Verifiable information shows that the European Union is facing a critical shortage of IT specialists. The European Commission expects that the labor market will have up to 500,000 vacant IT positions by 2020. This industry-wide issue can be confirmed by ESET, challenges shared by companies we have business relationships with and as a conclusion of our ongoing market research. Another standout issue relates to the low proportion of security experts among IT specialists.
“Finding good IT specialists is difficult enough but finding good security experts is almost like a Sci-Fi Fantasy,” explains Michal Jankech, Chief Product Manager, ESET. Security experts must have very comprehensive knowledge, however, there are too few of them and their numbers may actually decrease further due to a lack of understanding about their importance to core IT practice.
The “neurosurgeons” of IT specialists
Let’s make a comparison to healthcare specialists. Assume an IT specialist is the equivalent of a general practitioner (GP), then a cybersecurity expert represents a neurosurgeon. IT specialists primarily support an organization’s business, but also help protect corporate networks by setting up hardware and checking basic security settings, functions, and automatic alerts. However, there are many situations where a technical or business need arises that may have a security impact that must be assessed by a security expert. These can include: advanced security settings, enabling remote access and management of IT systems, use of collaborative tools, cloud accessibility, use of encryption and or two factor authentication, as well as managing and securing collected data. To address these and other areas, experts need specialized knowledge and tailor fit tools that assist them tin securing the network, and both searching for and detecting suspicious activities and behaviors.
“It is similar to a GP referring a patient to a neurologist, then on to a neurosurgeon, who then examines a CT scan of the brain and decides whether a suspicious object is a blood vessel or may be something worse. Subsequent analyses determine further diagnostic methods to determine whether the object in question is a blood vessel or a tumor,” Jankech says, describing the work of a security expert.
Security services outsourcing—a way forward
According to Jankech, one reason for the lack of such a skill set on the labor market may be the fact that globally, education systems have failed to adapt to the wide gap between supply and demand of such specialized skills. In the past, many countries provided top-level education in various engineering disciplines, but now the market needs top-level IT and more specifically IT security education. But there are simply too few schools and not enough training institutions focusing on the education of security experts.
ESET’s response to the situation has been to invest in an extended offer of security services for businesses and organizations. These include such specialized service as Threat Hunting, which analyzes data from ESET Endpoint Protection via the endpoint detection and response tool ESET Enterprise Inspector.
Threat Hunting is an on-demand service, enabling customers to contact ESET experts in line with their actual needs. ESET security experts examine ESET Enterprise Inspector warnings and present their findings in a clear report on the status and provide the organization with actionable recommendations.
Regular interactions with these measures and the data collected also contribute to improving the skillset of the company in question’s IT Security Team.
Security services for specific corporate needs
Companies may also benefit from deployment services that include installation and configuration with the purchase of their chosen ESET security solution. The service also includes staff training, allowing the company to fully use all the security features of the solution.
At ESET, we know that every company and organization is unique. Therefore, our service offers are configured on needs-based analysis and provide recommendations on what is appropriate for the business in terms of its physical capabilities, network topology, etc. This enables us to cover all the needs of large companies across a wide range of industries.