Shortage of security expertise hurting ME

A regional shortage of staff with IT security expertise could leave organisations across the Middle East vulnerable to cyberattack, as firms find themselves unable to deploy security software in good time.

  • E-Mail
By  Diana Milne Published  September 10, 2006

A regional shortage of staff with IT security expertise could leave organisations across the Middle East vulnerable to cyberattack, as firms find themselves unable to deploy security software in good time. Industry experts are warning that software designed to protect organisations from online attacks is not being deployed fast enough because of the security skills shortages. The past year or so has seen the region coming increasingly under attack from hackers and other cyber-criminals — with banks being heavily targeted. However, according to a survey by analyst firm IDC, while spending on security software increased by over a third last year, vendors are facing increasing difficulties in recruiting staff able to deploy the technology within organisations. In a survey of the regional security market earlier this year — Gulf States Security Software 2006 - 2010 Forecast and 2005 Vendor Share — IDC found that spending on security software increased by 37% year-on-year between 2004 and 2005. While this increased expenditure should bode well for the region’s IT safety, the shortage of staff capable of implementing these solutions is less promising. Analyst Philip Van Heerden, IDC’s program manager for services and verticals, Middle East and Africa (MEA), warned that this could mean delays in the deployment of security software across organisations in the Middle East. “At the moment it [security software] is definitely being deployed but it’s not being deployed fast enough,” Van Heerden warned. “As a result people in the short term don’t have the security infrastructure in place that they want to have in place and it’s taking longer to deploy,” he added. With regard to the impact this would have on vendors he said: “The impact of the skills shortage is that when it comes to deploying projects it takes longer to deploy and they have to be quite creative in terms of deploying their resources. They can’t really have too many projects running in parallel because there’s a shortage of resources.” When the firm asked vendors how they planned to solve the problem, 21% of respondents said they planned to hire skilled professionals from the market but 41.3% said they planned to retrain existing IT employees instead — a tactic Van Heerden described as not ideal as overworked staff would be stretched even further. Regional executives at security firms confirmed that recruiting professionals with the right levels of skills and experience in the region can be a challenge. Justin Doo, managing director at Trend Micro Middle East and Africa said his company does not have any trouble finding applicants with the right technical skills — but that finding applicants with practical experience of deploying security software was much more of a challenge, with one in four applicants falling short in that area. “Finding someone with good experience can be very very difficult,” he said. “There are people that have done all the Microsoft certifications, all the Cisco certifications, they have been certified and so on but they have never actually implemented a solution in a real-life environment — in a banking environment for example.” Kevin Isaac, Symantec Middle East’s regional director, agreed that there was a shortage of good candidates on the market. “We find people with basic qualifications, bookkeepers, general workers and so on, but to actually find quality people, it’s very difficult,” he said. The news of a shortage of IT professionals with security skills is particularly worrying given the spate of online attacks suffered by banks in the region in recent months (see IT Weekly 10 – 16 June 2006).

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code