Navigating the cybersecurity skills shortage: Joseph Zhou, Linode
By Joseph Zhou
Cybersecurity concerns have been making more and more headlines as of late. According to the Indian Computer Emergency Response Team (CERT-In), over 6.74 lakh cyber security incidents were reported in India in the first six months of 2022. From ransomware infections to crypto mining on compromised accounts, most security mishaps can be traced to human error. As employees feel overwhelmed and overworked, mistakes such as cloud misconfigurations or leaving data cache permissions open are bound to happen. Yet as the world seeks out more cyber expertise to help, the security skills gap only continues to grow.
Today, cybersecurity is a $1 trillion problem that underscores the importance of recruiting, hiring, and developing cybersecurity talent. The once-thriving IT industry now views talent as the most significant barrier (65%) to adopting emerging technology, including AI, big data, IoT, cloud computing, cybersecurity, robotics and more and it is estimated that the demand for these technologies will rise 20-fold by 2024.
As everyone feels the pain of this immense crunch, what can companies do to secure the talent they desperately need? It comes down to making two key changes: getting more open-minded with how they identify and develop talent, and assigning some of their cybersecurity maintenance to managed services providers. According to a report by Global IT association ISACA, 60 per cent of the organisations have unfilled cybersecurity positions and that 42 per cent of the organisation’s cybersecurity team is understaffed.
Two Shifts to close the Skills Gap
Much like many of today’s shortages, the cybersecurity talent dilemma comes down to a simple supply and demand equation. According to a Nasscom-Data Security Council of India (DSCI) report, the employee base of the cybersecurity services industry surged from 110,000 in 2019 to 218,000 in 2021, owing to the immense demand for cybersecurity professionals. It will touch 305,000 by 2022. Given the scale of digital adoption and the exponential increase in risks online in the last couple of years, in general for both consumers and enterprises, the cybersecurity industry is bleeding for talent and experience needed to man their cybersecurity infrastructure and drive their risk compliance requirements.
While the demand for security skills is at an all-time high , there is an insurmountable scarcity of talent that possesses those skills, which include multiple security domains, specialized cloud ops and security, networking, compliance setups, and DevSecOps knowledge. As the demand for these skills continue to outpace available talent, it’s time for companies to rethink how they hire and facilitate internal growth. With the increasing and evolving threats, it is important to upskill the current workforce, create customised courses specific to cybersecurity, and ensure that the entire ecosystem — industry, academia and professional — stays updated on the latest in cyber threats.
Similarly, it’s wise to invest in internal development, too, training promising internal talent on lacking skills instead of searching for external hires. In tandem with shifting hiring and employee growth approaches, companies also need to shift their mindsets. Too many smaller companies see improving cybersecurity as a down-the-road concern — they assume breaches only happen to big-name firms, and so they focus on growth and prioritize product updates instead. But SMBs are not immune to being targeted by cyberattacks.
Companies don’t have to go it alone when it comes to cybersecurity. It can be a shared responsibility, with vendors playing a role in ensuring that companies get the protection they need to keep compute instances and data safe. SMBs that already rely on managed service providers to set up or operate their cloud ecosystem can close the skills gap by capitalizing on their providers’ security capabilities, too. An effective managed services provider can shoulder the weight of securing systems and networks, offer guidance and training from certified professionals, managing security updates, maintaining backups, and meeting compliance requirements, too.
Don’t Wait for New Talent — Prioritize Cybersecurity
Navigating the talent shortage requires companies to look both inward and outward. Internally, a greater focus on development and training is essential for helping security teams grow their knowledge and skills. But externally, there’s work to be done, too. From how they hire to how they lean on managed service providers, companies have opportunities to change the shortage status quo in meaningful ways. A critical success factor of the security leaders’ job is centred around minimizing the critical talent gap through methodically designed security talent incubation and development programs, and engaging security-minded professionals from other business functions or security service providers. The cybersecurity talent shortage isn’t going anywhere — don’t let that make your business vulnerable to threats.
The author is Senior Director of Information Security at Akamai [Linode]
Disclaimer: The views expressed are solely of the author and does not necessarily subscribe to it. shall not be responsible for any damage caused to any person/organization directly or indirectly.