Solving the Cybersecurity Talent Crunch Becomes Priority

Photo credit: iStockphoto/Kenishirotie

According to the latest report from Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT), it recorded significant hikes in Botnet and phishing website reports targeting financial organizations and enterprises in Hong Kong for 2019. Although there have been many technological advancements, such as artificial intelligence-enabled tools, to help businesses tackle the growing wave of threats, it's still an ongoing battle.

What is making matters worse for businesses is the global cybersecurity talent shortage. A recent report highlighted that the shortfall in cybersecurity professionals will hit 3.5 million—while the cost of cybercrime is expected to reach USD 6 trillion by 2021 for organizations worldwide.  

The lack of qualified cyber security talent is a burning issue that needs to be addressed, especially as more businesses continue to move their data and applications to the cloud and enable their employees to access business-critical information on their mobile or other device of their choice.  

Of course, businesses must invest in training their workforce talent to ensure that they are aware of the latest cyber threats and can do their bit to protect the organization.  

Crucially, it also means that businesses need to re-look at how they structure their IT operations, ensuring that they build a team of individuals dedicated to cyber-security.

Rather than trying to find new talent externally in the small (and shrinking) pool of cyber-security experts out there, businesses should look to train their existing members of their IT team, many of whom might embrace the challenge to learn about and specialize in cybersecurity to future-proof their skill set.

Identifying the right talent

Equipping the organization’s existing talent with much-needed cybersecurity expertise can often prove more valuable in ensuring that the business is protected rather than hiring new talent. This can start with an assessment to identify the top talent to be re-skilled, followed by a comprehensive training platform with ongoing re-training as new technologies, tools and threats emerge.

As the threat landscape is always evolving, it's imperative to retrain employees from time to time, not just internally but also give them access to external courses. Yet, 63% organizations are falling behind in providing training to their cybersecurity specialists. From a global research on cybersecurity workforce conducted by (ISC)2 in 2019, 51% of cybersecurity professionals said their organization is at moderate or extreme risk because of cybersecurity staff shortage.

Other initiatives can help to find and inspire new team members to join the ranks of cybersecurity experts and further boost in-house talent. Recruiting talent from operations, compliance or networking, offers a sustainable solution, as they are already aware of the offering, and can help bridge the gap between the cybersecurity team and the rest of the business.

Other initiatives could even include external competitions and networking events. For instance, the British intelligence agency, Government Communications Headquarters (GCHQ), introduced a virtual game to find talented hackers and recruit them as part of its cybersecurity task force. Players were required to protect a fictional company from a group of cyber criminals using secure code analysis skills.

Creating a cybersecurity ecosystem

Building cybersecurity skills and capabilities by collaborating with the wider business ecosystem and industry is another approach that organizations should consider.

One way to accomplish this is by incorporating cyber security training into services that businesses—such as ours—offer to their customers. Businesses should also explore the potential to ‘lend’ their security experts to education institutions that might not have the means to upskill their existing IT teachers on the latest threats. While cyber security experts have little motivation to swap a job with a six-figure salary for a classroom to train next-generation cyber security workers, collaboration like this can prove vital in cities’ and countries’ collective fight against cyber-crime.

Some well-established organizations also partnered with tertiary institutions to support and train students on the basics of cyber security, they were mentored by a diverse pool of industry experts and get opportunities to work on live projects through internships. The result: A 360-degree exposure to the world of cybersecurity, which gives students a solid understanding of the sector and can inspire many to pursue this as a career path.

Once they enter the industry, they are ready to be experts and help safeguard a business from threats from day one. Such partnerships, if practiced across the globe, help address cybersecurity challenges and nurture the talent of the future.

Tapping into emerging technologies

Artificial intelligence and automation tools can help reduce the burden on the existing cyber security team. Every organization needs to have a cybersecurity strategy that strikes the right balance between human and machine.

Incorporating automation into a company’s network, endpoint and intrusion monitoring workflow will allow employees to save time as the mundane, repetitive tasks, such as monitoring will be executed by machines. This will also increase the effectiveness and efficiency of employees, empowering them to perform better in their roles. The expertise of a managed security service providers (MSSPs) can complement this with services such as those performed by an advanced security operations center.

As the shortage of cybersecurity talent continues, organizations need to explore new ways—upskilling their existing workforce and leveraging the cutting-edge tools and the expertise of specialist service providers—to ensure they are protected against cyberthreats which are growing in volume and complexity.

Gauri Bajaj, director and the APAC head for managed security services at Tata Communications, authored this article. The views and opinions expressed in this article are those of the author and do not necessarily reflect those of HR&DigitalTrends. Photo credit: iStockphoto/Kenishirotie