{"id":16531,"date":"2017-05-15T06:43:20","date_gmt":"2017-05-15T10:43:20","guid":{"rendered":"https:\/\/www.kaspersky.com.au\/blog\/?page_id=16531"},"modified":"2022-05-06T03:09:25","modified_gmt":"2022-05-05T16:09:25","slug":"security_risks_report_lack_of_security_talent","status":"publish","type":"page","link":"https:\/\/www.kaspersky.com.au\/blog\/security_risks_report_lack_of_security_talent\/","title":{"rendered":"Lack of security talent: an unexpected threat to corporate cybersafety"},"content":{"rendered":"<div style=\"padding-left:20px;padding-right:20px\">\n<h2 style=\"color:#006D55;font-style:italic\">IT Security Risks Special Report Series 2016<\/h2>\n<h2>Kaspersky Lab<\/h2>\n<p><a href=\"https:\/\/kas.pr\/58E2\" target=\"_blank\" rel=\"noopener noreferrer\"><img decoding=\"async\" alt=\"\" border=\"0\" src=\"https:\/\/securelist.com\/files\/2012\/08\/pdf_small5.gif\" style=\"vertical-align:middle\">\u00a0<strong>Download the PDF version of the report<\/strong><\/a><\/p>\n<h2>Content<\/h2>\n<ul>\n<li><a href=\"#1\" target=\"_blank\" rel=\"noopener\">Introduction<\/a><\/li>\n<li><a href=\"#2\" target=\"_blank\" rel=\"noopener\">Lack of expertise: measuring direct financial impact<\/a><\/li>\n<li><a href=\"#3\" target=\"_blank\" rel=\"noopener\">One out of forty: new security talent is hard to find<\/a><\/li>\n<li><a href=\"#4\" target=\"_blank\" rel=\"noopener\">Security is tough to master<\/a><\/li>\n<li><a href=\"#5\" target=\"_blank\" rel=\"noopener\">Going beyond technical expertise<\/a><\/li>\n<li><a href=\"#6\" target=\"_blank\" rel=\"noopener\">Looking for a solution: intelligence sharing<\/a><\/li>\n<li><a href=\"#7\" target=\"_blank\" rel=\"noopener\">Conclusion: Being flexible<\/a><\/li>\n<\/ul>\n<h2><a name=\"1\"><\/a>Introduction<\/h2>\n<p>On July 6, 2013 a Boeing 777 <a href=\"https:\/\/kas.pr\/b2ao\" target=\"_blank\" rel=\"noopener\">crashed<\/a> on final approach to San Francisco Airport. The subsequent <a href=\"https:\/\/kas.pr\/swU1\" target=\"_blank\" rel=\"noopener\">investigation<\/a> revealed that due to airline policies pilots tended to rely mostly on automated aircraft systems, did not have enough manual flight experience, and lacked the skills and knowledge to understand and react in rare, but under other circumstances, standard situations. The resulting report mentioned such powerful wording as \u201c[crew] mismanagement\u201d, \u201cinadequate monitoring\u201d, \u201ccomplexities [of various aircraft systems]\u201d, \u201cinadequate \u2026 planning and executing\u201d. Note the striking resemblance to the messages we tend to use in IT incidents investigation.<\/p>\n<p>In cybersecurity everyone has something to learn from aviation safety. <a href=\"https:\/\/kas.pr\/SN4u\" target=\"_blank\" rel=\"noopener\">Crew resource management<\/a> is one example. The growing complexity of technology, together with radical advancements of automated control leading to diminishing operator qualifications is another. Transparent investigations and information sharing is also a major takeaway. The IT Security industry is still in the early stages of understanding that technology alone is not capable of solving all of its troubles. In this report we combine results of a global survey of business executives with intelligence from Kaspersky Lab\u2019s experts and representatives of major universities to show that overcoming the lack of skills and shortage of talent in cybersecurity is a major challenge for companies. There are numerous different approaches to solving this challenge. The question is how to choose the right one. <\/p>\n<h2><a name=\"2\"><\/a>Lack of expertise: measuring direct financial impact<\/h2>\n<p>Is the lack of security expertise really a problem for corporations? In short, yes. We have uncovered that an inability to build corporate security intelligence \u2013 specifically by hiring new talent \u2013 has a direct impact on the damage caused from real cybersecurity breaches. In March-April 2016 we conducted a Corporate IT Security Risks survey together with our partner B2B international. We asked more than 4,000 company representatives in different industries and of various sizes about their attitudes and experiences of cybersecurity. In particular, we wanted to find out, how businesses perceive the problem of talent shortage. Here\u2019s what we discovered.<\/p>\n<p>Overall, 33% of businesses worldwide see improving specialist security expertise as one of the Top 3 drivers of IT security investment. Approximately half of businesses admit there is a talent shortage and growing demand for specialists. <\/p>\n<p><a href=\"https:\/\/s3.amazonaws.com\/kdm-prod\/wp-content\/uploads\/sites\/102\/2017\/05\/23090020\/srsrs_2016_eng_1-1024x360.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2017\/05\/23090020\/srsrs_2016_eng_1-1024x360.png\" alt=\"\" width=\"1024\" height=\"360\" class=\"aligncenter size-full wp-image-17240\"><\/a><\/p>\n<p>But does this concern have any foundation? To help answer that question we also asked businesses about the average loss experienced from a cybersecurity incident, which enabled us to compare perception with the real cost of recovery. We discovered that enterprises struggling to find the best security talent end up spending at least three times more on average to recover from a security breach.