With the tech sector booming and unemployment rates low, cybersecurity talent can be hard to recruit and retain. Every company faces an ever-evolving onslaught from hackers in one form or another, which is no longer about when a breach happens but how often they happen. Resilient businesses have a laser focus on cyber security, all too aware of the negative impact a breach can, and does have. Even with an effective cyber security incident response plan in place finding the required skills and knowledge to deliver on that plan is far from easy.
A report by non-profit association (ISC)² revealed that the worldwide cyber security skills gap currently stands at almost three million (more than the population of Greater Manchester) exposing a serious shortage of talent working in the IT security sector. This equates to nearly 2/3 of businesses lacking the cyber security skills needed to keep threats at bay, which is concerning as 59% say their companies are at moderate or extreme risk of cyber-attacks due to the shortage.
C-suite executives say the inability to “identify and fill gaps in cyber talent,” along with the capacity to build a “cyber-savvy workforce,” are among their top concerns in regards to business resiliency, according to a Business Insurance study. With innovation and investment in research and development continuing to grow in the tech industry, money isn’t the biggest challenge for organisations looking to recruit the top cyber security talent, however it can be an issue for other markets. Organisations need to understand the impact of the cybersecurity talent shortage on business resilience, security, cloud computing and other IT functions—and the best ways to bridge the gap.
There are challenges and there are solutions to these challenges, and here is a collection of advice from experts across Sungard Availability Services on what they are.
The challenges
1. IT teams will be held accountable over the security experts
A recent survey that Qualtrics conducted on behalf of Sungard AS found that 40% of respondents believe their organisation’s leaders will hold IT teams accountable for cyberattacks or breaches. Security teams ranked second, at 23%.
“Given the accountability business leaders will likely place on IT and security teams, coupled with the talent shortage, businesses must find ways to do more with available resources,” says Shawn Burke, Global CSO at Sungard AS
2. It’s hard to find experienced cyber talent in SaaS integration and network architecture
“As businesses increasingly move to a cloud-first, Software-as-a-Service (SaaS) computing infrastructure, it’s been challenging for enterprises to find cyber talent with skills in this area,” says Chris Fielding, CIO at Sungard AS. “Often the expertise needed is in demand by other organisations, which makes these skilled professionals hard to snatch up,” she adds. Similarly, companies face talent shortages in network architecture, too. “A cloud-first strategy puts different strains on the network and requires a rethinking of methodology,” a skill set not yet plentiful in the cyber talent pool, Fielding says.
3. Strong communication skills are needed—but can be in short supply
“Being able to defend a technical recommendation based on tangible reasons that solve a business problem in writing or verbally is a very important skill in the industry, and while this may sound easy, it requires multiple skills that are rare to find in one person. Knowing the security implications with regards to the business problem being solved can significantly impact how resilient an architecture design is. Instead of the security stiff-arm that has been prevalent in the past, understanding the problem and what technology best addresses the concern and being able to succinctly communicate that as part of the design process is key,” says Todd Loeppke, Lead CTO Architect for Sungard AS.
The solutions
1. AI and machine learning can help
Behavioural analytics and artificial intelligence (AI) can help businesses do more with constrained resources. “I anticipate more security vendors will integrate AI into their products to improve prevention and detection capabilities, and more companies will look to use automated security products to alleviate the lack of human resources, skill levels and time,” Burke says. But too often, enterprises hire IT team members with a more generalised skill set and background, says Greg Cox, CTO Architect for Sungard AS. “Machine learning is a huge growth opportunity, and being skilled in AI will become a requirement for those working in areas of technology that are not purely hardware-focused,” he explains. The IT professionals most prepared for this shift will not only be proficient in AI but mathematics and general computer science work as well, Cox adds. “Improving critical thinking ability and pulling together individual components to create a higher-value offering, IT professionals can separate themselves from the pack and show their worth as a high-performing asset to the organisation.”
2. Focus on building team members’ skills
One way to combat the cyber talent shortage is to help your current workforce develop new, or deepen existing, skills. Consider the shortage of skills in SaaS integration, for example. To help close the talent gap in this area, focus on further developing existing employees’ skill sets. “Determine the employees who would be the best fit for the integration platform and then cross-train them to the new technology,” Fielding explains. “While this may initially slow your progress and lead to a few missteps, the payoff will outweigh initial setbacks and ramp-up required when onboarding new employees. You’ll end up with a stronger team that’s excited to learn new skills they can deploy in better serving the business.”
3. Keep your finger on the pulse
Stay focused on what’s happening in the IT industry and assess the changes happening that can make your IT environment more resilient and cost-effective, notes Fielding. “IT is constantly changing, so it’s important to bring a positive mindset to the organisation that change and evolution are good,” she says.
4. Keep exploring new technologies to keep teams engaged
“Team leaders should be forward thinking and consider how to best use new technologies to improve both the end-user experience as well as IT productivity and resiliency,” Fielding says. “This mindset to test new technologies in order to find new efficiencies opens the door to a Proof of Concept (PoC), which can be a way to investigate future technology options. The PoC gives employees both the excitement of being a part of a team testing new technologies and their opportunities, and a vision for how their skill set should progress to fit the new technology and goals.”
5. Promote from within
To keep your team members engaged, focus on nurturing talent and promoting from within. “As your team gains these new cyber skills, it’s important to offer them new opportunities, too,” Fielding says. “You need to always be on the lookout for options to offer within your business. You can’t be afraid of people moving on. You never know when you may have an opportunity to work with them again.”
Conclusion
There is nothing new about the skills gap, I suspect there was a time back in the 16th century when farmers couldn’t find enough people trained to use a scythe, impacting their ability to reap crops. However, the ubiquitous nature of IT has meant a lack of skills has broad reaching ramifications for businesses, individuals and governments. Its difficult to find someone today who isn’t aware of a breach that may have impacted them personally or professionally. The companies who don’t invest in securing and retaining the right talent are going to increasingly struggle to call themselves resilient.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.