In-depth

3 security skills every IT team needs

Plugging the lack of security talent gap needs thought and education

Abstract cyber security image of a man holding a symbol of a padlock inside a shield

There is a lack of security expertise and this could affect how able your organisation is in securing vital infrastructure. According to a whitepaper published by Kaspersky, a third of businesses worldwide see improving specialist security expertise as one of the Top 3 drivers of IT security investment. Approximately half of businesses admit there is a talent shortage and growing demand for specialists.

For more reasons to boost your cybersecurity talent, check out Kaspersky's free report 'Lack of security talent, an unexpected threat to Corporate Cybersafety'

.my-newsletter-btn{ font-family: Droid Sans; background: #0064af; display: inline-block; color: #fff !important; font-size: 14px; padding: 4px 16px; text-decoration: none;}.my-newsletter-btn:hover{ background: #0b2644;}

Download now

The report also found that organisations that admit a certain insecurity in attracting new talent, end up paying from US$1.2 to $1.47 million. In comparison, large businesses that feel confident about their IT Security team development, pay anywhere from US$100K to 500K to recover from a single breach.

Organisations need a well-trained workforce to make sure defences are adequate; so what are the three security skills that every IT team needs?

Breach response

On your network, you need to be aware of any possible intruders and should a breach occur, you need to be able to respond to it.

While a network intrusion detection system (NIDS) can flag up illicit or anomalous behaviour by passively monitor network traffic, should a breach occur, you need the experience and knowledge to deal with it. That means devising an effective framework to deal with such attacks.

Your team need the wherewithal to update the framework when network components change or new threats emerge. The framework should give IT teams a process for dealing with the breach and what follows. This means you should know what data recovery plans are in place as well as any legal procedures to follow and which partners/customers to inform.

Hiring by hiring new talent has a direct impact on the damage caused from real cybersecurity breaches. In March-April 2016 Kaspersky conducted a Corporate IT Security Risks survey and found that significant amount of the recovery costs is due to additional staff wages - US$14K on average for SMBs, $126K for enterprises with companies spending more on hiring external experts and paying overtime for their own team.

Penetration testing

Another skill need by IT teams is penetration testing. This is a great way of finding problems with the infrastructure and fixing them before hackers can take advantage of them. It involves carrying out manual or automated processes to access servers, applications, networks, and user's devices, to see if a break-in could happen. With this testing, an IT team can produce a report for auditors as proof of compliance.  

This report will also serve as a list of flaws that can be prioritised and fixed. Finding flaws can save time and money by preventing downtime and costs associated with security breaches.

Penetration testing should be carried out on an ongoing basis as an organisation's infrastructure is in a constant state of change.

Security engineering and analysis

Building in security from the get go is important. Making things secure now saves money in the long run. That means designing infrastructure that protects data, information and users in the correct way.

A good security analyst can carry out integration and testing, operation and maintenance of systems security. They should have a deep understanding of all the business systems in the company and know what data an organisation just cannot lose.

Threat data from various sources can be brought together and context understood and insights drawn and implemented from this information. An analyst should also be able to communicate the security position to the rest of the organisation to have buy-in from relevant stakeholders and executives. Information security analysts need strong oral and written communication skills.

According to Sergey Novikov, Deputy Director, Global Research and Analysis Team at Kaspersky (you can find more of his work in the whitepaper here), a security researcher learns something new every day, while doing their best to analyze new advanced threats.

"Understanding the real scope of threats and at the same time being able to communicate the needs of IT security to top management is very, very difficult," he says.

Further essential reading for IT teams - Kaspersky's free download 'Lack of security talent, an unexpected threat to Corporate Cybersafety'

Download now

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

Google’s about to push everyone into two-factor authentication
Security

Google’s about to push everyone into two-factor authentication

6 May 2021
Defense Dept. expands vulnerability disclosure program to all publicly accessible defense systems
ethical hacking

Defense Dept. expands vulnerability disclosure program to all publicly accessible defense systems

5 May 2021
Security researchers take control of a Tesla via drone
ethical hacking

Security researchers take control of a Tesla via drone

5 May 2021
Best free malware removal tools 2021
Security

Best free malware removal tools 2021

5 May 2021

Most Popular

Dell patches vulnerability affecting hundreds of computer models worldwide
cyber security

Dell patches vulnerability affecting hundreds of computer models worldwide

5 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021