<\/p>\n<p><a href=\"https:\/\/s3.amazonaws.com\/kdm-prod\/wp-content\/uploads\/sites\/102\/2017\/05\/23090103\/srsrs_2016_eng_2-1024x450.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2017\/05\/23090103\/srsrs_2016_eng_2-1024x450.png\" alt=\"\" width=\"1024\" height=\"450\" class=\"aligncenter size-full wp-image-17242\"><\/a><\/p>\n<p>Large businesses that feel confident about their IT Security team development, pay anywhere from US$100K to 500K to recover from a single breach. Those companies that admit a certain insecurity in attracting new talent, end up paying from US$1.2 to $1.47 million. However, when this loss is compared to the cost of hiring new staff, it demonstrates how much more cost effective it is to employ experts before an incident, rather than bringing them in to pick up the pieces. A significant amount of the recovery costs is due to additional staff wages \u2013 US$14K on average for SMBs, $126K for enterprises \u2013 with companies spending more on hiring external experts and paying overtime for their own team, than they actually lose in terms of business opportunities, credit rating and compensations to clients and partners. Investment in IT security <i>before<\/i> a serious breach happens is therefore worth the effort. <\/p>\n<p>But it\u2019s not only about money. <b>40%<\/b> of companies cite increased infrastructure complexity as a major driver for increasing IT security budgets. CISOs recognize the increased demand for security from multiple directions: top management wants it (<b>38%<\/b> of enterprises, <b>33%<\/b> of SMBs mention it as one of the main reasons for increased IT security investment), and regulators demand it with a multitude of compliance requirements (one of the key budget growth drivers for <b>38%<\/b> for enterprises and <b>38%<\/b> of SMBs). It\u2019s still hard to estimate ROI for security efforts, but apparently companies don\u2019t even care. <b>62%<\/b> of large companies and <b>59%<\/b> of SMBs will continue investment in IT security regardless of the ability to measure return. <\/p>\n<p>On average, <b>15%<\/b> of talent in an IT department of a large company is dedicated to security, that\u2019s 39 specialists in a typical team of 220 experts managing all aspects of the infrastructure. SMBs in comparison have only two security experts out of a team of 16 IT professionals. Do they plan to expand? You bet. <b>68.5%<\/b> of businesses expect an increase, of them <b>18.9%<\/b> think their IT security department will grow significantly (27% of enterprises, 22% SMBs), with <b>4.1%<\/b> expecting their headcount to double over the next three years. <\/p>\n<p>There are also differences in attitudes towards finding new talent within industry sectors. Companies operating in the following fields have the highest expectation towards IT security staff growth:<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2017\/05\/23090204\/srsrs_2016_eng_3.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2017\/05\/23090204\/srsrs_2016_eng_3.png\" alt=\"\" width=\"882\" height=\"230\" class=\"aligncenter size-full wp-image-17244\"><\/a><\/p>\n<p>The threat landscape provides about <a href=\"https:\/\/kas.pr\/P6d7\" target=\"_blank\" rel=\"noopener\">315,000<\/a> reasons daily for businesses to enhance their defenses. When we compared the real experience of specific security incidents with the businesses\u2019 desire to grow their IT security teams, we found that confronting these threats significantly affects investment in cybersecurity talent:<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2017\/05\/23090226\/srsrs_2016_eng_4.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2017\/05\/23090226\/srsrs_2016_eng_4.png\" alt=\"\" width=\"857\" height=\"321\" class=\"aligncenter size-full wp-image-17245\"><\/a><\/p>\n<p style=\"margin-left:5em\">The demand for security professionals is growing across all industries and affects companies of all sizes. Businesses are driven by multiple demands: senior management, regulators, the threat landscape and a general desire to protect sensitive data at all costs. The question is how to find the right professionals in the market. Our survey shows that it\u2019s not enough to secure budget for headcount and salary growth. New talent brings more intelligence but only if the right decisions were made in the process. To prove this, we asked companies how confident they are that their network has not been hacked. Over half (<b>58.6%)<\/b> were <i>not 100% sure<\/i> that their network has not been hacked. With a key goal of a company\u2019s security efforts to raise confidence in the systems and processes in place, investing in intelligence and talent play a major role.<\/p>\n<h2><a name=\"3\"><\/a>One out of forty: new security talent is hard to find<\/h2>\n<p>As a security intelligence provider, we at Kaspersky Lab have a strong team of security experts, and continue to expand in our HQ and offices around the world. This puts us in a different position compared to regular businesses. While the typical large company\u2019s security team amounts to 15% of the IT department, in our case security experts comprise 30% of the <i>entire R&amp;D department<\/i>. This gives us a certain advantage: we have years of experience in attracting new talent. Does this make it easier for us? <\/p>\n<p style=\"margin-left:5em\">First, we believe that only our internal team can find the right experts, and that\u2019s why we do not use recruitment agencies but develop our internal recruitment expertise in IT Security field. Second, as one of the top IT Security companies, we need only the best and most experienced candidates to join our team. That\u2019s why we communicate with <b>40<\/b> applicants to hire just one expert and fill one position in <b>45<\/b> days on average.