starting their careers. Despite the cyber industry
continuously reporting a workforce gap, 34 percent of respondents claim to have
had three or more failed interviews before being selected for an InfoSec role.
“It’s no secret that formal training programs
often struggle to keep up with industry developments, and that is especially
true for the cybersecurity field,” comments Marina Alekseeva, Chief Human Resources
Officer at Kaspersky. “The fact that many
employees in the market might have limited practical skills or gaps in their
knowledge underlines the importance of a comprehensive onboarding process with
a focus on peer learning and means companies must pay more attention to the
upskilling of their employees. For Kaspersky, employees are the most valuable
asset, so we have been investing continuously in the education of the company’s
corporate staff, enhancing
employees' capabilities and fostering a culture of learning and continuous
development. We’ve also been contributing to bridging the existing
cybersecurity talent gap by providing industry-leading individual and corporate
training courses for IT professionals.”
Initial challenges cybersecurity experts face
when they join the industry may explain why nearly half of InfoSec
professionals (46%) say that it took them more than a year to feel comfortable
in their first cybersecurity roles. While 31 percent of respondents managed to
get to grips with their job within one or two years, fewer than 10 percent of
respondents said the process took them two to three years (9%) and more than three
years (6%).
The full
report and more insights on the educational background of cybersecurity experts
and the initial struggles they faced in their careers are available via this link.
To tackle the knowledge gap and ensure a smoother
integration of cybersecurity workforce into the workflow, Kaspersky recommends
a series of both preventive and reactive measures:
1. At an educational level, training programs should be updated and become more
flexible and agile, which can be achieved through collaboration with industry players
and experts. Kaspersky
contributes to this process by running a special program for universities — the
Kaspersky Academy Alliance — which integrates
cybersecurity expertise, offering program participants access to lectures and
training sessions as well as the latest technologies.
2. Those who only plan
to join the cybersecurity field can acquire experience in real-life
cybersecurity scenario handling by completing an internship in an information
security or research and development department. Another opportunity to boost
practical skills is the participation in international competitions or Capture
the Flag events. Follow the news on Kaspersky’s LinkedIn page to be the
first to find out about openings in our internship program and updates
regarding our global competition for students Secur’IT
Cup.
3. Businesses can
invest in upskilling programs for their corporate staff, helping the latter get
new knowledge and skills, and remain competitive. Kaspersky provides a wide
range of dedicated training programs for information security professionals,
offering both professional education for individuals and corporate training.
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help over 220,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.