Elsevier

Network Security

Volume 2016, Issue 8, August 2016, Pages 11-13
Network Security

Feature
Dangerous skills gap leaves organisations vulnerable

https://doi.org/10.1016/S1353-4858(16)30077-0Get rights and content

These days, not only are businesses having to contend with increasingly sophisticated attacks on data, they are also facing a serious skills gap within the professions that should be responsible for preventing these attacks. In the security landscape, this role can have a number of job titles – security engineer, security analyst, ethical hacker, penetration tester, security researcher. But they all have one goal – to identify and report on vulnerabilities within security systems.

Not only are businesses having to contend with increasingly sophisticated attacks on data, they are also facing a serious skills gap within the professions that should be responsible for preventing these attacks.

As the threat of data breaches continues to grow for business across the globe, the role of penetration testers and ethical hackers is only going to become more important. And while the need for penetration testing may once have resided purely in the domain of government departments, large organisations, multinational corporations and financial institutions, it is now viewed as an essential data security strategy for companies of all shapes and sizes, says Ben Rafferty of Semafone.

Section snippets

The role of white hat hackers

To protect against the serious consequences of a data breach, many companies are turning to ethical hackers (or white hat hackers as they're otherwise known) to help identify vulnerabilities before they become a target for malicious cyber-attacks. On the colour spectrum of hackers, ‘white hats’ are the ethically minded people who are employed to systematically undertake an attack on an organisation's infrastructure and information systems, but only with explicit permission. By doing this, they

Stark contrast

White hat hackers stand in stark contrast to the malicious black hat hackers, who intentionally cause damage to their targets through illegal online activities. It is the difference in motivation that truly sets them apart. Black hat hackers can be broken down into a number of categories – cyber-criminals, cyber-spies, hacktivists and cyber-terrorists – and are driven by varying motivations including bragging rights, money, revenge, valuable data, media attention or even just for their own

The skills gap

Though it is clear that penetration testing and ethical hacking is an integral part of protecting a company from a data breach, employees with the necessary skills are some of the hardest to come by. The cyber-security market is suffering a severe workforce shortage – worldwide there are approximately two million jobs that are currently vacant. This is leaving companies dangerously exposed to attacks on sensitive data.

The ‘2015 Global Information Security Workforce Study’ from (ISC)2 found that

What are the alternatives?

The difficulty of finding qualified penetration testers means that companies often turn to a process called ‘bug bounty programmes’. These programmes see businesses invite the security community to attempt to hack the organisation's systems, and then report back on their findings. This process of ‘crowdsourcing’ hacking offers security professionals, students and even just simple security enthusiasts the opportunity to ethically hack a company – something which would normally see them being

The reasons behind the issue

So what is fuelling the lack of skilled security professionals, in particular penetration testers and ethical hackers? One reason may be the absence of education about cyber-security as a profession at tertiary institutions. In recent years the UK Government has launched a number of initiatives and is supporting university programmes in an attempt to combat the information security skills gap. But the market is unlikely to see much of an impact from this until more graduates enter the workforce

The industry impact

For security professionals who possess the necessary skills and qualifications, the opportunities are enormous. According to global professional services consultancy Procorre, nearly 15% of cyber-security professionals earn at least £100,000 a year.6 In some cases, an experienced cyber-security expert can earn more than a chief security officer.

As the threat of data breaches continues to grow for business across the globe, the role of penetration testers and ethical hackers is only going to

About the author

Ben Rafferty is global solutions director at Semafone. He has over 15 years' experience of delivering speech recognition, IVR and contact centre automation on CPE and hosted platforms. At Semafone, he is responsible for the deployment of Semafone solutions into hosted environments and for the overall management of Semafone's hosted offering. Starting as an engineer and working up through a variety of roles, Rafferty's career includes the delivery of programmes for a wide variety

References (6)

  • ‘2015 Information Security Breaches Survey’. HM Government/PwC

  • ‘2016 Cost of Data Breach Study: United Kingdom’. Ponemon Institute/IBM

  • ‘Global Information Security Workforce Study (GISWS)’. Frost & Sullivan, (ISC)2

There are more references available in the full text version of this article.

Cited by (6)

  • Hacking

    2023, Handbook on Crime and Technology
  • Bridging the Cyber Security Skills Gap: Using Tabletop Exercises to Solve the CSSG Crisis

    2020, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
  • A unified cybersecurity framework for complex environments

    2018, ACM International Conference Proceeding Series

About the author

Ben Rafferty is global solutions director at Semafone. He has over 15 years' experience of delivering speech recognition, IVR and contact centre automation on CPE and hosted platforms. At Semafone, he is responsible for the deployment of Semafone solutions into hosted environments and for the overall management of Semafone's hosted offering. Starting as an engineer and working up through a variety of roles, Rafferty's career includes the delivery of programmes for a wide variety of organisations including large multi-national corporations such as SAP, Deloitte, Interflora and Odeon, as well as local and central government, Parliament, the NHS and ‘blue light’ services in the UK and Europe.

View full text