As banks continue to source IT talent, banks need to understand the challenges of automation and security to find the candidates that are up to the task. Automation will not reduce the need for IT security professionals. Many activities will require highly technical staff, intensifying the skills gap further.
That is among the revelations from a new Ponemon Institute survey report, “Staffing the IT Security Function in the Age of Automation,” sponsored by Seattle-based DomainTools, which studied how organizations address the need to hire and retain qualified IT security practitioners and the effects of automation and AI.
IT security functions remain understaffed and vulnerable. One of the major barricades to a robust security position, according to the research, is not having a security team capable of handling intricate and serious internal and external threats to the organization. “Unfortunately, improvements in staffing are not happening,” according to the Ponemon research.
More than surveyed 600 IT and IT security practitioners – including almost 20% from financial services, who participate in attracting, hiring, promoting and retaining IT security personnel within their companies – disclosed companies are falling behind in keeping IT security functions, already suffering from acute deficiencies, adequately staffed with the adoption of automation technologies.
More respondents in this year’s study specified they have shorthanded IT security departments than in 2013 (75% vs. 70%). Specifically, only 25% of respondents said their organizations have no trouble finding qualified candidates, compared to 34% in 2013. Only 28% reported their organizations have no difficulty retaining qualified candidates compared to 42% of respondents in 2013. Compounding the matter, 76% believe machine learning and artificial intelligence tools and services exacerbate the problem by growing the necessity for more highly skilled IT security staff.
Forty-one percent of firms said the inability to properly staff security positions increased investment in cyberautomation tools. Yet despite the hype around this technology, only 26 % of organizations currently use automation tools as part of IT security, and only 15 % stated that AI is a dependable and trusted security tool for their organization.
“One of the biggest barriers to a strong security posture is attracting and retaining the right people that can deal with complex and serious internal and external threats to the organization,” Dr. Larry Ponemon, chairman and founder of the Traverse City, Mich.-based Ponemon Institute, said. “This research reveals that despite the adoption of advanced and automated tools, the skills gap has increased, leaving organizations more vulnerable than ever before.”
The research also found an understanding of potential cybersecurity threats is important for entry-level and highly experienced job candidates. Respondents said their organizations have great expectations that highly experienced job candidates will bring more general knowledge to their positions.
The top three categories of general knowledge for entry-level candidates are an understanding of potential cybersecurity threats (39%), familiarity with security regulations and standards (25%) and experience with intrusion prevention and detection systems (19%). Similarly, expect highly experienced job candidates to understand potential cybersecurity threats (85%), experience with intrusion prevention and detection systems (81%) and an understanding of information security frameworks (75%).
Additional survey findings:
- Sixty-three percent said human involvement in security is important in the age of automation.
- Sixty percent believed automation will improve their IT security staff’s ability to do their jobs because it will enable them to focus on more serious vulnerabilities and overall network security (68% of respondents).
- Only 23% said automation will reduce the headcount of their IT security function.
- Sixty percent indicated on-the-job experience is more in demand than a degree.