Research Shows Many New Cybersecurity Professionals are Doomed to Make Blunders

Unfortunately, cyberattacks will only continue in the weeks, months, and years to come, making it increasingly essential that businesses have access to cybersecurity expertise. Even more unfortunately, professionals with this level of expertise are becoming harder to find. Globally, we’re short almost four million people, and those we have are prone to make mistakes in their first few years. This comes from a report by Kaspersky, entitled “The Portrait of Modern Information Security Professional,” Let’s review what the cybersecurity developer found and what we can take away from these findings.

We’ll be focused on part one of this report, “Cybersecurity Education Lags as Professionals Struggle On,” which is split into two chapters:

1. “Educational background of current cybersecurity experts”
2. “Initial professional struggles”

We’ll summarize each.

How Well-Prepared Is the Average Cybersecurity Professional?

The first chapter of Kaspersky’s report outlines this precise question, and as you would expect based on the section's title, the answer is a resounding “not well.”

Kaspersky's research revealed that just over half of information security professionals had no postgraduate degree, and it didn’t stop there.

Half of these professionals claimed that the theoretical training they received in college didn’t help them in their current positions, and even fewer had hands-on experience during their education. It also doesn’t help that many universities and colleges actively struggle to keep their curriculums up to date due to how quickly the industry changes and because there simply aren’t enough instructors with the requisite up-to-date knowledge.

Once These Professionals Enter the Working World, Things Remain Challenging

Kaspersky’s respondents also revealed a few obstacles that new entrants into the profession commonly face… many of which suggest some ties to the aforementioned ill-preparedness many of these new professionals present.

One interesting tendency this research found was that—despite the cybersecurity personnel shortage we referenced, very few interviewees were hired after their first interview. Far more were denied once, twice, or three times in their job search. It was even more common for a candidate to be interviewed four times unsuccessfully than to land their first interview.

Once they were hired, almost half—46%—shared that over a year passed before they felt confident in their role, most taking between one to two.

We also have to acknowledge the human element to all this, and the fact that everyone—even freshly trained security professionals—can make mistakes. Kaspersky’s research showed that a majority of their respondents admitted to making mistakes during their first years on the job.

The most common of these mistakes?

Failure to upstate software at 43% of responses, using weak or guessable passwords at 42% of responses, and negligence in taking timely backup at 40% of responses.

Mistakes Like These are Not to Be Underestimated

However, it is also important not to miss the forest for the trees. Cybersecurity must be prioritized in each and every business. If a business has the resources to commit to a devoted cybersecurity professional on staff, there are much worse investments to make.

However, we understand that many of the small and even medium-sized businesses of Kentucky can’t justify that kind of investment. We provide a great alternative through our managed IT services, part of which involves helping ensure your business is secure. Don’t get us wrong… everyone makes mistakes. What helps us is the fact that we have an entire team here to help catch them, equipped with the tools to do so.

Whether or not you have team members devoted to securing your business, a little more assistance never hurts. Find out more about how we can help by calling (270) 282-4926.