Organizations Must Go Beyond Traditional Means of Recruiting Talent to Fill Security Roles
The uptick in cyber-attacks during the pandemic is well documented at this point. As ransomware, phishing, insider threats and other types of attacks rise, IT and business leaders are already anticipating an increased need for more cybersecurity professionals. The industry has been dealing with a skills gap for years now, but the silver lining in all of this is that for individuals looking to change careers or reskill, there is a lot of opportunity in cybersecurity.
The pandemic and the rise of cyber-attacks
The shift to remote work has become a tempting vector for bad actors to pursue. Security teams have observed a significant rise in cyber-attacks directly related to this shift. Threat researchers have noticed a surprising volume of new threats in a short period of time, as cybercriminals are the ultimate opportunists. Rather than let a crisis go to waste, bad actors capitalize on it with an agility that enterprises wish they had.
Remote work isn’t the only change that bad actors have been exploiting; there’s also the matter of FUD. It’s not news that cybercriminals will take advantage of fear, uncertainty and doubt, but we’ve seen that kicked into high gear over the past few months. It’s taking the form of campaigns related to COVID-19 targeting hospitals, medical equipment manufacturers and health insurance companies, leveraging the fact that there is a shortage of medical equipment and supplies.
The need for more skilled professionals
The global shortage of cybersecurity professionals exceeds 3.12 million – according to a study conducted by (ISC)2 – which means the global cybersecurity workforce must now grow at a staggering rate each year just to meet the growing demand for skilled talent. This issue has become even more critical with the transition to a remote workforce model. IT teams are stretched as they rapidly secure and scale their network to meet new demands.
In fact, some organizations have had to “repurpose” their cybersecurity staff to perform IT-related functions as the work-from-home shift occurred. And 23% of respondents to the COVID-19 Cybersecurity Pulse Survey say security incidents have increased, with some reporting that incidents have surged as much as 100%. Fifteen percent of respondents felt their IT security teams do not have the resources they need to support a remote workforce; another 34% said they do, but only for the short term.
Additionally, global shortages in talent can introduce risks, with a recent survey (PDF) showing that 73% of organizations had at least one intrusion/breach over the past year that was partially attributed to a gap in cybersecurity skills. Clearly, the need for skilled cybersecurity professionals is great – possibly the greatest it has ever been due to current circumstances.
Bridging the skills gap with artificial intelligence
One way many organizations are choosing to tackle their skills gap challenge is with high-tech automation solutions. Security technology powered by artificial intelligence (AI) is helping organizations strained by the lack of security personnel to quickly detect and respond to sophisticated threats. Organizations are able to help their limited security staff and fill critical voids by automating manual processes and threat alerts. While this is one way to address the talent shortage, organizations must also look to their current resources, including their teams, to fully address this issue.
New talent pools, new opportunities
While the pandemic and its worldwide ripple effect can seem all doom and gloom, an upside in all of this is that there are many career opportunities in the cybersecurity field. As the concept of remote work becomes the norm and infrastructures become more distributed, the need for IT professionals that have timely security skills and knowledge will only grow. In fact, roles such as data scientists, cyber-savvy law enforcement staff, or threat hunters will rise in need.
Employers and employees must find new ways to address this skills gap. Organizations must go beyond traditional means of recruiting talent to fill security roles. This includes focusing on individuals with technology certifications, recognizing that such certifications demonstrate needed cybersecurity knowledge and expertise.
Certifications can update and enhance collegiate studies for working professionals. They can also help non-traditional candidates – those without a technical background – transition into a cybersecurity career. By stressing the value of certifications, organizations can expand their talent pool to cover non-traditional candidates, degreed professionals from other fields, and other groups that may not have been considered in the past.
This includes veterans and their spouses. These workers typically demonstrate a strong work ethic and attention to detail, and are successful in fast-paced, high-stress environments – skills that complement the cybersecurity industry. Because they can play a vital a role in closing the cybersecurity skills gap, organizations can do more to recruit them, including investing in the appropriate resources to fully leverage their specialized skill sets with training programs and specific hiring processes.
Because the need is great and resources are scarce, some organizations are currently making free training available. It’s an ideal opportunity for organizations to upskill their employees and for all who are interested in cybersecurity to learn or add to their skills base.
Overcoming increased risk
With the pandemic creating a massive remote work shift and consequent rises in cyber risk, finding individuals with cybersecurity skills is harder than ever. This talent shortfall has caused measurable risk to organizations and opened the door wider for cybercriminals to operate unhindered. Employers and employees alike can help overcome this dilemma by making use of training and certifications – some of which are now free – and bring greater security to their organizations in the midst of these uncertain times.
Related: Cybersecurity Workforce Study Needs to be Taken with a Pinch of Salt
Derek Manky is chief security strategist and global vice president of threat intelligence at FortiGuard Labs. Derek formulates security strategy with more than 15 years of cyber security experience behind him. His ultimate goal to make a positive impact in the global war on cybercrime. He provides thought leadership to industry, and has presented research and strategy worldwide at premier security conferences. As a cybersecurity expert, his work includes meetings with leading political figures and key policy stakeholders, including law enforcement. He is actively involved with several global threat intelligence initiatives including NATO NICP, INTERPOL Expert Working Group, the Cyber Threat Alliance (CTA) working committee and FIRST – all in effort to shape the future of actionable threat intelligence and proactive security strategy.
More from Derek Manky
- How Next-Gen Threats Are Taking a Page From APTs
- Cybersecurity Public-Private Partnership: Where Do We Go Next?
- The Benefits of Red Zone Threat Intelligence
- Triple Threat: Insecure Economy, Cybercrime Recruitment and Insider Threats
- Malware Trends: What’s Old Is Still New
- Defeating the Deepfake Danger
- Stop, Collaborate and Listen: Disrupting Cybercrime Networks Requires Private-Public Cooperation
- Virtual Insanity: Protecting the Immersive Online World
Latest News
- Nigerian Pleads Guilty in US to Million-Dollar BEC Scheme Role
- 900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse
- City of Dallas Details Ransomware Attack Impact, Costs
- In-the-Wild Exploitation Expected for Critical TeamCity Flaw Allowing Server Takeover
- Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks
- Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware
- In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking
- China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
