Story image

How businesses should handle cybersecurity skill shortage - Sungard AS

05 Mar 2019

Article by Sungard Availability Services Europe & India senior vice president Chris Huggett

A report by non-profit association (ISC)² revealed that the worldwide cyber security skills gap currently stands at almost three million, exposing a serious shortage of talent working in the IT security sector.

This equates to nearly two out of three businesses lacking the cybersecurity skills needed to keep threats at bay, which is concerning as 59% say their companies are at moderate or extreme risk of cyber attacks due to the shortage.

With the tech sector booming and unemployment rates low, cybersecurity talent can be hard to recruit and retain.

Every company faces an ever-evolving onslaught from hackers in one form or another, which is no longer about when a breach happens but how often they happen.

Resilient businesses have a laser focus on cybersecurity, all too aware of the negative impact a breach can and does have.

Even with an effective cybersecurity incident response plan in place finding the required skills and knowledge to deliver on that plan is far from easy.

C-suite executives say the inability to “identify and fill gaps in cyber talent,” along with the capacity to build a “cyber-savvy workforce,” are among their top concerns in regards to business resiliency, according to a Business Insurance study.

With innovation and investment in research and development continuing to grow in the tech industry, money isn’t the biggest challenge for organisations looking to recruit the top cybersecurity talent, however, it can be an issue for other markets.

Organisations need to understand the impact of the cybersecurity talent shortage on business resilience, security, cloud computing and other IT functions—and the best ways to bridge the gap.

What are the main challenges of the cybersecurity talent shortage?

  1. Accountability – A recent Qualtrics survey found that 40% of respondents believe their organisation’s leaders will hold IT teams accountable for cyber attacks or breaches. Security teams ranked second, at 23%. Given the accountability business leaders will likely place on IT and security teams, coupled with the talent shortage, businesses must find ways to do more with available resources.

  2. Specialism- As businesses increasingly move to a cloud-first, Software-as-a-Service (SaaS) computing infrastructure, it’s been challenging for enterprises to find cyber talent with skills in this area. Often the expertise needed is in demand by other organisations, which makes these skilled professionals hard to snatch up. Similarly, companies face talent shortages in network architecture, too. A cloud-first strategy puts different strains on the network and requires a rethinking of methodology, a skill set not yet plentiful in the cyber talent pool.

  3. Communication skills - Being able to defend a technical recommendation based on tangible reasons that solve a business problem in writing or verbally is a very important skill in the industry, and while this may sound easy, it requires multiple skills that are rare to find in one person. Knowing the security implications with regards to the business problem being solved can significantly impact how resilient an architecture design is.

What can businesses do internally to combat the cybersecurity talent shortage?

  1. Leverage the latest AI/ML solutions - Behavioural analytics and artificial intelligence (AI) can help businesses do more with constrained resources. More security vendors will integrate AI into their products to improve prevention and detection capabilities, and more companies will look to use automated security products to alleviate the lack of human resources, skill levels and time.

  2. Upskill - One way to combat the cyber talent shortage is to help your current workforce develop new, or deepen existing, skills. Consider the shortage of skills in SaaS integration, for example. To help close the talent gap in this area, focus on further developing existing employees’ skill sets. Determine the employees who would be the best fit for the integration platform and then cross-train them to the new technology. While this may initially slow your progress and lead to a few missteps, the payoff will outweigh initial setbacks and ramp-up required when onboarding new employees. You’ll end up with a stronger team that’s excited to learn new skills they can deploy in better serving the business.

  3. Stay in the loop – Maintain your awareness of what’s happening in the IT industry and assess the changes happening that can make your IT environment more resilient and cost-effective. IT is constantly changing, so it’s important to bring a positive mindset to the organisation that change and evolution are good.

  4. Encourage innovation - Team leaders should be forward thinking and consider how to best use new technologies to improve both the end-user experience as well as IT productivity and resiliency. This mindset to test new technologies in order to find new efficiencies opens the door to a Proof of Concept (PoC), which can be a way to investigate future technology options. The PoC gives employees both the excitement of being a part of a team testing new technologies and their opportunities, and a vision for how their skill set should progress to fit the new technology and goals.

  5. Track and promote career progression - To keep your team members engaged, focus on nurturing talent and promoting from within. As your team gains these new cyber skills, it’s important to offer them new opportunities, too. You need to always be on the lookout for options to offer within your business. You can’t be afraid of people moving on. You never know when you may have an opportunity to work with them again.

Voter vulnerabilities: Cybersecurity risks impact national elections
The outcome of elections have an enormous impact on the political and cultural landscape of any democratic society. 
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."
Forget endpoints—it’s time to secure people instead
Security used to be much simpler: employees would log in to their PC at the beginning of the working day and log off at the end. That PC wasn’t going anywhere, as it was way too heavy to lug around.
DimData: Fear finally setting in amongst vulnerable orgs
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are also the most prepared to deal with the ever-evolving threat landscape.
IXUP goes "post-quantum" with security tech upgrade
The secure analytics company has also partnered with Deloitte as a reseller, and launched a SaaS offering on Microsoft Azure.
Infoblox appoints channels head for A/NZ
Kenneth Cartwright’s appointment extends Infoblox’s position in secure cloud-managed network services throughout the region.