FeatureDangerous skills gap leaves organisations vulnerable
Section snippets
The role of white hat hackers
To protect against the serious consequences of a data breach, many companies are turning to ethical hackers (or white hat hackers as they're otherwise known) to help identify vulnerabilities before they become a target for malicious cyber-attacks. On the colour spectrum of hackers, ‘white hats’ are the ethically minded people who are employed to systematically undertake an attack on an organisation's infrastructure and information systems, but only with explicit permission. By doing this, they
Stark contrast
White hat hackers stand in stark contrast to the malicious black hat hackers, who intentionally cause damage to their targets through illegal online activities. It is the difference in motivation that truly sets them apart. Black hat hackers can be broken down into a number of categories – cyber-criminals, cyber-spies, hacktivists and cyber-terrorists – and are driven by varying motivations including bragging rights, money, revenge, valuable data, media attention or even just for their own
The skills gap
Though it is clear that penetration testing and ethical hacking is an integral part of protecting a company from a data breach, employees with the necessary skills are some of the hardest to come by. The cyber-security market is suffering a severe workforce shortage – worldwide there are approximately two million jobs that are currently vacant. This is leaving companies dangerously exposed to attacks on sensitive data.
The ‘2015 Global Information Security Workforce Study’ from (ISC)2 found that
What are the alternatives?
The difficulty of finding qualified penetration testers means that companies often turn to a process called ‘bug bounty programmes’. These programmes see businesses invite the security community to attempt to hack the organisation's systems, and then report back on their findings. This process of ‘crowdsourcing’ hacking offers security professionals, students and even just simple security enthusiasts the opportunity to ethically hack a company – something which would normally see them being
The reasons behind the issue
So what is fuelling the lack of skilled security professionals, in particular penetration testers and ethical hackers? One reason may be the absence of education about cyber-security as a profession at tertiary institutions. In recent years the UK Government has launched a number of initiatives and is supporting university programmes in an attempt to combat the information security skills gap. But the market is unlikely to see much of an impact from this until more graduates enter the workforce
The industry impact
For security professionals who possess the necessary skills and qualifications, the opportunities are enormous. According to global professional services consultancy Procorre, nearly 15% of cyber-security professionals earn at least £100,000 a year.6 In some cases, an experienced cyber-security expert can earn more than a chief security officer.
As the threat of data breaches continues to grow for business across the globe, the role of penetration testers and ethical hackers is only going to
About the author
Ben Rafferty is global solutions director at Semafone. He has over 15 years' experience of delivering speech recognition, IVR and contact centre automation on CPE and hosted platforms. At Semafone, he is responsible for the deployment of Semafone solutions into hosted environments and for the overall management of Semafone's hosted offering. Starting as an engineer and working up through a variety of roles, Rafferty's career includes the delivery of programmes for a wide variety
References (6)
‘2015 Information Security Breaches Survey’. HM Government/PwC
‘2016 Cost of Data Breach Study: United Kingdom’. Ponemon Institute/IBM
‘Global Information Security Workforce Study (GISWS)’. Frost & Sullivan, (ISC)2
Cited by (6)
Ethical hacking for IoT: Security issues, challenges, solutions and recommendations
2023, Internet of Things and Cyber-Physical SystemsHacking
2023, Handbook on Crime and TechnologyBridging the Cyber Security Skills Gap: Using Tabletop Exercises to Solve the CSSG Crisis
2020, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)Techniques for the identification of organizational knowledge management requirements
2019, Journal of Knowledge ManagementA unified cybersecurity framework for complex environments
2018, ACM International Conference Proceeding Series
About the author
Ben Rafferty is global solutions director at Semafone. He has over 15 years' experience of delivering speech recognition, IVR and contact centre automation on CPE and hosted platforms. At Semafone, he is responsible for the deployment of Semafone solutions into hosted environments and for the overall management of Semafone's hosted offering. Starting as an engineer and working up through a variety of roles, Rafferty's career includes the delivery of programmes for a wide variety of organisations including large multi-national corporations such as SAP, Deloitte, Interflora and Odeon, as well as local and central government, Parliament, the NHS and ‘blue light’ services in the UK and Europe.