In-depth

3 security skills every IT team needs

Plugging the lack of security talent gap needs thought and education

There is a lack of security expertise and this could affect how able your organisation is in securing vital infrastructure. According to a whitepaper published by Kaspersky, a third of businesses worldwide see improving specialist security expertise as one of the Top 3 drivers of IT security investment. Approximately half of businesses admit there is a talent shortage and growing demand for specialists.

For more reasons to boost your cybersecurity talent, check out Kaspersky's free report 'Lack of security talent, an unexpected threat to Corporate Cybersafety'

.my-newsletter-btn{ font-family: Droid Sans; background: #0064af; display: inline-block; color: #fff !important; font-size: 14px; padding: 4px 16px; text-decoration: none;}.my-newsletter-btn:hover{ background: #0b2644;}

Download now

Advertisement
Advertisement - Article continues below

The report also found that organisations that admit a certain insecurity in attracting new talent, end up paying from US$1.2 to $1.47 million. In comparison, large businesses that feel confident about their IT Security team development, pay anywhere from US$100K to 500K to recover from a single breach.

Organisations need a well-trained workforce to make sure defences are adequate; so what are the three security skills that every IT team needs?

Breach response

On your network, you need to be aware of any possible intruders and should a breach occur, you need to be able to respond to it.

While a network intrusion detection system (NIDS) can flag up illicit or anomalous behaviour by passively monitor network traffic, should a breach occur, you need the experience and knowledge to deal with it. That means devising an effective framework to deal with such attacks.

Your team need the wherewithal to update the framework when network components change or new threats emerge. The framework should give IT teams a process for dealing with the breach and what follows. This means you should know what data recovery plans are in place as well as any legal procedures to follow and which partners/customers to inform.

Hiring by hiring new talent has a direct impact on the damage caused from real cybersecurity breaches. In March-April 2016 Kaspersky conducted a Corporate IT Security Risks survey and found that significant amount of the recovery costs is due to additional staff wages - US$14K on average for SMBs, $126K for enterprises with companies spending more on hiring external experts and paying overtime for their own team.

Penetration testing

Another skill need by IT teams is penetration testing. This is a great way of finding problems with the infrastructure and fixing them before hackers can take advantage of them. It involves carrying out manual or automated processes to access servers, applications, networks, and user's devices, to see if a break-in could happen. With this testing, an IT team can produce a report for auditors as proof of compliance.  

This report will also serve as a list of flaws that can be prioritised and fixed. Finding flaws can save time and money by preventing downtime and costs associated with security breaches.

Advertisement
Advertisement - Article continues below

Penetration testing should be carried out on an ongoing basis as an organisation's infrastructure is in a constant state of change.

Security engineering and analysis

Building in security from the get go is important. Making things secure now saves money in the long run. That means designing infrastructure that protects data, information and users in the correct way.

A good security analyst can carry out integration and testing, operation and maintenance of systems security. They should have a deep understanding of all the business systems in the company and know what data an organisation just cannot lose.

Threat data from various sources can be brought together and context understood and insights drawn and implemented from this information. An analyst should also be able to communicate the security position to the rest of the organisation to have buy-in from relevant stakeholders and executives. Information security analysts need strong oral and written communication skills.

According to Sergey Novikov, Deputy Director, Global Research and Analysis Team at Kaspersky (you can find more of his work in the whitepaper here), a security researcher learns something new every day, while doing their best to analyze new advanced threats.

"Understanding the real scope of threats and at the same time being able to communicate the needs of IT security to top management is very, very difficult," he says.

Further essential reading for IT teams - Kaspersky's free download 'Lack of security talent, an unexpected threat to Corporate Cybersafety'

Download now

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354195/where-modernisation-and-sustainability-meet-a-tale-of-two
Sponsored

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019