<\/p>\n<blockquote>\n<p style=\"margin-bottom:1em\"><b>Kirill Shiryaev, Kaspersky Lab\u2019s Head of Talent Acquisition and Employer Branding:<\/b><\/p>\n<p>\u201cIn order to fill a single position, on average we contact 40 applicants. Of them, we conduct extended interviews with 10 people and choose only one. Some applicants understand that they do not have enough skills and desire to learn for our unique requirements the moment they get a technical test assignment. Even for junior positions, we have to find people with practical skills and knowledge of various aspects of IT. We demand knowledge of specific tools like debugging and reverse engineering software, experience with various programming languages. Given the specifics of our company, we don\u2019t expect that all applicants have already worked in the field of cybersecurity. In fact, if a candidate did some relevant work in his\/her own time out of interest, it may become a key factor to make an offer\u201d. <\/p>\n<\/blockquote>\n<p>Security talent is a scarce resource, and it happens for a reason. We rarely see people who chose the IT security field by chance \u2013 it\u2019s simply impossible to stay in this business just to make a living. Cybersecurity demands curiosity, self-education, knowledge of a broad scope of topics, and every single one of them can get you a decent salary in any other IT field. One has to be really inclined to become a security expert, and it doesn\u2019t work any other way. Sometimes we see candidates who can\u2019t meet our requirements, and our goal is to stay in touch with them. Once in a while we meet a person persistent enough to master their skills, return to us and join the team. <\/p>\n<h2><a name=\"4\"><\/a>Security is tough to master<\/h2>\n<p>Can education institutions fulfill the growing demand for new talent? The IT industry continues to evolve at a rapid pace, and despite the obvious advancements in IT education, most graduates are not ready to help companies in ramping up security immediately. We reached out to representatives of education institutions specializing in the field of IT and IT security to confirm. <\/p>\n<blockquote>\n<p style=\"margin-bottom:1em\"><b>Professor Steve Furnell, Head of School of Computing, Electronics and Mathematics (Faculty of Science and Engineering), Leader of Centre for Security, Communications &amp; Network Research at Plymouth University, UK:<\/b><\/p>\n<p><i>\u201cI think that care needs to be taken about how much we regard graduates as being directly \u201cqualified to work\u201d in the IT security field. Even as degree graduates, I would not necessarily regard them as qualified practitioners. They should certainly have a good level of supporting knowledge and some of the skills, but there will equally be various aspects that they have not been able to put into practice \u201cfor real\u201d at that stage\u201d<\/i>. <\/p>\n<\/blockquote>\n<p>There is also an internal competition between the security industry and other general IT fields, that too, are looking for talent. Not to mention the fact that IT specialization demands certain personal qualities that are not that common. <\/p>\n<blockquote>\n<p style=\"margin-bottom:1em\"><b>Dr. Tse Woon Kwan Daniel, City University of Hong Kong:<\/b><\/p>\n<p><i>\u201cJust the technical side is not enough to become a real expert in IT security. Both managerial and technical know-how are required, with a good grounding in security management and auditing. From time to time, I tell my students that a competent IT auditor should be one who knows about all aspects of IT security because in just understanding the technical side they may not know how to make best use of it to align with the business. On the other hand, just knowing the managerial side may mean they only know about the hype.\u201d<\/i><\/p>\n<\/blockquote>\n<p>That\u2019s why at Kaspersky Lab we need to make sure that fresh graduates at the very least, will evaluate their desire and capabilities to join the cybersecurity industry. This means reaching out to universities, developing and conducting special training courses, even sharing some of our proprietary technologies to help motivate students. There are positive signs that educational institutions understand the demand for security experts and are looking to improve their programs.