Intelligence analyst Cybersecurity Ventures has warned that the cyber-security market is facing an “epidemic” skills shortage.
The California-based research firm has compiled a quarterly Cybersecurity 500 list since 2015, cataloguing what it sees as the hottest and most innovative industry leaders
Feedback from 2017’s top three – Herjavec Group, IBM Security and Raytheon Cyber has revealed growing concern over the widening gap between security threats, and the number of people qualified to tackle them.
The single biggest trend, globally, is that there are chronic work shortages of qualified cyber security staff. It’s an absolute epidemic, the survey found.
From the end of 2013 to 2015, Cisco published research on global cyber security that showed there were one million cyber security positions open globally and Cybersecurity Ventures’ own research suggests that this deficit become worse.
There is a predicted growth in cybercrime coming and by 2021, the company expects there to be 3.5 million vacant cybersecurity job openings.
“The pipeline of security talent isn’t where it needs to be to help curb the rise in more widespread, and more sophisticated, cybercrime.”
There are shortfalls in specialised education in information technology and computer science.
Out of the top ten ranked firms, seven are based out of the US; one in Canada; one in IT security hub Israel; and one UK outfit: Sophos.
Other UK high flyers include BAE Systems (14), BT (29), PwC (32), NNT (54) and KPMG (57). DFLabs in Lombardy, Italy was the highest-ranked continental European firm, at number 19.
Hospitals, clinics, trusts and insurers are under a barrage of cyberattacks but the healthcare section does not seem to be spending enough money to protect itself.
According to ABI Research, cybersecurity for healthcare protection will only be worth $10 billion by 2020, while other sectors such as financial and defence are coping.
ABI said “the healthcare industry is drowning” because of attacks from malicious online agents and a lot of companies and organisations in the sector are failing to modernise to take account of current threats.
Michelle Menting, a practice director at ABI, said: “Cybersecurity for healthcare is still a small fragmented market but the potential opportunities for expansion are large and will continue to grow as healthcare organisations increasingly come under cyberfire.”
She said a few startups such as TrueVault and FireHost are targeting the healthcare sector and building a niche for themselves. There are also managed services and cloud apps from companies like NetFortris and ID Experts.
It won’t be until 2018 that large enterprises will have proper plans to protect themselves from cyber attacks causing business disruption.
And, even then, only 40 percent of these organisations will have such plans.
That’s what a report from Gartner says, which warns that chief information security officers need to set their priorities/
Gartner thinks the frequency of a cyber attack on a large scale is low, but if it does happen, the implications are sever.
Paul Proctor, a VP at Gartner warns that servers can be downed, data wiped, and digital intellectual property published to the internet – as happened with Sony late last year.
“Employees may not be able to fully function normally in the workplace for months. These attacks may expose embarrassing internal data via social media channels and could have a longer media cycle than a breach of credit card or personal data,” he said.
He also pointed out that avoiding a compromise in a large computer enterprise “is just not possible”. Instead, those responsible should concentrate on firewalls, antivirus and vulnerability management, as well as increasing detection and response capabilities.
The Internet of Things (IoT) will expand the attack surface so enterprises need to pay better attention, and spend more money on preventing attacks.
Governments around the world are waking up to the security implications as the internet of things is set to pervade the world and will spend an immense amount of money to improve cyber security.
The internet of things is a catch all term for a time when just about anything you care to imagine has semiconductors inside, able to communicate with just about everything else.
ABI Research said that it estimates that cybersecurity spending will hit $109 billion by the end of this decade, with governments in North America and Europe spending and spending again on security for network, for systems and for data.
The governments, said ABI, will concentrate on security for the financial, energy and defence sectors as they are the ones most targeted.
The energy sector is under particular threat, with attacks on industrial control systems.
However, there are sectors which are particularly vulnerable, including utility companies, said Michela Menting, practice director at ABI Research.
She said: “IT spending will dominate cyber security investment for critical infrastructure protection to the detriment of securing operational technologies in industrial settings.”