According to a survey from Alertsec, almost every consumer – 97 percent – finds data breaches unsettling. They find it unsettling because they are worried about their personal information falling into the wrong hands, as eSecurity Planet added:
When they learn that a company has been breached, 67 percent of respondents said they check to see if their information or identity has been compromised, and 35 percent worry about their information even if they’re not directly connected to the affected company.
I consider myself to be part of that 97 percent. I’m sure that most of you feel the same way, in regard to your own consumer behaviors but also on behalf of your business and its reputation. The survey also found that nearly a third of the respondents say it would take months before they could trust a breached company again, and nearly 20 percent said that trust was gone forever.
Unfortunately, alleviating cybersecurity concerns will not be a simple task. We know that cybercriminals are using increasingly sophisticated tactics and social engineering to trick their way into networks and to access data. We know that security tools and systems aren’t always kept up to date. But here is probably the biggest obstacle to improving cybersecurity in organizations across the country – the cybersecurity skills shortage.
New research from Information Systems Security Association (ISSA) and independent industry analyst firm Enterprise Strategy Group (ESG) took a closer look at the state of the cybersecurity profession, and it found two very serious issues: First, the majority of cybersecurity professionals don’t have the right skill development needed to address the threat landscape. Second, this skills shortage means that the cybersecurity job market itself represents an existential threat; not only are there not enough cybersecurity professionals for the jobs that are out there, but the current professionals are in such demand that nearly half said they are regularly being solicited for other positions and higher pay. Your cybersecurity professional today may be someone else’s better-paid employee tomorrow.
And companies aren’t doing enough to keep good cybersecurity professionals. According to the research, 56 percent said that their employer isn’t doing enough to provide the security team with the right level of training to keep up with business and IT risk, and 44 percent said that CISOs aren’t included in overall executive management decisions. As Candy Alexander, CISO, ISSA Cyber Security Career Lifecycle (CSCL) Chair, said in a formal release:
These conclusions point to the need for business, IT, and cyber security managers, academics, and public policy leaders to take note of today’s cyber security career morass and develop and promote more formal cyber security guidelines and frameworks that can guide cyber security professionals in their career development.
Without someone handling cybersecurity threats in-house, consumers have a right to be concerned about data breaches and loss of personal information.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba.