The biggest IT security problem Canadian firms face (and it’s not a virus)

If the Department of Homeland Security struggles to attract the kind of talent it needs, what chance do firms here have?

Share this article:

A few months ago at the RSA security conference, the Secretary of the U.S. Department of Homeland Security was among the keynote speakers, and he made it clear that protecting government data required the right talent as much as the right technology.

“I am in the hunt [sic] to hire a new NCCIC director,” a transcript of Jeh Johnson’s remarks says, referring to the National Cybersecurity and Communications Integration Center. “I am personally participating in efforts to find a recognized all-star in the cybersecurity field, and I believe we are going to hire such a person soon.”

The Department of Homeland Security isn’t the only organization on the hunt for talent that can help prevent cyber attacks, as those attending this week’s SC Congress event in Toronto may discover.

In fact, a recent survey conducted by the Ponemon Institute and Allstream customer Scalar Decisions showed that about 59 per cent of Canadian IT professionals said they were having trouble protecting their data, and that they were not “winning the cybersecurity war.” The study also found that Canadian organizations experienced an average of 34 cyber attacks per year, with the average incident costing $208,432.

“With the rise in frequency and severity of security threats, it’s not surprising that the majority of Canadian organizations feel ill-prepared to meet IT security challenges head-on,” said Paul Kerr, President and CEO of Scalar Decisions, in a statement. “Most organizations need to look to third-party providers in order to gain skills and personnel that they do not possess in-house.”

This lack of in-house skills remains problematic for Canadian organizations hoping to repel cybersecurity threats. Talent has proven itself difficult to find on both sides of the border. Though the Ponemon and Scalar study points to a high return on investment for companies that prioritize cybersecurity, Canadian companies are still not investing enough in cybersecurity to properly protect themselves, nor are those willing to invest in cybersecurity able to find the in-house talent they need to ensure their data remains properly secured.

“Government does not have all the answers or all the talent,” said Secretary Johnson during his address at the RSA Conference. He added that the NCCIC received 97,000 cyber incident reports and issued nearly 12,000 alerts or warnings in 2014 alone, reiterating that not even the Department of Homeland Security is properly staffed to take on the cybersecurirty challenges it faces. “We want to convince some of the talented workforce here in Silicon Valley to come to Washington,” he said.

Convincing them to come to Canada may be an even tougher sell, which means the time to find more local talent — and partner with those who already have it — is now.

Share this article:
Comments are closed.