According to a recent study by Kaspersky, over 40% of companies globally are experiencing a shortage of skilled cybersecurity professionals, especially in Malware analysis and Information security research.
Kaspersky conducted a research study called “The Portrait of the Modern Information Security Professional” to assess the current state of the labor market and analyze the reasons behind the cybersecurity skills shortage. The study surveyed over 1,000 InfoSec professionals from Asia-Pacific, Europe, the META region, North America, and Latin America. The research showed that 41% of companies have cybersecurity teams that are “somewhat” or “significantly” understaffed.
Russia has the largest cybersecurity staff shortage, followed by Latin America, APAC, and META.
Overall, the respondents said the most understaffed roles are Information security research and Malware analysis with more than 40% of companies named them the hardest to fill in. Europe, Russia, and Latin America reported an increased demand for these positions.
Security Operations Center (SOC), Security Assessment, and Network Security professionals are slightly less understaffed at 35% and 33%, respectively. The shortage of SOC experts was particularly noticeable in APAC. In contrast, the shortage of Security assessment and Network Security analysts is mainly a concern in META.
The role with the least number of vacancies but still in high demand is Threat Intelligence (32%).
According to a recent report, the government sector has the highest demand for cybersecurity professionals, with nearly 46% of the Infosec roles unfilled. The telecom and media sectors are understaffed by 39%, followed by retail, wholesale, and healthcare, with 37% remaining vacant positions.
IT and financial services industries had the fewest Infosec vacancies. However, the figures still hovered close to one-third.
“To reduce the shortage of qualified InfoSec professionals, companies offer high salaries, better working conditions and bonus packages, while also investing in up-to-date training with the latest knowledge. However, the research results show that these measures are not always enough. The growth rate of the domestic IT market in some developing regions is changing so rapidly, the labor market cannot manage to educate and train the appropriate specialists with the necessary skills and expertise in such tight deadlines. On the contrary, regions with developed economies and matured businesses do not report such an acute shortfall of InfoSec professionals as their rates are below market average,” commented Vladimir Dashchenko, Security evangelist, ICS CERT, Kaspersky.
To minimize the negative consequences of global cybersecurity staff shortfall, Kaspersky experts recommend the following:
- Adopt managed security services such as Kaspersky Managed Detection and Response (MDR) or/and Incident Response to get additional expertise without additional hiring. It helps to protect against cyberattacks and investigate incidents even if the company lacks security workers.
- Invest in additional cybersecurity courses for your staff to keep them up to date with the latest knowledge. With Kaspersky Expert training, InfoSec professionals can advance their hard skills and be able to defend their companies against attacks.
- Use interactive simulators to test your expertise and assess how you think in critical situations. For instance, with the new Kaspersky interactive ransomware game, you can observe how the company’s IT department deploys, investigates, responds to an attack, and makes vital decisions with the game’s main character.
- Use centralized and automated solutions such as Kaspersky Extended Detection and Response (XDR) to reduce the burden on the IT security team and minimize the possibility of making mistakes. These solutions provide effective threat detection and fast automated response by aggregating and correlating data from multiple sources in one place and using machine learning technologies.
Check this link to access the full report containing additional findings about the state of the InfoSec labor market.
Leave a comment