A lack of qualified security professionals is putting businesses at risk of increasingly complex and dangerous cyber threats.
“Every year the number of threats and the sophistication of those threats escalate,” says Alice Hill, Managing Director at Dice.com. “It’s a battle that will only continue to increase, making cyber security positions a priority within organizations.”
As threats evolve, the skills gap continues to widen. According to Intel’s ‘Hacking the Skills Shortage’ report, there will be 1-2 million unfilled cyber security jobs worldwide by 2020.
Clearly, cyber security skills are in huge demand, but as technology changes, what domains should security professionals invest in? Whether for yourself or your team, these are the most in-demand cyber security skills for 2017.
The increasing use of virtualization and cloud initiatives has fueled a continued demand for professionals with network security skills.
Network monitoring applications are essential for identifying suspicious behavior, but they’re no substitute for knowledge. Organizations need employees who can use their security experience to detect suspicious network activity and make quick decisions in regards to threat escalation.
Given the use of critical infrastructure now functioning inside business networks, professionals must learn how to defend the vulnerable points of their network. Without this knowledge, security professionals will be unprepared to protect their business.
Technology firms, consulting companies, government, retail and healthcare are seeking qualified network security professionals. Luckily, a number of certifications exist to prove these skills, like EC-Council’s Certified Network Defender (CND) or CompTIA’s Security+ certification.
Professionals with network security skills can set themselves up for rewarding and well-paid roles; the average salary for a Network Security Analyst is $64,000 (PayScale).
33 percent of cyber security professionals say their organization has an acute shortage of application security skills, according to a recent ESG/ISSA report.
It is therefore little surprise that secure software and application development practices are neglected. These policies are key to an organizations security strategy – most data breaches are successful because of flaws in software code, or unpatched software that’s not updated regularly.
“…in-house software development can be fraught with danger if coding and QA is poor, and coding errors slip through into production,” says Paul Fisher, Research Director for Cyber at PAC.
“The apps may work, but the hackers will soon find the holes. Secure code developers are worth their weight in gold.”
Intensive QA and secure code development practices will cost businesses more in the short-term, but they will benefit from resilient applications less likely to result in a breach later on.
Professionals can boost their application security knowledge by researching secure coding practices, or by achieving industry-standard certifications, like (ISC)2’s CSSLP or EC-Council’s Certified Secure Programmer (ECSP).
The average salary for an application developer is $66,000 (PayScale) – and concrete evidence of your application security skills will boost this.
The shortage of cloud security knowledge is affecting cloud deployments. Almost half of organizations surveyed in a recent Intel security report cited a lack of cloud security skills as a barrier to adoption or usage of cloud services.
Whilst there are many security benefits associated with cloud technology, improper use by businesses increases the risk of threats like data breaches, weak identity/credential management, shared technology use, and denial of service.
Good insider threat detection is crucial but often overlooked. When software provider, Sage, was struck by a massive data breach in 2016 that affected 280 firms, the attacker was a disgruntled employee.
Professionals with cloud security skills are highly valuable and will become even more so as enterprises begin to accelerate cloud investment.
Over half of C-level executives ranked data security amongst the top three business priorities in 2017. And with catastrophic hacks — like the ongoing Cloudbleed breach affecting Uber, Yelp and Fitbit — it’s easy to see why businesses are concerned about their sensitive data being breached.
Elaborate attacks targeted the largest businesses in 2016, when Yahoo revealed 1billion accounts compromised in the largest breach in history.
But it’s not just industry leaders that should be worried, the average cost of a data breach is $5.28m or 20 percent of revenue. And that’s without taking into account lasting brand damage.
Plus, emerging laws on privacy, like Europe’s upcoming General Data Protection Regulation (GDPR) — is putting the pressure on organizations to invest in professionals with data security skills.
No business is immune to data protection law. They’ll need knowledgeable professionals to boost their data security, ensuring compliance with existing and future standards.
According to ESG/ISSA’s report, 20 percent of cyber security professionals say their organization lacks penetration testing skills. Without regular penetration tests on services and applications, organizations will be unaware of their security flaws until it’s too late.
“Often these attacks are successful because criminals discover vulnerabilities in the network that the business is unaware of,” says Paul Fisher. “Attackers can be inside an organization for months, even years, monitoring and exfiltrating the data.”
Safe hacking exercises, known as penetration tests are integral to a comprehensive security policy. Performed by penetration testers, or Ethical Hackers, these tests involve using the same techniques and tools used by hackers.
Penetration testers will phish your employees over email, scan your network for flaws or barrage your servers as part of a DDoS attack. But instead of leaking your sensitive data, professionals with these skills will report your security vulnerabilities, providing guidance on how they can be fixed.
Without these harmless tests, security holes in your systems could remain undiscovered, leaving your organization open to attack.
Professionals can skill-up in penetration testing by following EC-Council’s certification track, starting with the Certified Ethical Hacker. This certification proves professionals know how to use a wide range of hacking tools, and provides a roadmap to the ECSA, a follow-up cert that provides in-depth knowledge of penetration testing.
Because of the high demand, the median salary for qualified penetration testers is $79,000 (PayScale).