19 November 2014
UK companies are considering hiring ex-hackers to tackle cyber issues, according to research by KPMG.
In a bid to stay one step ahead of cyber criminals, senior IT and HR professionals have revealed that ex-hackers are being looked at as companies become increasingly desperate to get the right people on board.
KPMG surveyed 300 professionals from organisations that employ 500+ staff to assess how the corporate world is ‘skilling-up’ to protect itself against cyber security breaches.
Nearly three quarters – 74% say they are facing new cyber security challenges which demand new cyber skills. For example, 70% admit their organisation ‘lacks data protection and privacy expertise’. The same proportions are also wary about their organisation’s ability to assess incoming threats.
The majority candidly admitted that the shortfall exists because the skills needed to combat the cyber threat are different to those required for conventional IT security. In particular 60% are worried about finding cyber experts who can effectively communicate with the business – vital to ensuring that cyber threat is well understood by corporate leaders outside the IT department.
The skills gap is forcing many companies to consider turning to ‘poachers turned game-keepers’ to keep up to speed, according to the research. More than half of respondents (53%) say they would consider using a hacker to bring inside information to their security teams and 52% would also consider recruiting an expert even if they had a previous criminal record.
Commenting on the findings Serena Gonsalves-Fersch, head of KPMG’s Cyber Security Academy, says: ‘the fact that companies are considering former hackers as recruits clearly shows how desperate they are to stay ahead of the game. With such an unwise choice on the menu, it’s encouraging to see other options on the table.
‘Rather than relying on hackers to share their secrets, or throwing money at off the shelf programmes that quickly become out of date, UK companies need to take stock of their cyber defence capabilities and act on the gaps that are specific to their own security needs. It is important to have the technical expertise, but it is just as important to translate that into the business environment in a language the senior management can understand and respond to.’