Research Shows Many New Cybersecurity Professionals are Doomed to Make Blunders

Research Shows Many New Cybersecurity Professionals are Doomed to Make Blunders

Unfortunately, cyberattacks will only continue in the weeks, months, and years to come, making it increasingly essential that businesses have access to cybersecurity expertise. Even more unfortunately, professionals with this level of expertise are becoming harder to find. Globally, we’re short almost four million people, and those we have are prone to make mistakes in their first few years. This comes from a report by Kaspersky, entitled “The Portrait of Modern Information Security Professional,” Let’s review what the cybersecurity developer found and what we can take away from these findings.

We’ll be focused on part one of this report, “Cybersecurity Education Lags as Professionals Struggle On,” which is split into two chapters:

  1. “Educational background of current cybersecurity experts”
  2. “Initial professional struggles”

We’ll summarize each.

How Well-Prepared Is the Average Cybersecurity Professional?

The first chapter of Kaspersky’s report outlines this precise question, and as you would expect based on the section’s title, the answer is a resounding “not well.”

Kaspersky’s research revealed that just over half of information security professionals had no postgraduate degree, and it didn’t stop there.

Half of these professionals claimed that the theoretical training they received in college didn’t help them in their current positions, and even fewer had hands-on experience during their education. It also doesn’t help that many universities and colleges actively struggle to keep their curriculums up to date due to how quickly the industry changes and because there simply aren’t enough instructors with the requisite up-to-date knowledge.

Once These Professionals Enter the Working World, Things Remain Challenging

Kaspersky’s respondents also revealed a few obstacles that new entrants into the profession commonly face… many of which suggest some ties to the aforementioned ill-preparedness many of these new professionals present.

One interesting tendency this research found was that—despite the cybersecurity personnel shortage we referenced, very few interviewees were hired after their first interview. Far more were denied once, twice, or three times in their job search. It was even more common for a candidate to be interviewed four times unsuccessfully than to land their first interview.

Once they were hired, almost half—46%—shared that over a year passed before they felt confident in their role, most taking between one to two.

We also have to acknowledge the human element to all this, and the fact that everyone—even freshly trained security professionals—can make mistakes. Kaspersky’s research showed that a majority of their respondents admitted to making mistakes during their first years on the job.

The most common of these mistakes?

Failure to upstate software at 43% of responses, using weak or guessable passwords at 42% of responses, and negligence in taking timely backup at 40% of responses.

Mistakes Like These are Not to Be Underestimated

However, it is also important not to miss the forest for the trees. Cybersecurity must be prioritized in each and every business. If a business has the resources to commit to a devoted cybersecurity professional on staff, there are much worse investments to make.

However, we understand that many of the small and even medium-sized businesses of New Hampshire can’t justify that kind of investment. We provide a great alternative through our managed IT services, part of which involves helping ensure your business is secure. Don’t get us wrong… everyone makes mistakes. What helps us is the fact that we have an entire team here to help catch them, equipped with the tools to do so.

Whether or not you have team members devoted to securing your business, a little more assistance never hurts. Find out more about how we can help by calling (603) 889-0800.

Related Posts

Is Your Organization Prepared to Invest What is Needed into Cybersecurity?

Safeguarding your business' infrastructure from various threats is a well-known imperative. In discussions about network security, the term "endpoint" frequently arises. Exploring the significance of securing all endpoints is the focus of today's article. Commencing with an elucidation of what constitutes an endpoint, we define it as "any device connected to a network capable of serving as a po...

Why (and How) SMBs Should Strategically Adopt Technology

There is no question that a small business can benefit from technology, as has been proven time and time again. However, an issue can arise if a business bites off more than it can chew, so to speak, and ultimately creates a spike in costs. A responsible business owner will resist this temptation and prioritize the solutions they need over the ones they want - building profitability and generating...

A Man-in-the-Middle Attack is Not to Be Underestimated

Have you ever heard of the “man-in-the-middle” attack or MitM? It’s a situation where your data is stolen by an onlooker who situates themselves in the right place at the right time. Data interception is a very real thing that your business should be prepared to fight against. Let’s discuss some strategies you can use to counter these sneaky attacks. How a Man-in-the-Middle Attack Works For a ...

What to Prioritize for a Secure Password Strategy

Securing your accounts against unauthorized access begins with the implementation of a strong password. It's crucial to recognize that not all passwords offer the same level of protection. Here are five essential guidelines to ensure the security of your accounts. Emphasize Complexity The strength of a robust password hinges on its complexity. Avoid easily predictable combinations like "123456" or...