Australian companies are facing increasing security threats from cyber-criminals, a threat exacerbated by a growing skills gap within the IT industry.
According to specialist recruitment firm findings from Robert Half, this growing threat is made evidently clear by recent cyber attacks, such as the hacking of the Census website.
Playing out in the numbers, research shows that cyber-attacks on Australian enterprises are growing, with 64 per cent of Australian CIOs reporting an increased number of detected threats compared with 12 months ago.
As outlined by today’s IT leaders across the country, the top three cyber security risks facing organisations in the next five years are spying/ransomware (49 per cent), data abuse/data integrity (49 per cent), and cyber-crime (46 per cent).
“The days when IT security was perceived as simply an IT problem are over,” Robert Half Asia Pacific senior managing director, David Jones, said.
“In order to successfully confront a proliferating breed of cyber-attackers, companies need a resilient cyber security strategy that brings together the right mix of technology and people.”
As a response to a new wave of cyber-attackers, one in five (22 per cent) Australian CIOs say they will be adding new permanent IT security professionals within the next 12 months.
In addition, over one in 10 (16 per cent) are planning to hire IT professionals for newly added contract positions.
“The most sought after candidates are familiar with new security software and hardware, have an understanding of emerging protection systems and are able to confidently use devices and related applications,” Jones added.
Jones said currently in Australia, cyber security experts with specialist skills are in high demand but challenging to find.
Consequently, this increased cyber-threat landscape is set to intensify, as 75 per cent of CIOs expect the number of cyber-attacks to increase in the next five years due to a shortage of skilled IT security professionals.
“New technologies raise new security concerns,” Jones added. “This trend has resulted in an IT security skills gap since the available expertise has not kept pace with the evolving IT threats.
“As demand for new cyber-specialists entering the IT market outstrips supply, companies are being forced to reconsider their training and retention programs.
“They are also recruiting from overseas, partnering with educational organisations, and developing flexible hiring strategies that include both permanent and contract specialists, including external risk agencies.”
Cyber security skills
As organisations are confronted with additional security threats, including mobile, application and Big Data analytics security, Jones said several areas within cyber security are experiencing higher demand for specialised skills.
Whilst CIOs identify cloud security (54 per cent), hacking and penetration testing (38 per cent), and Big Data and data analytics (32 per cent) as the top three technical skills in demand, these competencies turn out to be amongst the most challenging security skills to find, thereby highlighting the IT security skills gap.
“Having a robust talent management program is essential to efficiently manage the IT security skills shortage,” Jones added.
“If companies want to stay abreast of industry developments and successfully tackle IT security issues, they need to assess what areas of expertise are missing in-house and either invest in training programs for existing IT professionals or hire additional IT security experts.”
While technical skills are still must-have competencies for a specific position, Jones said the so-called soft skills have also become substantially more important.
Analytical skills and providing insights, as well as strong business acumen and communication skills, have developed into highly sought-after skills for an IT security role.
“There is no doubt that highly specialised technical skills are vital,” Jones added.
“But the ability to clearly articulate cyber security issues in a language that senior management and non-IT employees understand not only increases security awareness, it also enhances the reputation of the IT department as business partners who add value across the business.”