Press Release

Cybersecurity Professionals Admit Early Career Mistakes Due To Knowledge Gaps

The acknowledgment is even more prevalent among individuals with two to five years of experience, with nearly 60% admitting to missteps.

by Editorial

Last updated on March 15th, 2024

Share on LinkedInShare on Twitter

With human error responsible for almost two-thirds of cyber incidents in the last two years, over 50% of current cybersecurity professionals acknowledge making mistakes in the early stages of their careers due to insufficient theoretical or practical knowledge.

This acknowledgment becomes even more pronounced among those with two to five years of experience, with nearly 60% admitting to similar missteps. In the Middle East, Turkey, and Africa (META) region, 43% of all respondents concede to making such errors.

According to a recent Kaspersky study over the past two years, organizations have suffered at least one cyber incident due to a lack of qualified cybersecurity staff.

The Uphill Battle of Cybersecurity Hiring

While sourcing more qualified cybersecurity staff might be one of the solutions to tackle this problem, businesses worldwide are facing a lack of information security (InfoSec) professionals. According to current estimates, the cyber-workforce shortfall totals nearly 4 million.  

The general cybersecurity skills gap is accompanied by the fact that many new starters in the industry must cope with the gaps in practical and theoretical knowledge, resulting in initial struggles and making errors in their job.

Some of the most common mistakes made by InfoSec professionals in the META region early in their careers turned out to be using weak or guessable passwords (52%), the lack of identity protection implemented (48%), the use of outdated security measures (35%). Neglecting to perform backups of important data (34%) was also a common mistake cybersecurity experts made at the beginning of their career. 

As cybersecurity professionals acknowledge they might not have had the required skillset and hands-on experience when entering the field, some point at additional difficulties with jump-starting their careers.

Despite the cyber industry continuously reporting a workforce gap, 34% of respondents claim to have had three or more failed interviews before being selected for an InfoSec role. In the META region the process is smoother with just 21% saying they needed to undergo interviews more than once or twice. 

It’s no secret that formal training programs often struggle to keep up with industry developments, and that is especially true for the cybersecurity field,” comments Marina Alekseeva, Chief Human Resources Officer at Kaspersky.

The fact that many employees in the market might have limited practical skills or gaps in their knowledge underlines the importance of a comprehensive onboarding process with a focus on peer learning and means companies must pay more attention to the upskilling of their employees,” Alekseeva added.

Cyber Career Challenges and Resilience

Initial challenges cybersecurity experts face when they join the industry may explain why nearly half of InfoSec professionals (46%) globally and one in three (32%) in the META region say that it took them more than a year to feel comfortable in their first cybersecurity roles.

While 31% of respondents managed to get to grips with their job within one or two years, 9% of respondents said the process took them two to three years and 6% – more than three years. In the META the respective figures are 21%, 7% and 4%.

The extensive list of factors contributing to cyber incidents highlight the myriad considerations that employees—particularly those outside the IT department—must bear in mind to minimize the likelihood of errors.

For instance, the rise of shadow IT (11%) poses a growing concern for organizations as employees increasingly operate beyond the confines of traditional office spaces and are entrusted with remote devices, both for work and personal use.

It’s worth noting that these causes are more often accidental than intentional. Only 8% of incidents stemmed from violations of information security policies by non-IT employees. However, the financial services sector stands out in this regard.

Violations of information security policies by non-IT staff in this industry account for 22% of cyber incidents, while 34% cite intentionally malicious behavior by both IT and non-IT employees as a notably more prevalent issue.


Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button