Cybersecurity skills crisis contributes to security breaches
Recent high profile stories like the Heartbleed bug have turned the spotlight on IT security. A new report by the Information Systems Audit and Control Association (ISACA) highlights how a skills crisis is putting more pressure on security teams.
ISACA surveyed enterprises to understand the level of attacks and their security preparedness. Key findings include that one in every five enterprises has suffered an advanced persistent threat attack, but that one in three of those don't know where it came from.
It also highlights that according to Symantec there has been a 62 percent increase in the number of data breaches in 2013. Also on Cisco's figures there's a worldwide shortage of 1 million security professionals.
To help address this growing skills crisis ISACA is launching a Cybersecurity Nexus (CSX) program. Developed in collaboration with chief information security officers and cybersecurity experts from leading companies around the world, CSX fills a need for a single, central location where security professionals and their enterprises can find cybersecurity research, guidance, certificates and certifications along with education, mentoring and community.
"Unless the industry moves now to address the cybersecurity skills crisis, threats like major retail data breaches and the Heartbleed bug will continue to outpace the ability of organizations to defend against them," says Robert Stroud, ISACA international president-elect and vice president of strategy and innovation for IT Business Management at CA Technologies. "ISACA is proud to help close this gap with a comprehensive program that provides expert-level cybersecurity resources tailored to each stage in a cybersecurity professional’s career".
The CSX program marks the first time in ICASA's history that it will offer a security-related certificate. There are four qualifications on offer needing both an exam and proof of work experience. This makes them ideal for recent university graduates and IT professionals seeking to change fields.
"Enterprises cannot rely on just a handful of universities to teach cybersecurity. With every employee and endpoint at risk of being exploited by cyber criminals, security is everyone’s business. We need to make cybersecurity education as accessible as possible to the next generation of defenders," says ISACA International President Tony Hayes.
You can find out more about the CSX program on the ICASA website and see more details on the cybersecurity skills crisis in the infographic below.