Today’s threat landscape continues to grow in both frequency and sophistication. As the attack surface continues to present a greater threat to businesses and organisations across sectors, the well-versed and highly-skilled cybersecurity professionals needed to combat this widening attack surface are in short supply. In fact, 3.5 million global cybersecurity jobs are estimated to remain open by 2021.
Addressing the cybersecurity skills gap is a multifaceted and complex issue. While cybersecurity professionals are some of the most highly-sought-after individuals across industries, many of these jobs remain unfilled as organisations seek experienced IT candidates that have a specific background in security.
While today’s businesses and organisations can leverage a variety of solutions to maintain an effective security posture, to truly solve the problem, the cybersecurity industry needs to look toward the future—more specifically, the future of cybersecurity education. To help fill this skills gap, organisations need to establish or reinvigorate their training and education programmes to create new talent in the field.
The wider issues contributing to the skills gap
According to the latest studies, in Europe alone the cybersecurity skills gap will grow to 350,000 workers by 2022. This comes at a time when threats are becoming more sophisticated and the stakes in terms of regulatory punishment have never been higher. With GDPR having come into effect this past May, organisations are more closely evaluating their security solutions and processes than ever before in order to maintain compliance and avoid costly penalties.
With cybersecurity professionals in such high demand, those with the skills and experience that organisations seek are being offered high salaries. This means that it is often only the largest organisations that can afford to fill these roles, pricing smaller businesses out of the market.
In contrast, the few applicants trickling out of universities have deep theoretical skills, but few have been seasoned on the front lines of a real-world security environment. Other applicants may have a handful of certifications, but are almost always junior-level operators without the confidence needed to deal with the stress of managing a live environment, especially during an active attack.
Despite this trend, many organisations remain unwilling to invest in cybersecurity training programmes or hire entry-level candidates without prior experience. Regular staff turnover has organisations viewing investments in cybersecurity training programmes for IT professionals as a waste of resources, increasing their desire to hire candidates with experience and training under their belts.
This strategy is, of course, unsustainable. Instead, to close the skills gap, organisations and academic institutions must take proactive measures.
Addressing the skills gap via expanded education
One of the most promising ways to do this is by starting from the ground up and adding cybersecurity curriculums to schools and opening learning institutions dedicated to teaching this trade.
The cybersecurity field has a zero per cent unemployment rate and offers competitive compensation – two features that make it a desirable option for students entering college. Children should be introduced to the field as early as high school, and have ample opportunities for gaining knowledge and basic skills throughout primary and higher education. In some instances, entire institutions are being devoted to cybersecurity, such as the National College of Cybersecurity opening in the UK.
Organisations can also be proactive in promoting cybersecurity programmes on campuses by hosting career talks and attending career fairs. Additionally, they can leverage programmes to give students hands-on training in the field. For example, organisations can work with academic institutions and non-profits to provide training and certification opportunities to interested students.
Gaining such experience early on is crucial, as 52 per cent of organisations say practical, hands-on experience is the most important skill, with 7 in 10 stating security certifications are more useful than security degrees.
Aside from training students and the next-generation workforce, cybersecurity is a viable career option for those looking to change careers or those re-entering the workforce after an absence. For example, cybersecurity training and certification programmes should be open to veterans and those seeking return-to-work programmes. This can also help to close the gender gap in the industry, as 90 per cent of return-to-work candidates are women, while the cybersecurity industry consists of just 11 per cent women.
Finally, organisations can invest in their own employees who already have technical skills and backgrounds by providing them with cybersecurity specific training and continuing education. By enrolling members of their IT teams in this or similar programs, organisations can help fill security talent shortages from within their own employee pool.
Mitigating the cybersecurity skills gap’s impact
The evolution of modern cyber threats has made the impact of this skills shortage even more pronounced. As cybercriminals continue to make technological leaps forward both in terms of the sophistication and volume of attacks, IT departments are finding it increasingly difficult to keep up. Cybercriminals continue to up their game by adopting automation and machine learning to more quickly identify weaknesses in network security, carry out complex attacks, create malware that can detect and evade security devices, and shorten the time between breach and compromise.
Having to defend against an ever-widening attack surface with limited resources makes it difficult to maintain an effective security posture unless alternative solutions are in place that can mitigate the shortage’s impact. Automating threat analysis with an integrated security solution simplifies threat analysis and provides threat detection in real-time across the attack surface, which is critical for meeting today’s threat landscape challenge.
Training requires time. For organisations needing to alleviate the impact of the cybersecurity skills shortage immediately, being able to automatically detect and mitigate the damage of cyberattacks is crucial. From the moment a vulnerability is exploited, every second counts. Having the capability to detect and then outpace the attack itself can level the playing field for organisations experiencing a skills shortage.
Addressing the cybersecurity skills gap directly is a complex issue that will require a long-term strategy and commitment from businesses, educators, cybersecurity professionals, and even governments. Organisations cannot continue to hope that candidates who meet strict requirements will come along if they are not proactive in promoting and offering training. This is why academia and organisations must work together to invest in cybersecurity training and curriculums that will prepare prospects for this high-demand field.
Paul Anderson, Head of UK and Ireland, at Fortinet
Image Credit: Duncan Andison / Shutterstock