By 2022 there will be a 1.8 million worker shortage in the information security sector. It’s a huge problem when our dependency on technology is growing as are the frequency and creativity of cybersecurity threats. Cloud-based services, mobile devices, big data, and the internet of things also mean the footprint is expanding while the traditional network boundaries are dissolving. With it comes fresh challenges on how to keep data secure across all locations which is further compounded by the need for sufficient skilled resources and all at a time when there are significant resourcing challenges across the globe. Add to the mix the dreaded acronym that is GDPR and a plethora of global regulations on the horizon further heightens the need for more cybersecurity professionals.
So how do we overcome the huge shortage in skilled workers? Here are five tips you should consider.
Have a strategy
We know there is a skills shortage problem and it isn’t going away anytime soon. Two years ago 62 per cent of organisations reported having too few information security workers and that figure is now 66 per cent so it’s growing and therefore doing nothing is not an option. Cybercrime is a serious business and with little warning of new attacks, it’s hard for IT departments to keep up. There is no time to waste, now is the time for action. You need to have a plan and a strategy in place of how you’re going to fix it.
What’s your risk?
Hopefully, you’re at the stage where you have identified that this is an issue which needs to be resolved. In order to make a better-informed decision on where resource is needed you must review all areas of your business and prioritise which are most at risk and which need more focus. If you don’t have anyone internally to do this enlist the help of an external expert. Risk and security management are important areas for any organisation and as the threat landscape evolves, organisations must consider their current risk exposure in the context of other commercial objectives.
Strengthen with investment inside and out
The chances are that your internal IT team will already be well-versed in the basics of IT which means they will be the best placed people in your organisation to take on cybersecurity roles but they will still need additional training. Security experts should possess a blend of soft and technical skills; they need to be able to communicate effectively with non-IT colleagues and understand business processes, compliance and analytics.
Investing in training existing staff should be part of the long-term goal but with the rate at which technology changes it won’t be enough solve the problem. To ensure that your team has the full gamut of skills it will also be necessary to recruit security professionals to strengthen the team. Recruiting and managing teams also bring additional challenges including the time taken to recruit and fill each position. This coupled with regular training and certification requirements should all be given careful consideration and factored into the planning process.
Review recruitment strategy
The huge shortfall in cybersecurity workers is a serious problem and just 11 per cent of the global information security workforce is female. Typically, they are paid less and that’s despite them being more qualified than men at entry level which is leading to more incidents of discrimination being reported. More work is needed to diversify. Schools and universities need to think how they can change the macho image of cybersecurity to encourage more women to consider it as a career choice. Other aspects of its image also need to be reviewed; cybersecurity work must be promoted as work that really matters that offers a rewarding career path, job stability, good financial remuneration and a huge amount of job satisfaction.
Furthermore, we have already highlighted the fact that cybersecurity professionals need to possess non-technical skills so organisations should look beyond skilled workers to employees with people and business skills who can make a great contribution.
Outsourcing some or all of your security operations to a professional security services provider can go a long way to alleviating the increasing pressure on in-house resources. Managed service providers are experts; they not only have their fingers on the pulse of the global cybersecurity picture but they continuously monitor networks round the clock and take away the time consuming repetitive workloads leaving you to focus on managing your business. The decision to select a third party can provide access to knowledge, systems and people that would rarely be achieved in-house.
With the threat landscape advancing at such a pace it’s difficult for organisations to keep up. Skilled workers are in short supply and more attention is needed to educate and attract people coming into the profession but it’s unlikely to suffice in the timescale. You need to give careful thought to your cybersecurity strategy and make the important decision of whether to outsource some or part of your security operations to a trusted advisor or make do with what you have internally.
This article is from the CBROnline archive: some formatting and images may not be present.