As organizations leverage technology to grow business and reduce costs, they expose themselves to a variety of security risks. To successfully execute their digital transformation journey without being vulnerable to system, network or program breaches, having a talented cybersecurity team has become all-important.
- Preventing any security risks and foreseeable breaches
- Preparation of infrastructure and training employees
- Quick detection of breaches, if any
- Immediate response to breaches, if any and
- Recovery from the event of a breach
By 2022, worldwide security spend is projected to increase to $133.7 Billion.[2] Businesses across the globe are on-the-run to build teams capable enough of fighting the cybersecurity war. As demand continues to rise, there is a significant and growing shortfall of talent with 99.82% of employers reporting shortage of cybersecurity talent[3]. In addition, 3.5 Million cybersecurity jobs are projected to be left unfilled by 2021[4].
Consequently, businesses are using under-skilled IT/Network professionals to deal with security concerns. With an availability-first mindset instead of a security-first outlook, these teams end up prioritizing uptime instead of security.
The top 5 things businesses can do to deal with this crunch in talent quality and quantity
Lack of cybersecurity talent is a systematic issue with its roots lying in the formal educations system. (Only 42% of the top 50 Computer Science schools in the US offer more than 2 electives in cybersecurity. Less than 6% of hackers claim to have learnt hacking in a classroom[5]). To incorporate a structural change will require both time and effort:
- Work with schools to promote cybersecurity as a mainstream profession.
- Incorporate strategic workforce planning to improve employee retention by offering them defined and clear career paths and on-the-job satisfaction.
- Invest in Automation to shift non-essential tasks to RPAs and optimize talent utilization
- Host apprenticeship programs to engage with budding students and build their interests in this field.
- Organize Hackathons to identify talent and potentially hire people.
As companies take the long road and address the root cause of the issue, they can also take measures for short-term relief:
- Rewrite the definition of talent – instead of looking for talent who know cybersecurity, companies should look for people who can be taught cybersecurity. While hiring candidates, their aptitude and attitude towards work should be alternate skills to take note of.
- Broaden the path to recruitment – organizations are looking for talent in the wrong places. Instead of looking for university degrees, certifications like CEH (Certified Ethical Hacker) should be looked for. 80% of hacking talent is self-taught and do not hold formal degrees in the domain. [6]
- Capitalize on the growing ethical hacker base – the white-hat ethical base is growing rapidly. Many companies like Tesla, Google and Facebook actively use this growing population to strengthen their cybersecurity systems. To do this, the ethical hackers are made to participate in bounty hunts. They are challenged to break into the firewalls of the organizations and are rewarded for finding weaknesses or leakages.
In conclusion, cybersecurity and data integrity have become critical for business longevity. A single attack is capable of tarnishing both financial stability and goodwill of a business. Business leaders must respect the challenge and act swiftly to deal with it.
[1] Study shows hacker attacks are as frequent as once every 39 seconds
[2] Worldwide cybersecurity spending to exceed $124 Billion in 2019
[4] NY Times – mad dash to find a cybersecurity force
[5] Cybersecurity skill gap won’t be solved in a classroom
Listen to a podcast on the talent crunch in information-security here!
