Security skills need to evolve to cope with cyber threats
Securing systems is essential, but many businesses continue to take a reactive approach to protection using dated tools and techniques.
A new report by technology trade association CompTIA highlights the need for companies to adopt proactive measures to identify weak links before they are exploited, broaden the security skills of their technology professionals, and implement top to bottom security training throughout the organization.
The study shows a shifting focus from defense to offense. In CompTIA's survey of business and technology executives at 350 US companies, 29 percent of firms say they are highly proactive in their security posture, emphasizing detection and response. Another 34 percent say they balance a strong cyber defense with some proactive measures.
However, between 18 percent and 32 percent of companies say that they need significant improvement to existing security expertise. Training (60 percent of companies surveyed) and certification (48 percent) are the favored methods of gaining extra security expertise for their technology professionals. Organizations that follow through on certifications after training find that they provide a higher degree of credibility, better proof of knowledge and improved candidacy for open positions.
Companies are also seeing the need to develop a security-aware culture, across the organization, from the executive team through middle managers to the general staff. The survey finds that 58 percent of companies offer security training during new employee orientation, 46 percent perform random audits, and 35 percent offer hands-on labs.
"Building an impenetrable defense is no longer practical and the mentality of preventing all breaches is outdated," says Seth Robinson, senior director, technology analysis at CompTIA. "But a new, proactive approach combining technologies, procedures and education can help find problem areas before attackers discover them."
You can find out more in the full report which is available on the CompTIA website.