Region should mind security skills gap

While recent press releases have focused on the encouragingly high levels of expenditure on security software here in the region, there seems to be a flip side: there may well not be enough trained professionals to deploy them.

  • E-Mail
By  Peter Branton Published  September 10, 2006

|~|78-HSBCbody.jpg|~|HSBC is just one of the many institutions attacked by cybercriminals. |~|While recent press releases have focused on the encouragingly high levels of expenditure on security software here in the region, there seems to be a flip side: there may well not be enough trained professionals to deploy them. That would at least seem to be the suggestion of research firm IDC, which warns that security vendors here in the Middle East are having to poach each others’ staff in a bid to get projects completed. When asked how firms planned to get round the shortfall in security skills, 41% told IDC that they would retrain existing staff, a tactic that could, IDC warns, simply lead to overworked staff being stretched even further. Security skills are not the only skills in short supply here in the Middle East: according to both IDC and other industry professionals that IT Weekly spoke to, there is also a marked shortage of IT professionals with strong business and management skills. This is also a serious problem: without such skills many of the ambitious projects that we are seeing being implemented here in the Middle East will struggle to bear fruit. A failure to deliver on IT projects could have a knock-on effect on the delivery of the business projects behind them. However, recent regional history suggests that the shortage of specialist security staff could also have business implications, as users worry about the safety of systems here in the Middle East. The past couple of years have hardly been an advert for IT security here in the region: we have seen a whole series of attacks and mishaps, as institutions here come increasingly under attack. Recent examples include HSBC customers being hit by a massive phishing scam, Emirates Bank customer PIN numbers and card data being captured from an ATM using a pinhole camera and skimmer, and Commercial Bank of Dubai being forced to move the hosting of its website in-house after an attack on its site last year. Ahmed Baig, manager of security consulting at eHosting Datafort, told IT Weekly earlier this year that ethical hacking attacks carried out by his company had proven “99% successful”, suggesting that security procedures are far from watertight here. While the Middle East has long been able to draw on expatriate employees to solve any shortage in local experience, the problem is that shortages in the right skills are not confined only to this region. For instance, the UK’s National Health Service has been unable to recruit an IT security chief after advertising the post for more than a year, the organisation said last week. Organisations in the region need to act now to ensure that they can provide adequate levels of protection to IT projects - or risk the consequences. ||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code