Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Will Employees' Lack of IT Skills Lead to Security Issues in Future?

Last year, Bill Mitchell – the Director of Education at BCS, the Chartered Institute for IT – stated “the UK will need more than 1.2 million new technical and digitally skilled people by 2022 to satisfy future skills needs.”

He made these comments in relation to future generations potentially being unable to secure important jobs – unless our education system changes. Yet, while the prospect of being unable to compete with other countries in the digital sphere is bad enough, the absence of IT skills will put businesses at greater risk of cybersecurity attacks. Furthermore, instead of being a problem for the future, we are seeing its effects today.

Skilled IT and cybersecurity professionals are hard to find
To ensure businesses are protected against internal and external threats, it is necessary to hire the right experts. Unfortunately, the 2016 Global Cybersecurity Survey revealed that almost half of IT managers found it difficult to find professionals with the right cybersecurity skills. 

Furthermore, that same research highlighted problems teaching this subject in higher education – with more than 60% of respondents feeling recent graduates lacked necessary skills.

The results of this survey suggests that for businesses to build the right cybersecurity team, managers must dedicate time and resources to training. Yet, these skills are not the only ones in demand and even basic computing knowledge is in short supply. 

For example, Wise Owl Training recently published the results of its basic computing test. Out of the almost 5,800 individuals who took the 20-question exam, the average number of questions right was 11. One area of particular concern was tackling file extensions as many of the participants demonstrated confusion around what a .txt extension meant.

In this test, the questions were split between three levels of difficulty (basic, intermediate, and advanced) and covered the following areas: 

  • Windows
  • Using the web
  • Software
  • Hardware

Among the incorrect questions, the most commonly failed area were ‘Windows’ and ‘using the web’. A quarter of the basic questions were answered incorrectly, and those that proved to be most problematic were (correct answer in bold):

You click to uninstall a program. Which of the following is true? (Around 66% incorrect)

  1. Even if the program uninstalls successfully, you'll have to manually delete all associated desktop icons and start-up menu options
  2. You will have to restart your computer before you can continue
  3. You won't be able to uninstall another program at the same time
  4. You won't be able to uninstall this program if it was written by Microsoft

You see the following text file types listed in a drop down when opening a file. What does CSV stand for? (Around 63% incorrect)

  1. Common Spaced Values
  2. Common Script Version
  3. Comma Separated Values
  4. Cursor-Style Version

The standard Windows anti-virus software is shown below. What's it called? (Around 60% incorrect)

  1. McAfee
  2. Norton
  3. Defender
  4. Firewall

Andy Brown, director of Wise Owl Training, did not comment specifically on why “tackling file extensions” was a common problem, but did state: “One thing is for sure: investing time now in learning how to use computers will stand you in good stead to cope with whatever the IT future holds.”

Therefore, no matter how skilled your cybersecurity team is, this could be rendered useless if an inexperienced employee opens a suspicious file attachment. 

How do we resolve this skills gap?
The IT skills shortage is due to a variety of factors. The most common, according to Statista, is businesses not investing enough in relevant training programs. Furthermore, employers have also stated others, such as not anticipating the skills they would require and their education methods not being effective enough. However, as well as these, I believe there to be two main reasons for the skills gap:

An over-reliance on specialisms
The way we teach computer skills is changing. In today’s ever-developing digital world, it is essential to continually learn new skills to stay ahead of the curve. As a result, many employees are experts in one or two niche areas which make them valuable candidates for certain sectors. 

The 2016 Global Cybersecurity Survey highlighted the problems with teaching IT in traditional academia. As a result, we have seen the rise of programming or development ‘boot camps’. These specific institutions offer short-term intensive training courses which provide individuals with a specialism. Yet, without the inter-personnel skills acquired through university, or the opportunity to learn other fields while studying, this can render graduates without important general technical knowledge.

Therefore, organizations could benefit from hiring graduates with a mixture of IT and soft skills and then use third-party groups to assist in team development. This method would also help to partially solve the second reason:

IT professionals must be empathic
IT training is often conducted independently or in small groups. Once complete, graduates are used to explaining technical issues amongst the already informed. Over time, they can lose the ability to communicate computing issues simply.

This leads to another problem, the belief that ‘computing skills are too hard to learn’. IT professionals must learn empathy in order to break down the barriers between the tech-savvy and the uninformed.

Once that confusion is shattered, more will be interested in learning how to improve their own technical skills. Furthermore, once IT professionals can communicate clearly, they will be much better at liaising with clients.

Prevent a cybersecurity attack by training your staff
For many organizations, this internal skills gap is self-inflicted. However, instead of employing the latest high-profile specialists, it might be advisable to take a step back and focus on soft skills.

Having a company full of trained IT professionals will take time. Yet hiring generalists with soft skills could go a long way to helping organizations combat cyber-attacks in the future.


This article was written by Tom Chapman, working on behalf of Wise Owl Training. The company specializes in computing training for businesses and individuals and has centers in Manchester and London.


What’s Hot on Infosecurity Magazine?