SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
How businesses should handle cybersecurity skill shortage - Sungard AS
Tue, 5th Mar 2019
FYI, this story is more than a year old

A report by non-profit association (ISC)² revealed that the worldwide cyber security skills gap currently stands at almost three million, exposing a serious shortage of talent working in the IT security sector.

This equates to nearly two out of three businesses lacking the cybersecurity skills needed to keep threats at bay, which is concerning as 59% say their companies are at moderate or extreme risk of cyber attacks due to the shortage.

With the tech sector booming and unemployment rates low, cybersecurity talent can be hard to recruit and retain.

Every company faces an ever-evolving onslaught from hackers in one form or another, which is no longer about when a breach happens but how often they happen.

Resilient businesses have a laser focus on cybersecurity, all too aware of the negative impact a breach can and does have.

Even with an effective cybersecurity incident response plan in place finding the required skills and knowledge to deliver on that plan is far from easy.

C-suite executives say the inability to “identify and fill gaps in cyber talent,” along with the capacity to build a “cyber-savvy workforce,” are among their top concerns in regards to business resiliency, according to a Business Insurance study.

With innovation and investment in research and development continuing to grow in the tech industry, money isn't the biggest challenge for organisations looking to recruit the top cybersecurity talent, however, it can be an issue for other markets.

Organisations need to understand the impact of the cybersecurity talent shortage on business resilience, security, cloud computing and other IT functions—and the best ways to bridge the gap.

What are the main challenges of the cybersecurity talent shortage?

  1. Accountability – A recent Qualtrics survey found that 40% of respondents believe their organisation's leaders will hold IT teams accountable for cyber attacks or breaches. Security teams ranked second, at 23%. Given the accountability business leaders will likely place on IT and security teams, coupled with the talent shortage, businesses must find ways to do more with available resources.

  2. Specialism- As businesses increasingly move to a cloud-first, Software-as-a-Service (SaaS) computing infrastructure, it's been challenging for enterprises to find cyber talent with skills in this area. Often the expertise needed is in demand by other organisations, which makes these skilled professionals hard to snatch up. Similarly, companies face talent shortages in network architecture, too. A cloud-first strategy puts different strains on the network and requires a rethinking of methodology, a skill set not yet plentiful in the cyber talent pool.

  3. Communication skills - Being able to defend a technical recommendation based on tangible reasons that solve a business problem in writing or verbally is a very important skill in the industry, and while this may sound easy, it requires multiple skills that are rare to find in one person. Knowing the security implications with regards to the business problem being solved can significantly impact how resilient an architecture design is.

What can businesses do internally to combat the cybersecurity talent shortage?

  1. Leverage the latest AI/ML solutions - Behavioural analytics and artificial intelligence (AI) can help businesses do more with constrained resources. More security vendors will integrate AI into their products to improve prevention and detection capabilities, and more companies will look to use automated security products to alleviate the lack of human resources, skill levels and time.

  2. Upskill - One way to combat the cyber talent shortage is to help your current workforce develop new, or deepen existing, skills. Consider the shortage of skills in SaaS integration, for example. To help close the talent gap in this area, focus on further developing existing employees' skill sets. Determine the employees who would be the best fit for the integration platform and then cross-train them to the new technology. While this may initially slow your progress and lead to a few missteps, the payoff will outweigh initial setbacks and ramp-up required when onboarding new employees. You'll end up with a stronger team that's excited to learn new skills they can deploy in better serving the business.

  3. Stay in the loop – Maintain your awareness of what's happening in the IT industry and assess the changes happening that can make your IT environment more resilient and cost-effective. IT is constantly changing, so it's important to bring a positive mindset to the organisation that change and evolution are good.

  4. Encourage innovation - Team leaders should be forward thinking and consider how to best use new technologies to improve both the end-user experience as well as IT productivity and resiliency. This mindset to test new technologies in order to find new efficiencies opens the door to a Proof of Concept (PoC), which can be a way to investigate future technology options. The PoC gives employees both the excitement of being a part of a team testing new technologies and their opportunities, and a vision for how their skill set should progress to fit the new technology and goals.

  5. Track and promote career progression - To keep your team members engaged, focus on nurturing talent and promoting from within. As your team gains these new cyber skills, it's important to offer them new opportunities, too. You need to always be on the lookout for options to offer within your business. You can't be afraid of people moving on. You never know when you may have an opportunity to work with them again.