As the skills shortage worsens and cyber attacks soar to new heights, there’s a tangible need to attract fresh and experienced talent to careers in cybersecurity or catastrophe looms.
By Mukul Kumar, CISO and VP of cyber practice, Cavirin Systems
The cybersecurity threat landscape continues to cause serious concern. As the number of cyber-attacks increases and fresh legislation introduces potentially punishing fines, the true cost of a data breach is growing. The unpalatable truth is that employees are often the root cause – 54 percent of 1,000 IT professionals surveyed by the Ponemon Institute, named negligent employees as the most likely source of a data breach.
Whether it’s simple human error, malicious intent, or a lack of skills, the negative impact is the same. Many of the most high-profile breaches from last year have been caused by misconfigured servers that left sensitive information exposed. There are more jobs than qualified talent to fill them and this dearth of cybersecurity skills is causing serious problems.
The problem is set to get worse
The latest data from Cyber Seek suggests that there are more than 300,000 cybersecurity job openings in the U.S. right now. Demand is already seriously outstripping supply and a serious underinvestment in training is beginning to show. Things are set to get significantly worse before they get better, with Cybersecurity Ventures predicting that there will be 3.5 million unfilled cybersecurity positions by 2021.
A dwindling pool of talent will be able to command higher and higher wages, so only the largest and most successful companies will be able to afford proper cybersecurity. But greater pressure and unmanageable workloads are also likely to take their toll and push more people into different careers. If organizations don’t act, then we’re facing a potential catastrophe in the shape of a cybercrime epidemic we’re simply not equipped to keep pace with, much less eliminate.
Attracting more talent
It’s clear that expensive contractors and outsourcing are not going to fill the gap here, but there is an investment that would reap greater rewards in the long term. Businesses need to develop relationships with the education system and other external organizations. Outreach programs, jobs fairs, competitions, and sponsorships at different levels of education from high school to college offer scope to evangelize about cybersecurity careers and inspire new talent to start down that path.
Social media can be overlooked as a viable tool. Says senior HR manager Michael Perez of Ipswich Bay Advisors, “Whatever side of the fence you’re on, LinkedIn is a great resource for employers and prospective employees. Joining and being active in groups can prove yourself a thought leader and one can freely post (to attract candidates) and respond to job postings (as a job candidate) within a group.”
People returning to the workforce, veterans, and those seeking a career change also need to be educated on the potential for a lucrative and well-paid career if they decide to train up in cybersecurity. There’s an enormous opportunity for rewarding long-term employment, but that talent cannot be conjured up overnight.
Another piece of the puzzle that’s vital here is to reach beyond potential candidates and inspire parents, educators, and career counsellors to pitch careers in cybersecurity.
Invest in the right places
Businesses should try to develop more in-house talent, but bolster that with managed security services (MSS). With new regulations and frameworks emerging all the time, it takes some work to keep up with the latest techniques and to ensure that you’re extracting maximum value from the cybersecurity tools and systems you employ. For some enterprises it will make more sense to outsource security event monitoring, alerting, and response, while larger enterprises will likely be best served by a hybrid approach.
It may be tempting to skip further training when your security professionals are busy, but it’s a false economy that will cost you more in the long run. Whether they’re in-house or outside the traditional corporate environment, they need support to develop and grow.
It’s not just crucial to train employees so they can keep up with the latest trends and understand the landscape, employees who have completed training courses will also disseminate their newly-acquired knowledge. In some cases, you can even have them train up other employees.
To make room for training, consider employing software that can offer a clear picture of your cyber posture. If you can automate the mitigation of some security threats and have alerts that flag potential issues before they develop, then you can avoid being stuck in firefighting mode and having to remediate after the fact, which is inevitably more time-consuming and expensive.
Doing more with less
Even if you invest in new talent it’s going to be a while before you can reap the rewards. In the meantime, it’s essential to fully leverage the talent you do have at your disposal. The right support tools and automation for repetitive tasks, coupled with powerful insight into your current position and the potential risks, will enable you to focus your limited resources where they can make the most difference.
If you’re wondering where to start, the looming skills shortage in cybersecurity is just one of the topics that will be highlighted in October’s National Cyber Security Awareness Month.