Companies looking to recruit network engineering professionals with experience of dealing with DDoS attacks are facing an uphill struggle, according to new research from Imperva.
The firm’s survey found that whilst companies across the globe are recognizing the importance of hiring skilled staff to help address security concerns threatening their online presence, a scarcity of qualified personnel is making this a difficult task.
Imperva report that China is seeing the highest demand for DDoS network engineering skills, with an estimated 47% annual growth (compared to 30% in the US). Further, findings show that companies in the US, UK and Canada are taking longer to fill the positions that require such skills, highlighted by an increase in the average number of job listing days in these nations. In the US for example, this has increased from 27 to 37 days over a four-month period, with the growth rate being over 75%.
“It is indeed difficult to attract engineers with strong experience in DDoS attack handling,” Jay Coley, senior director, Global Enterprise Security Architects at Akamai, told Infosecurity. “These skills can only develop in organizations that either see frequent DDoS attempts or in security companies that specialize in DDoS handling as a service. Additionally, due to the difficulty in gaining this experience and the need outstripping demand for these engineers, organizations will go to great lengths to hold onto and nurture talent.”
The demand for network engineers with DDoS expertise is on the up because of the marked rise of volumetric attacks on organizations, says Imperva. As a result, companies are often left scrambling for DDoS-skilled staff as they try to implement the planning, prevention and mitigation strategies that are now so essential in the fight against these types of attacks.
“DDoS attacks are still a major threat to any organization to both reputation and data integrity” said Coley. “As the Akamai SOTI security report bears out, DDoS attack frequency, size and many times complexity is still growing. Often these attacks are also used as a distraction or cover for other malicious activities, such as customer redirects to a false site, or direct data theft attempts.”
This is why it’s critical to ensure that organizations include DDoS planning, training and drills into their normal operational procedures to make sure their security teams are able to act quickly and effectively to any DDoS threat, he added.
“It’s also very important to include any DDoS security providers into the action plans as a matter of course, through table top drills and comprehensive run-book development.”