<\/p>\n<blockquote>\n<p style=\"margin-bottom:1em\"><b>Professor Steve Furnell:<\/b><\/p>\n<p><i>\u201cI see a growing demand for IT security education these days. I think it is certainly an area that is seeing increased interest from students, and there has been a definite growth in the number of universities offering named programs in this space. We provide specific courses dedicated to the topic of IT security at both Bachelors and Masters level, as well as security-related modules within our other computing degree programs (with the exact mix of core and optional content varying depending upon the program concerned). We also have security-related emphasis within wider computing modules. For example, software engineering and database development are both topics in which security is important even though it is not the main theme of the course concerned\u201d. <\/i><\/p>\n<\/blockquote>\n<h2><a name=\"5\"><\/a>Going beyond technical expertise<\/h2>\n<p>Security expertise starts with solving simple challenges. Note that in our industry \u2018simple\u2019 sometimes equals to \u2018reasonably complex\u2019 everywhere else. Kaspersky Lab\u2019s founder Eugene Kaspersky started his security journey 27 years ago by analyzing viruses in his free time. Many of our best experts did likewise: the major source of our talent is the \u2018virus lab\u2019, the first level of many needed to become a versatile security expert. <\/p>\n<p>But does our experience apply to a normal company with real business needs far from IT Security? The answer is both yes and no. We have reached out to our security experts to clarify. <\/p>\n<blockquote>\n<p style=\"margin-bottom:1em\"><b>Sergey Novikov, Deputy Director, Global Research and Analysis Team:<\/b><\/p>\n<p><i>\u201cA security researcher learns something new every day, while doing their best to analyze new advanced threats. Today the topic may be the specifics of a rare programming language, typically used in a gaming application, and now utilized by threat actors. Tomorrow this may change to aspects of Chinese dialects, needed to recover vital clues from the code of a mysterious malicious module. Complexity of threats grows with complexity of IT infrastructure, but that\u2019s not the only challenge. Our experience shows that the lack of security managers is more severe and impactful than the lack of technology experts. Growing technical skills is important, but seeing a bigger picture of all threats or those relevant to a particular business is paramount. Understanding the real scope of threats and at the same time being able to communicate the needs of IT security to top management is very, very difficult\u201d. <\/i><\/p>\n<\/blockquote>\n<p style=\"margin-left:5em\">So it\u2019s not only about technical expertise. The ability to make this expertise actionable while defending the needs of cybersecurity to senior management is also important. While the security industry itself is in need of \u2018pure\u2019 technology wizards, for regular businesses things are different. They need security intelligence as well as security management in order to be on the safe side. <\/p>\n<blockquote>\n<p style=\"margin-bottom:1em\"><b>Sergey Gordeychik, Head of Security Services, Deputy CTO, Kaspersky Lab:<\/b><\/p>\n<p><i>\u201cBusiness-side security experts and security researchers share one common character: the desire to master skills in this unique field and a personal interest in the topic. But there are differences, too. Protecting a company does not require knowledge of assembly language to reverse engineer. It is even harmful to dig into such things: they take precious resources away from the real goal: keep the company\u2019s data safe and infrastructure working. It\u2019s not a question of \u201chow\u201d and \u201cwho\u201d that businesses have to answer when confronted with an attack. The right question is what should be done to reduce the risk. Security management plays the most important part in solving this challenge. We see that it\u2019s hard to combine those skills within a single team: developers and general IT experts often overlook security matters, while security professionals tend to focus on breaking things, not building something with security in mind\u201d. <\/i><\/p>\n<\/blockquote>\n<h2><a name=\"6\"><\/a>Looking for a solution: intelligence sharing<\/h2>\n<p>As we have observed, even if the supply of security experts satisfied the demand, this would not solve all business troubles. First, the lack of experts\u2019 problem extends beyond technical knowledge and experience. Finding a manager who at the same time is proficient in the threat landscape, current security solutions and specifics of IT infrastructure is even harder. Second, a single business is not capable of accumulating enough intelligence to combat all threats. Malware, spam, DDoS attacks, and targeted assaults are seeking different points of vulnerability in a corporate infrastructure, with years of knowledge required to properly secure each of them. <\/p>\n<p>15 years ago the business world had just started its path towards dependency on IT infrastructure, and back then the threat landscape was much more relaxed. Those were the good times when everything that was needed to prevent cyberthreats was an anti-virus solution. Not anymore. Although the need for threat prevention technologies is going to grow, the ultimate cyber defense now relies on sharing of intelligence. By intelligence here we mean exchanging expertise about various types of cyberthreats, attacks and vulnerabilities both in a form of protection technology and pure knowledge. <\/p>\n<p>Businesses are still cautious when it comes to employing external security consultants to audit the level of protection from cyberthreats: only <b>26%<\/b> of companies we have surveyed see this measure is effective. But the same survey provides an important clue that this perception