When CIOs aren’t being overwhelmed by data, they’re wondering who’s securing it.
They’re dealing with the pressure of cutting costs while trying to stay nimble as they face difficulties with contractors and the challenges of moving data and services to the cloud. All the while, new threats emerge that require an evolving response.
From finding qualified IT pros to keeping them from jumping ship, a range of sticky technology and personnel issues are giving IT pros cold sweats.
With a host of new concerns in 2018 — and old standbys — where should CIOs be most focused? We’ve gathered insights from experts, the C-suite, recruiters, and those in the trenches to identify today’s top-of-mind concerns and how to deal with them.
A recent Forrester security study found that 82 per cent of organisations struggle to identify and secure network-connected devices. Worse, most were unclear on who is responsible for managing the devices.
“Survey results show that over half of the respondents (54 per cent) stated that they have anxiety due to IoT security,” the study reported.
Csaba Krasznay, security evangelist at Balabit, says that, along with traditional weak links (read: users), CIOs need to be thinking about new emerging threats.
“In 2018, security measures should be more closely aligned with IT users and their identity, Krasznay says. “Behavioural monitoring can detect even the smartest cyber criminals lurking behind privileged credentials, by discerning deviations in baseline behaviours — even based on minute biometric traits such as typing speed or common spelling errors.”
About 40 per cent of IT workers say they’re not getting the training they need to be effective in their jobs, according to a recent CompTIA survey.
“Many companies believe that keeping up with technology is the responsibility of the individual employee,” says Viktor Andonov of DataArt Bulgaria.
“That might have been true in the ’80s and ’90s, but in the 21st century, the complexity of platforms grew enormously. Training on the job and learning how to work with new frameworks is extremely difficult when employees have projects and deliverables too.”
Most organisations struggle with finding qualified tech staff, says Todd Thibodeaux, president and CEO of CompTIA. Training them up on the clock feels equally daunting.
“The good news for employers is that the majority of IT pros like what they’re doing,” Thibodeaux says. “Their jobs provide them with a sense of personal accomplishment. Their skills and talents are put to good use. They see opportunities to grow and develop in their careers — and they’re generally satisfied with their compensation and benefits.”
While IT staff may enjoy their work, retraining goes a long way in keeping it that way, says Thibodeaux.
“IT pros would like more resources for training and development, and more career path guidance and career advancement opportunities,” he says.
“They’re also interested in having access to more tools and engaging with more technologies and applications. And they’d welcome the opportunity to work on new technology initiatives.”
It’s not a new problem for 2017, Thibodeaux says, but it’s an ongoing one. “After all, time set aside for staff training is time taken away from billable hours or ‘real work.’
There’s also the age-old question, ‘What if I train and certify someone and they leave?’ But when it comes to technology and the people they’re paying to implement it, the question they should be asking is, ‘What if I don’t train someone and they stay?’”
Current methods for analysing data frequently fail to show the real impact on business, says Mike Sanchez, CISO of United Data Technologies.
“Executives and board members should be able to make decisions on how best to allocate resources, and investment dollars into remediation strategies that can reduce operational expenses, or a company’s true risk exposure or both,” Sanchez says.
“There’s too much data out there and folks don’t know which they should be following in terms of improving their overall cybersecurity posture. Key performance metrics should tell the story in a simple dashboard format.”
The good news is the number of IT job openings continues to increase. The bad? There aren’t enough workers with needed skills to fill them, particularly in security roles.
“Our latest analysis of jobs data from a variety of sources shows that in Q3 2017, U.S. employers posted openings for nearly 604,000 IT jobs,” says CompTIA’s Thibodeaux. “Regarding cybersecurity jobs, we’ve made some incremental progress in closing the gap over the past year, but not nearly as much as needs to be done.”
Thibodeaux says firms are going to have to make some hard decisions over how to fill staffing needs and what needs to be done in-house.
“Which functions might be candidates for outsourcing to a technology solution provider?” Thibodeaux says. “Many organisations find that contracting with a technology partner for some routine, ongoing tasks can free up internal tech teams to focus on activities that are more advanced and strategic to the business.”
Meerah Rajavel, CIO of cybersecurity firm Forcepoint, says the skills gap isn’t going away anytime soon.
“We see too many companies are unprepared to deal with new cybersecurity threats like ransomware or industrial espionage,” Rajavel says. “Any course correction needs to include appropriate talent grooming from the bottom up, and broader workforce security training which should be experiential and just-in-time rather than just compliance.”
Innovation and digital transformation
Most companies will continue on the same path until they’re forced to do otherwise, says Merrick Olives, managing partner at cloud consulting firm Candid Partners.
“Tying IT spend to strategic business capabilities and answering the question ‘How will this make us more competitive?’ is essential,” Olives says.