In-depth

3 security skills every IT team needs

Plugging the lack of security talent gap needs thought and education

There is a lack of security expertise and this could affect how able your organisation is in securing vital infrastructure. According to a whitepaper published by Kaspersky, a third of businesses worldwide see improving specialist security expertise as one of the Top 3 drivers of IT security investment. Approximately half of businesses admit there is a talent shortage and growing demand for specialists.

Advertisement - Article continues below

For more reasons to boost your cybersecurity talent, check out Kaspersky's free report 'Lack of security talent, an unexpected threat to Corporate Cybersafety'

.my-newsletter-btn{ font-family: Droid Sans; background: #0064af; display: inline-block; color: #fff !important; font-size: 14px; padding: 4px 16px; text-decoration: none;}.my-newsletter-btn:hover{ background: #0b2644;}

Download now

The report also found that organisations that admit a certain insecurity in attracting new talent, end up paying from US$1.2 to $1.47 million. In comparison, large businesses that feel confident about their IT Security team development, pay anywhere from US$100K to 500K to recover from a single breach.

Organisations need a well-trained workforce to make sure defences are adequate; so what are the three security skills that every IT team needs?

Breach response

On your network, you need to be aware of any possible intruders and should a breach occur, you need to be able to respond to it.

Advertisement
Advertisement - Article continues below

While a network intrusion detection system (NIDS) can flag up illicit or anomalous behaviour by passively monitor network traffic, should a breach occur, you need the experience and knowledge to deal with it. That means devising an effective framework to deal with such attacks.

Advertisement - Article continues below

Your team need the wherewithal to update the framework when network components change or new threats emerge. The framework should give IT teams a process for dealing with the breach and what follows. This means you should know what data recovery plans are in place as well as any legal procedures to follow and which partners/customers to inform.

Hiring by hiring new talent has a direct impact on the damage caused from real cybersecurity breaches. In March-April 2016 Kaspersky conducted a Corporate IT Security Risks survey and found that significant amount of the recovery costs is due to additional staff wages - US$14K on average for SMBs, $126K for enterprises with companies spending more on hiring external experts and paying overtime for their own team.

Penetration testing

Another skill need by IT teams is penetration testing. This is a great way of finding problems with the infrastructure and fixing them before hackers can take advantage of them. It involves carrying out manual or automated processes to access servers, applications, networks, and user's devices, to see if a break-in could happen. With this testing, an IT team can produce a report for auditors as proof of compliance.  

Advertisement - Article continues below

This report will also serve as a list of flaws that can be prioritised and fixed. Finding flaws can save time and money by preventing downtime and costs associated with security breaches.

Penetration testing should be carried out on an ongoing basis as an organisation's infrastructure is in a constant state of change.

Security engineering and analysis

Building in security from the get go is important. Making things secure now saves money in the long run. That means designing infrastructure that protects data, information and users in the correct way.

A good security analyst can carry out integration and testing, operation and maintenance of systems security. They should have a deep understanding of all the business systems in the company and know what data an organisation just cannot lose.

Threat data from various sources can be brought together and context understood and insights drawn and implemented from this information. An analyst should also be able to communicate the security position to the rest of the organisation to have buy-in from relevant stakeholders and executives. Information security analysts need strong oral and written communication skills.

Advertisement - Article continues below

According to Sergey Novikov, Deputy Director, Global Research and Analysis Team at Kaspersky (you can find more of his work in the whitepaper here), a security researcher learns something new every day, while doing their best to analyze new advanced threats.

"Understanding the real scope of threats and at the same time being able to communicate the needs of IT security to top management is very, very difficult," he says.

Further essential reading for IT teams - Kaspersky's free download 'Lack of security talent, an unexpected threat to Corporate Cybersafety'

Download now

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/business/business-operations/356395/nvidia-overtakes-intel-as-most-valuable-us-chipmaker
Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020