A slew of data breaches targeting intellectual property and the rising wave of hacktivist activity are putting pressure on information security professionals, especially hiring managers who have to select from a dwindling talent pool.
That was one of the key findings of the (ISC)2's sixth Global Information Security Workforce Study. The certification organization issued the report this week at the beginning of 2013 RSA Conference. The firm is running half-day workshops Monday for its certified secure software life-cycle professional (CSSLP) and certified information systems security professional (CISSP) certifications. (ISC)2 worked with contracting giant Booz Allen Hamilton and research firm Frost & Sullivan to survey more than 12,000 information security professionals globally.
Not surprisingly, hackers were cited as the chief concern by 56 percent of those surveyed, followed by the increasingly rising profile of cyberterrorism activities. Those targeted attacks can disrupt the operation at a critical infrastructure facility, as seen two years ago when Stuxnet first surfaced, or bypass traditional security technologies and remain stealthy on an organization's systems for years, silently stealing intellectual property and other information.
The threat posed by hacktivists such as Anonymous and other splinter groups came in third as a top concern of survey respondents.
"These three things have reached a crisis point for the industry," said Julie Peeler, director of the (ISC)2 Foundation, which oversees the organization's education and scholarship activities. "We're at an inflection point and we've got to put some focus into building the workforce and professionalizing it to have enough highly trained and skilled people as new technologies continue to cause disruption."
More than 80 percent of those surveyed said they had no change in employer or employment in the past year, but (ISC)2 said the number of professionals is projected to steadily increase more than 11 percent annually over the next five years. Still, more than half of those surveyed (56 percent) indicated that their security organization is short-staffed.
"When we ask them what kind of additional support they need, they tell us it's an understanding from upper management about how security issues pervade the entire organization," Taylor said. "They say the No. 1 thing is avoiding damage to an organization's reputation."
Some said recovering from an attack would be difficult and costly even though service downtime was named as one of the highest priorities for nearly three-quarters of the survey respondents. Twenty-eight percent indicated that their organization can remediate from a targeted attack within one day.
NEXT: Increasing Anxiety Over Application Security, Malware Infections