has to change. The most damaging attacks \u2013 those that companies cannot discover for days or even weeks after the initial compromise \u2013 are most likely to be discovered by a security audit. <b>72%<\/b> of businesses that suffered from such attacks discovered them thanks to an external audit. The second most frequent working measure is internal security assessment. The third most popular clue of an ongoing attack is quite alarming \u2013 a notification from a client or a customer. <\/p>\n<blockquote>\n<p style=\"margin-bottom:1em\"><b>Veniamin Levtsov, Vice President, Enterprise Business, Kaspersky Lab:<\/b><\/p>\n<p style=\"margin-bottom:1em\"><i>\u201cThe onset of targeted attacks on businesses, often initiated by organized crime, calls for a fresh look at corporate cybersecurity. Sometimes these assaults are based on sophisticated malicious technologies, but more often, we see attacks that exploit human weaknesses and the inevitable growth in infrastructure complexity. The people behind the attacks have intent, skills and knowledge to harm the businesses they target. Therefore, the most precious assets that businesses can use to counteract these attacks are people with even better talent, knowledge and skills. With the right people in place, the technology that helps these experts to enhance a company\u2019s defenses can really make a difference. For the corporate world, and the security industry alike, this is not a comfortable paradigm shift, but sooner or later intelligence-based security is going to be universally embraced. Talent shortage is one of the clear signs of that.<\/i><\/p>\n<p><i>In this evolving industry the relationship with our customers already goes beyond shipping a technology or a product. We need to provide them with the skills and training required to identify on-going attacks. Detailed knowledge about attacks on other businesses, in the form of intelligence reports, is also necessary, along with actionable, machine-readable data about on-going threats. Solving the different challenges of threat prevention, detection of targeted attacks, incident response and prediction requires a lot of flexibility. As a security vendor we are dedicated to increasing the quality and size of the expert security workforce around the world. Among many projects to support this initiative we are developing IT Security Fundamentals \u2013 an educational course that will hopefully help more IT professionals to start their journey in the field of security expertise\u201d. <\/i><\/p>\n<\/blockquote>\n<h2><a name=\"7\"><\/a>Conclusion: Being flexible<\/h2>\n<p><b>52%<\/b> of businesses agree that their security will be compromised at some point, and they have to be prepared for such events. So far businesses tend to concentrate on prevention technologies and pay less attention to threat detection and response. Despite some obvious controversy in businesses\u2019 perception of IT security matters, we see a clear sign of positive change. In three years, companies are looking to invest 60% of their IT budgets on protection approaches beyond prevention, which is a positive sign of perception change.<\/p>\n<p>The problem of talent shortage like any other cybersecurity problem will be eventually solved, through the efforts of education, evolution of the industry and adoption of intelligence sharing models. By that time, we will be dealing with much more complicated problems in this field. As our experts say, to be successful in this business you should always be prepared to deal with something new. The root cause of a talent shortage is the need to solve security issues that cannot be solved by automated security systems. Thus, the solution lies within a greater flexibility of businesses as well as the security industry: building new security solutions with intelligence in mind and making sure that new findings of the evolving threat landscape can be shared with everyone efficiently. <\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>IT Security Risks Special Report Series 2016 Kaspersky Lab \u00a0Download the PDF version of the report Content Introduction Lack of expertise: measuring direct financial impact One out of forty: new<\/p>\n","protected":false},"author":2706,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[],"class_list":["post-16531","page","type-page","status-publish"],"hreflang":[{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/security_risks_report_lack_of_security_talent\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/security_risks_report_lack_of_security_talent\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/security_risks_report_lack_of_security_talent\/"}],"acf":[],"banners":"","is_landing":true,"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/pages\/16531","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/users\/2706"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/comments?post=16531"}],"version-history":[{"count":5,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/pages\/16531\/revisions"}],"predecessor-version":[{"id":27449,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/pages\/16531\/revisions\/27449"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media?parent=16531"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/categories?post=16531"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}