Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyber Insurance

Bridging the Cybersecurity Skills Gap as Cyber Risk Increases

Organizations Must Go Beyond Traditional Means of Recruiting Talent to Fill Security Roles

Organizations Must Go Beyond Traditional Means of Recruiting Talent to Fill Security Roles

The uptick in cyber-attacks during the pandemic is well documented at this point. As ransomware, phishing, insider threats and other types of attacks rise, IT and business leaders are already anticipating an increased need for more cybersecurity professionals. The industry has been dealing with a skills gap for years now, but the silver lining in all of this is that for individuals looking to change careers or reskill, there is a lot of opportunity in cybersecurity.

The pandemic and the rise of cyber-attacks

The shift to remote work has become a tempting vector for bad actors to pursue. Security teams have observed a significant rise in cyber-attacks directly related to this shift. Threat researchers have noticed a surprising volume of new threats in a short period of time, as cybercriminals are the ultimate opportunists. Rather than let a crisis go to waste, bad actors capitalize on it with an agility that enterprises wish they had.

Remote work isn’t the only change that bad actors have been exploiting; there’s also the matter of FUD. It’s not news that cybercriminals will take advantage of fear, uncertainty and doubt, but we’ve seen that kicked into high gear over the past few months. It’s taking the form of campaigns related to COVID-19 targeting hospitals, medical equipment manufacturers and health insurance companies, leveraging the fact that there is a shortage of medical equipment and supplies.

The need for more skilled professionals

The global shortage of cybersecurity professionals exceeds 3.12 million – according to a study conducted by (ISC)2 – which means the global cybersecurity workforce must now grow at a staggering rate each year just to meet the growing demand for skilled talent. This issue has become even more critical with the transition to a remote workforce model. IT teams are stretched as they rapidly secure and scale their network to meet new demands. 

In fact, some organizations have had to “repurpose” their cybersecurity staff to perform IT-related functions as the work-from-home shift occurred. And 23% of respondents to the COVID-19 Cybersecurity Pulse Survey say security incidents have increased, with some reporting that incidents have surged as much as 100%. Fifteen percent of respondents felt their IT security teams do not have the resources they need to support a remote workforce; another 34% said they do, but only for the short term. 

Advertisement. Scroll to continue reading.

Additionally, global shortages in talent can introduce risks, with a recent survey (PDF) showing that 73% of organizations had at least one intrusion/breach over the past year that was partially attributed to a gap in cybersecurity skills. Clearly, the need for skilled cybersecurity professionals is great – possibly the greatest it has ever been due to current circumstances. 

Bridging the skills gap with artificial intelligence

One way many organizations are choosing to tackle their skills gap challenge is with high-tech automation solutions. Security technology powered by artificial intelligence (AI) is helping organizations strained by the lack of security personnel to quickly detect and respond to sophisticated threats. Organizations are able to help their limited security staff and fill critical voids by automating manual processes and threat alerts. While this is one way to address the talent shortage, organizations must also look to their current resources, including their teams, to fully address this issue.

New talent pools, new opportunities

While the pandemic and its worldwide ripple effect can seem all doom and gloom, an upside in all of this is that there are many career opportunities in the cybersecurity field. As the concept of remote work becomes the norm and infrastructures become more distributed, the need for IT professionals that have timely security skills and knowledge will only grow. In fact, roles such as data scientists, cyber-savvy law enforcement staff, or threat hunters will rise in need.

Employers and employees must find new ways to address this skills gap. Organizations must go beyond traditional means of recruiting talent to fill security roles. This includes focusing on individuals with technology certifications, recognizing that such certifications demonstrate needed cybersecurity knowledge and expertise.

Certifications can update and enhance collegiate studies for working professionals. They can also help non-traditional candidates – those without a technical background – transition into a cybersecurity career. By stressing the value of certifications, organizations can expand their talent pool to cover non-traditional candidates, degreed professionals from other fields, and other groups that may not have been considered in the past.

This includes veterans and their spouses. These workers typically demonstrate a strong work ethic and attention to detail, and are successful in fast-paced, high-stress environments – skills that complement the cybersecurity industry. Because they can play a vital a role in closing the cybersecurity skills gap, organizations can do more to recruit them, including investing in the appropriate resources to fully leverage their specialized skill sets with training programs and specific hiring processes.

Because the need is great and resources are scarce, some organizations are currently making free training available. It’s an ideal opportunity for organizations to upskill their employees and for all who are interested in cybersecurity to learn or add to their skills base. 

Overcoming increased risk

With the pandemic creating a massive remote work shift and consequent rises in cyber risk, finding individuals with cybersecurity skills is harder than ever. This talent shortfall has caused measurable risk to organizations and opened the door wider for cybercriminals to operate unhindered. Employers and employees alike can help overcome this dilemma by making use of training and certifications – some of which are now free – and bring greater security to their organizations in the midst of these uncertain times.

Related: Cybersecurity Workforce Study Needs to be Taken with a Pinch of Salt

Written By

Derek Manky is chief security strategist and global vice president of threat intelligence at FortiGuard Labs. Derek formulates security strategy with more than 15 years of cyber security experience behind him. His ultimate goal to make a positive impact in the global war on cybercrime. He provides thought leadership to industry, and has presented research and strategy worldwide at premier security conferences. As a cybersecurity expert, his work includes meetings with leading political figures and key policy stakeholders, including law enforcement. He is actively involved with several global threat intelligence initiatives including NATO NICP, INTERPOL Expert Working Group, the Cyber Threat Alliance (CTA) working committee and FIRST – all in effort to shape the future of actionable threat intelligence and proactive security strategy.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cyber Insurance

Cyberinsurance and protection firm Boxx Insurance raises $14.4 million in a Series B funding round led by Zurich Insurance.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Training & Awareness

Google has announced a new training program for cybersecurity analysts and those who graduate will get a professional certificate from Google.

CISO Strategy

The question for 2023 and beyond is whether the cyberinsurance industry can make a profit without destroying its market.

Cyber Insurance

MGM Resorts said costs from a disruptive ransomware hack has exceeded $110 million, including $10 million in one-time consulting cleanup fees.

Management & Strategy

750 cyber specialists have participated in Defence Cyber Marvel 2 (DCM2), the biggest military cyberwarfare exercise in Western Europe.

Cyber Insurance

Court says insurers must pay Merck for losses related to the Russia-linked NotPetya cyberattack.

Phishing

Security awareness training isn’t working to the level it needs to. Social engineering, however, is getting better. Why doesn’t awareness training work, and how...