Posted on May 23, 2017
Recent high-profile security breaches like the WannaCry ransomware attack on May 12 have put cyber security at the top of every company’s agenda. Within a day, this one attack hit an estimated 230,000 computers in 150 countries. Yet cyber security is a critical IT skills gap facing companies today.
According to the 2016 Global Cybersecurity Survey, 45% of IT executives say it’s difficult to find IT candidates with adequate cyber security skills and 63% say new graduates lack the necessary skills. Since hiring the right cyber security talent is challenging in today’s labor market, companies will need to address this current skills shortage by training and upskilling their own IT teams.
Here are 5 critical cyber security skills missing on IT teams that you should focus on developing before you’re the next one hacked.
In the world of IT security, I can always find a guy like me with the technical skills to set up a VPN or router. But the cyber security skills lacking in the IT workforce today is the ability to see the big picture from a security point of view. IT teams need to be able to develop an organizational plan or risk management framework to minimize security breaches. If you don’t do this, you’re just patching up holes.
My Security+ course on Udemy gives IT professionals an in-depth understanding of security risk management that goes beyond just technical skills. This kind of training enables IT managers to say “here are the 17 things that are important for our security and here’s how we’re going to implement them at our company.”
IT professionals need to be able to manage the breadth of cyber security issues from risk management and regulatory compliance to encryption, authentication, and data security. While large companies have access to a small set of highly skilled security architect consultants, most companies simply rely on in-house IT teams to manage this complex issue.
The security threat posed by the Internet of Things is no longer science fiction, but a reality. All sorts of devices in the workplace from printers and copiers to smart watches and climate control systems now communicate with the web. These internet-connected devices provide an easy “access point” for hackers to infiltrate your company’s network.
This new threat posed by the Internet of Things is a complex challenge and headache for IT professionals, and many lack the necessary cyber security skills. The industry desperately needs more IT staff knowledgeable about the Internet of Things from a security point of view. Most of these diverse devices can’t be integrated with conventional IT security hardware and software protections. For example, perimeter-based solutions won’t work as apps and personal devices can no longer be contained behind a “firewall” inside a company’s network. As a result, it can be difficult to implement an effective security strategy.
Assigning IP addresses to devices is shifting from the old IPv4 system to the new IPv6 system. But IPv6 introduces a whole new set of risks and most IT professionals aren’t well versed enough in IPv6 to mitigate these security threats. Under the new IPv6 system, every device from computers and phones to smart home hubs is assigned its own public IP address that anyone can access. This means I now ping every server on the International Space Station.
Failure to secure IPv6 systems is essentially opening a backdoor for hackers to enter your network. You can be sure that employees are already bringing in IPv6-enabled devices into your workplace. Lack of IPv6 security knowledge on your IT team is one of the top risks to your company’s security today and a major cyber security skills gap. Organizations need to invest in IPv6 security training for IT teams before they deploy (rather than plugging holes after) to ensure their network security is secure.
Organizations are investing millions of dollars on their network security, yet most security breaches occur at the individual employee or user level. Users forget to use their security key or they take a phone call in the wrong place. Most employees are woefully ignorant of the IT plumbing behind their devices to the point of being dangerous.
Companies need to provide basic online security awareness education to all their employees so they understand why they shouldn’t do certain things. When something goes wrong, for example, they should know how to reset their iPhone to shut down safely.
Social engineering or phishing emails sent to individual employees (like the recent WannaCry ransomware attack) are also becoming an increasingly common way to attack enterprises. These attacks involve sending fake, but seemingly legitimate emails to individuals who then hand over valuable company data or click dangerous links. To safeguard your network, you’ll need to better educate employees on these social engineering traps.
Finally, the skill that’s hard to find among the new generation of IT workers today is the ability to communicate effectively—both in terms of speaking and writing. IT professionals are losing the ability to talk about technical issues so users or non-technical people can understand. Many of today’s IT pros, while technically savvy, lack empathy and the ability to really talk to people and look them in the eye. Part of the problem is social media and texting have broken down social rules. But it goes deeper than that. Everyone is good at writing a quick text of up to 140 characters. But if they have to write an email or give a presentation, they are unable to do this well.
In my opinion, IT hires should write an essay as part of the application process for a job. IT professionals are dealing with important security issues in the company. They need to communicate these critical issues effectively both internally and externally. Aside from technical skills, enhancing the communication skills and the writing ability of your IT team are key to raising your cyber security game.
Technologies will keep changing and hackers will keep getting smarter. It’s our job in IT to stay one step ahead of the game. But in order to achieve this, your IT team will need to continuously address the skills gaps that result from technology disruption. Considering getting your IT team access to the latest cyber security skills through Udemy for Business—where courses are updated in real-time and driven by market demand. Every innovation brings new risks to your company’s security. Just make sure your IT team is ready.