The demand for skilled security professionals will only grow
The data breaches that took place in 2013 were game-changing in their size and scope. Adobe reported the compromise of over 38 million users, Chinese hackers cracked into the systems of media giants, while usernames of 22 million users of Yahoo Japan were stolen. Then there were revelations of surreptitious intelligence-gathering by national security agencies such as the NSA and GCHQ.
These events are evidence that security departments still have not mastered the basic “blocking and tackling” of data protection. Critically, they also expose the weaknesses of security that relies primarily on technology as the most important line of defence. For instance, the Adobe breach exposed the weaknesses of password authentication and the failures of current, outdated forms of authentication.
In 2014, the industry will begin to beef up security teams with more skilled personnel in conjunction with adoption of better technology. The C-suite will begin to invite the security department to the table to constructively discuss major business and organisational initiatives. Security will start to be truly seen as a fundamental building block of IT-driven programmes, and cyber security risks will begin to be factored into the business equation.
Driven by this C-suite approach, we will see a new wave of collaboration between IT and security. IT managers will integrate security into business-critical initiatives such as mobility, application development, and business intelligence. All this will culminate in more secure systems, and awareness of security in IT operations, software development, and endpoint management.
The overwhelming and sophisticated nature of social engineering and denial of service attacks exposes the shortage of manpower and skills in the security department, such as computer forensics and application security. Attacks on vertical markets have also uncovered the need for industry-specific skills, such as the support of healthcare and government systems. Given the well-publicised data losses in healthcare, we will find more recognition for the need for core level knowledge and expertise to address security and privacy concerns relating to health information, with estimates of up to 500, 000 people in the sector responsible for data governance or security.
The new emphasis on security in the C-suite and in the IT department will drive growth in security’s ‘human capital.’ Spending on security staffing and training will increase. Salaries for skilled security professionals will grow. And there will be a stronger understanding of the value of security to the business, making this function an even more important part of future plans and budgets.
Fundamentally, the capabilities of technology are extremely limited unless they are supported by security professionals who are strong in numbers and honed in skills. I believe that the tide in the cyber security war will begin to turn in 2014; the side with the strongest skills will have the advantage.
W. Hord Tipton, CISSP, Executive Director (ISC)2