Integrating Cybersecurity - Addressing the Skill Gap

By making cybersecurity a priority rather than an afterthought, organizations can make the first step towards integrating cybersecurity practices into their organizations.

When we look at the number of organisations who have been affected by cyber threats and breaches, it is clear that ensuring data security in an increasing ‘digital-first’ world is nothing short of challenging. While digital transformation helps organisations develop a competitive edge, it also leaves organisations vulnerable to the focused and advanced cyber threats. Most face the problem of integrating cybersecurity measures into the working of their organisations. By making cybersecurity a priority rather than an afterthought, organisations can make the first step towards integrating cybersecurity practices into their organisations. For a successful digitally transformed organisation, it is crucial that cybersecurity experts actively participate in every step of the journey -- ensuring constant assessment or check-ins to avoid being caught off guard leading to costing the company millions at times.

In the light of recent cyber-attacks, organisations have highlighted the increase in the skills gap in the cybersecurity industry. According to a research by job site, Indeed, the need for cybersecurity job roles in between January 2017 and March 2018, have increased by 150%. According to an article in Cybersecurity Ventures, by 2021, fighting cyber crime will cost businesses globally, more than $6 trillion annually and there will be 3.5 million unfilled security jobs. This indicates a huge gap that requires to be filled as a global talent shortage is highly prevalent in the IT industry.

One of the many angles of data breach that companies everywhere face is the problem of “Insider Threat.” In any organisations, most of the workforce handle computers and electronic devices to input or extract data; this is where employees need to be trained according to cybersecurity best practices. According to a study by the non-profit group, ISACA, there will be a global shortage of two million cybersecurity experts by the end of 2019. But this cybersecurity shortage is not a recent affair. A survey by ESG shows that the percentage of the skills gap increases every year:

  • 2018-2019: 53 percent of organizations report a problematic shortage of cybersecurity skills
    • 2017-2018: 51 percent of organizations report a problematic shortage of cybersecurity skills
      • 2016-2017: 45 percent of organizations report a problematic shortage of cybersecurity skills
        • 2015-2016: 42 percent of organizations report a problematic shortage of cybersecurity skills

Cybersecurity cannot be and should not be the sole responsibility of the IT team, the entire organisation needs to recognise and understand the importance of cybersecurity. The approach to this gap is not by hiring a large workforce but by implementing strategies to increase the productivity of the present security team – turning analysts into “threat hunters”. The first step is to address level of security awareness amongst the employees. Security awareness along with the use of advanced analytics, comprehensive threat intelligence and automated threat detection and response ensures security analysts focus on more serious threats that threaten the organisation’s business.

Strengthening the workforce infrastructure by the use of necessary tools, intelligent investment, hiring the right people and well-designed apprenticeship programs is important for addressing the skills gap in cybersecurity.

Cybersecurity trainings and workshops for the organisation’s IT staff and new entrants to prepare them for the workforce is another approach to address the skills gap. IT personnel can be trained on cybersecurity and funding hands-on training in educational institutes can encourage the future employees.

Intelligent investment in security technologies built for automation, orchestration and response is important to ensure an organization is able to manage digital risk. While technical training is important, it is also important that employees align security with business requirements and that every red flag is reported to the decision makers. The alignment of security with business requirements is a part of soft skills training that is often overlooked by organisations. As much as investing in technical training is important, soft skills training needs to be brushed upon too and this can be done by imparting hands on experience and interactions with the business.   

We are moving towards a digital economy and cybercrimes are on a manifold increase. It is now the time to start a consensus on how as an organization, government body or infrastructure to realize the global need to put in a collective effort to bridge the skills gap in the realm of cybersecurity. Cybersecurity, therefore, is a collective responsibility which must be dealt with a comprehensive and responsible manner.


Tags assigned to this article:
cybersecurity Cybersecurity Skills

Advertisement

Around The World