- Security TWENTY
- Women in Security
The Cyber skills shortage is an elephant in the room, and education and training are vital to plugging the cyber skills gap, says Ehsan Foroughi, Chief Technology Officer, at the cybersecurity company Security Compass.
Over the last few decades, the advancement of technology has been nothing like we first imagined it to be, and the future of technology now holds no bounds. We are currently moving towards the fourth industrial revolution where technologies such as Artificial Intelligence (AI), Big Data and the Internet of Things (IoT) are set to spearhead this new digital economy.
However, amidst the excitement of it all, there is a significant shortage in the IT skills needed to build, maintain and monitor the plethora of software applications developed for these emerging technologies. One particular branch of IT that is experiencing a significant skills deficit is cybersecurity. In fact, the global shortfall in cybersecurity professionals has fallen for the first time since records began, according to the 2020 Cybersecurity Workforce Study from (ISC)2. In addition to this, an estimated 3.5 million cybersecurity jobs will go unfilled this year, further highlighting the bleak issue the industry is facing regarding the cyber skills shortage.
So what exactly is causing this cyber-skills deficiency and what potential implication does it have on businesses and consumers?
The cybersecurity skills gap has been growing for some time now and has been further affected by the COVID-19 pandemic. So much so that a recent (ISC)² study found that remote working has increased cybersecurity incidents for 23% of all companies who have adopted such a working arrangement, with some even experiencing a two-fold increase in these incidents.
The issue of a cyber skills shortage comes at a time where organisations are continuously being targeted by increasingly more sophisticated and more malicious cyber-attacks. As a result, this has made the process of securing business infrastructure and defending against cyber threats harder than ever. The cybersecurity skills shortage is continuing to be the principal cause of the rise in cyber threats and security breaches as organisations are severely affected by the growing security workload and the avalanche of threats that need to be monitored.
However, a small part of the blame of the wider issue can also be placed on the shoulders of the organisations as well. Business cost cutting and lack of cybersecurity training have a small part to play in the growing cyber skills gap. In fact, a recent PwC report found that over a fifth of UK business and tech companies are planning on downsizing their cybersecurity teams. Coupled with the fact that many organisations are failing to provide adequate cybersecurity training for their staff, this is not only contributing further to the cyber skills gap but also resulting in businesses leaving themselves wide open for cybersecurity breaches.
At a time when organisations are moving into the digital economy and becoming ever more reliant on technology, this is a grave concern for IT departments. Especially now that the spotlight of scrutiny and accountability is firmly placed on them.
Addressing and tackling the burgeoning cybersecurity skills gap is not an easy task. However, there are a number of possible solutions to dealing with or at least alleviating the issue. Firstly, companies need to realise that the cyber skills shortage is not a people problem, but a processes and infrastructure issue. The first port of call is to evaluate the existing tools and processes they have in place. Do they contribute further to the issue? Are they helping at all?
One key solution to tackling this cyber skills shortage is automation. Automation for security and compliance processes will help companies to incorporate effective and robust security from the earliest phase in the development of their application projects without much interference from security teams, giving them the bandwidth and energy to focus on other security related issues and training to further their cyber knowledge.
For example, companies can look towards automating their security processes, particularly the repetitive but highly important security tasks such as software vulnerability tracking. This would mean developers can save time reviewing program codes and dedicate their efforts to other important tasks. Other tasks that automation excels at include converting key regulatory requirements into actionable tasks for the DevOps teams to undertake while following the progress to completion.
Additionally, automation has also transformed the way security testing is conducted by software engineers. The process of manually reviewing and correcting codes can now be automated and done with greater speed, precision and frequency without the need for human interference. This is a far cry from the old, manual and infrequent penetration tests that all too often hinder the software development process.
From a regulatory compliance perspective, automation can help organisations follow organisational policies for every application rather than discriminately for the more critical projects. It essentially allows them to standardise controls by centralising them and also monitoring every bit of activity in the application lifecycle including management reporting and external audits.
Cybersecurity training is another way in which organisations can bridge the cyber skills gap. By expanding cybersecurity awareness and wider knowledge of systems and programs among their workforce, businesses will benefit from increased efficiency and accuracy amongst their teams, leading to fewer vulnerabilities.
Rolling out dedicated and comprehensive training programmes accompanied by certifications for new starters and existing employees can go a long way to developing future talent and loyalty, and by extension widening the pool of talent within the organisation. However, for this to truly work, companies will need a strong cybersecurity presence at C-suite level in the form of a CISO to further foster a positive attitude towards cybersecurity.
The cyber skills gap is continuing to grow, and it is now time for companies to look at ways in which they can effectively tackle this issue and strengthen their enterprise security before it’s too late.