Corporates Considering Hiring Ex-hackers as Cyber Security Pros

Summary

The widening gap between cybersecurity experts and Internet security is pushing corporates to consider employing convicts and hackers according to a new study. But some experts have opined that this is a dangerous approach. Using the knowledge of professional hackers can be useful but it can also turn the tables on companies as well.

What Does Statistics Say?

  • According to a recent study, a survey involving 300 senior IT and HR professionals in companies that employ over 500 staff was conducted.
  • It was found that most of them remain unsure of how to bridge the gap between staff shortage and the workload.
  • According to previous statistics, if the current scenario continues, it will result in a void of more than two million professionals by 2017.
  • About 75 percent of companies have said that new cyber challenges will require a new skill set.
  • Around 64 percent (two-thirds) have admitted that the skills differ from those offered by traditional IT.
  • The study pointed out the shortage was highly felt in areas such as privacy, cyber threat analysis, and data security.
  • Approximately 70 percent of corporates have admitted a lack of expertise in these areas.
  • However, even the firms that have the right amount of employees struggle to retain them. Fifty-seven percent of firms have said they find it very hard to retain those staff with specialized cyber skills.
  • The primary reason is that those employees are most often headhunted for other jobs.
  • Doe to this predicament, some firms are now considering alternative channels like hiring hackers or convicted criminals.
  • About 55 percent of companies have admitted they would consider recruiting a hacker, while 53 percent said they would hire an ex-con.
  • Around 60 percent of those polled admitted they were concerned about finding cyber experts who could communicate effectively with business leaders.
  • This increasing awareness of cyber threats means that majority of companies are clear in their strategy to deal with any skills gaps.
  • However, no one would a burglar to be a security guard, so the fact that firms are willing to hire hackers as the staff clearly shows their desperation to stay ahead of the game.
  • Turning poachers against poachers seems a good idea but rather an unwise choice because it could turn the tide.
  • Instead of hiring hackers to share sensitive information, or spending millions on programs that soon become obsolete, firms need to enhance their existing cyber defenses.
  • Taking stock on their defense capabilities and acting on voids specific to their own cybersecurity needs helps companies to bridge the “so-called” gap.
  • It is vital to have technical expertise, and equally essential to translate that into the business environment in simple language so that senior management can respond faster.

Conclusion

By its very nature, cybersecurity is strongly reactive and that companies should be well-advised to up-skill existing employees to tackle future cyber challenges.

Security experts expressed concerns about companies that have wealth of internal resources but maintain them untapped. Up-skilling is one of the best ways to resolve the existing skills gap and has the potential to the issue on its head.

Cybersecurity is an equal mix of technology and behavior. The cyber landscape is constantly changing, evolving, and quite reacting. No one knows what is going on on the Internet next so it is better to stay prepared. Recognizing an issue, understanding, and articulating it in a way businesses can understand is what is needed today.