A survey has revealed that a majority of the organisations across the world do not have enough resources to handle a data breach.
In a survey conducted by Tripwire, 75% of participants said that their organisations do not have enough security professionals to detect and respond to a data breach.
Tripwire surveyed 500 IT security professionals about their organizations’ key challenges in their cyber security and compliance programs.
66% of the respondents said that their organisation’s lack of trained infosec professionals has increased the IT security risks facing them.
Nearly the same percentage of participants answered that tried to leverage technology solutions to compensate for their organizations’ dearth of personnel.
Tripwire IT security and risk strategy director Tim Erlin said: “Cyber security is a growth industry for employees, and supply is falling far short of demand. Smart organizations need to establish effective programs for educating and developing employee skills around information protection.
“Having the right tools is only part of the solution. A lack of cyber security skills not only degrades an organisation’s ability to respond to incidents, it also inhibits organizations from developing and deploying effective prevention.”
The company identified the skills gap as one of the five greatest challenges to organizations’ compliance and IT operations.
It noted that organisations can start addressing the skills gap by creating two people-centric processes.
Tripwire said: “Fortunately, companies aren’t powerless against a lack of trained personnel.”
While the first step is to create a comprehensive training program that builds cyber security expertise, the second program should focus on recruiting and retaining infosec talent.
Tripwire’s survey revealed that 78% of respondents lacked an adequate training program, while 72% faced difficulties in hiring skilled security professionals.
Half of the surveyed IT professionals said that their organizations have no program in place to address the challenges in hiring and retaining security professionals.
Erlin said: “While tools can’t replace people, effective automation can give skilled employees more time to spend on the tough problems.
“Organisations should examine where their cyber security teams are investing manual effort into tasks that could be automated. Reducing and removing tedious, manual work can help improve employee retention as well.”
