‘Critical Gaps’ In Cybersecurity Skills: Report

AI and cloud security skills are big concerns among IT professionals, reveals a report from O’Reilly, a learning platform provider.

While cloud and AI apps and services continue to reign as part of organizations’ digital transformation goals, there are concerns over a lack of skills when it comes to securing these technologies, according to a new report from O’Reilly, a learning platform provider.

In its “The State of Security 2024” report, O’Reilly surveyed over a thousand of its customers, one-third of whom are security professionals, and the remaining holding at least one cybersecurity certification. The respondents were asked about the security challenges their teams faced, their cybersecurity defense projects and the expertise they need for their security.

Biggest Threat Concerns

The top cybersecurity threats identified by respondents were:

Phishing is a particularly nefarious threat. According to the O’Reily report: “With or without the help of AI, attackers have gotten better at generating messages that impersonate someone (a company executive, a help desk staffer, a spouse).”

Data and IP theft, as well as software supply chain compromise, were also top concerns cited by IT security leaders.

AI security is another concern. Over thirty-three percent of tech professionals reported concerns with a shortage of AI security skills, “particularly around emerging vulnerabilities like prompt injection,” the report revealed.

On the flip side, IT security leaders feel they have a good handle on DDOS (denial-of-service attacks), spyware, “illegitimate use of resources,” and becoming part of a botnet, the report revealed.

Most Respondents Implemented Security Technology

Many respondents said they had implemented multifactor authentication (88.1 percent), endpoint security (60.1 percent) and zero trust (49.2 percent).

To aid in their security initiatives, many of the respondents also said they were looking to automation and AI-enabled tools instead of “wading through system logs.”

The report also revealed details about cloud security. Two-factor authentication was the most common way of securing cloud infrastructure (44.9 percent of respondents). Over thirty-three percent said that DevSecOps was a “key step” in ensuring cloud security.

In general, respondents said that authentication, zero trust, automation and observability are all essentials of a security plan.

Other Security Concerns

Securing the software supply chain was a major security concern among those surveyed. The most-used tool to prevent software supply chain attacks is a third-party audit, 44.2 percent of respondents said. They also said that protecting the pipeline, validating pipeline components, introducing secure coding training and implementing software bills of materials (SBOMs) as important actions to take to secure to the software supply chain.

Another headache for IT security leaders is a skills shortage. Organizations require more staff who understand how to secure cloud computing and have an understanding of forensics and red teaming, according to the report. Other skills cited as lacking are those dealing with risk management and assessment.

Security certifications were also deemed important by respondents. The top three coveted certifications are CISSP (Certified Information Systems Security Professional), Security+ and CISM (Certified Information Security Manager).