Cybercriminals cashing in on global security skills shortage

Cisco reckons one million more trained security employees needed to combat cybercrime

More than one million more skilled security staff are needed across the globe if organisations are to stand a chance at fending off cybercriminals, according to a new Cisco security report.

The vendor's 2014 Annual Security Report, which was released today, claims that overall vulnerabilities and security threats have reached their highest levels since it began tracking them back in 2000, and that a serious skills shortage is not making matters better.

"[There is] a shortage of more than a million security professionals across the globe in 2014," it said. "The sophistication of the technology and tactics used by online criminals - and their non-stop attempts to breach networks and steal data - have outpaced the ability of IT and security professionals to address these threats.

"Most organisations do not have the people or the systems to continuously monitor extended networks and detect infiltrations, and then apply protections, in a timely and effective manner."

Elsewhere in the report, Cisco pointed to an increased sophistication of the type of attacks organisations are facing.

"Simple attacks that caused containable damage have given way to organised cybercrime operations that are sophisticated, well funded, and capable of significant economic and reputational damage to public- and private-sector victims," it said.

Last year, the most common online malware was Trojans, accounting for 27 per cent of all security encounters, while Java continued to be the most frequently exploited programme.

While the electronic manufacturing, chemical and pharmaceutical industries have traditionally been the most affected by security problems, last year the agriculture and energy, oil and gas industries suffered "remarkable growth" in the number of malware encounters occurring last year.

John Stewart, Cisco's chief security officer, admitted that the firm's report makes grim reading but said education is key to combating cybercrime.

"Although the... report paints a grim picture of the current state of cybersecurity, there is hope for restoring trust in people, institutions and technologies - and that starts with empowering defenders with real-world knowledge about expanding attack surfaces," he said.

"To truly protect against all of these possible attacks, defenders must understand the attackers, their motivations and their methods - before, during and after an attack."