What’s causing the cybersecurity skills gap?
The proliferation of next-gen technology into mainstream society has been a boon for consumers, entrepreneurs, and business owners alike. Between the rise of mobile computing, the Internet of Things (IoT), and modern social media, our society is more connected than ever before.
But all of this technology presents some new problems, too. According to recent studies, the number of companies that report problematic shortages in the cybersecurity skills of their staff has increased steadily over the past several years. While approximately 23 percent of companies indicated such an issue in 2014, more than 50 percent face the same challenge today.
Additionally, recent reports show that, not surprisingly, 100 percent of tech companies view cybersecurity and privacy breaches as a risk, with 88 percent concerned about their ability manage their IT infrastructure, and 78 percent worried about how they’ll comply with data privacy regulations.
So what’s the problem with cybersecurity? What’s causing such a lack of know-how on such an important cause? Let’s take a look.
Primary causes
Some of the primary causes of the cybersecurity skills gap include:
1. Failure to collaborate
Cybersecurity is a collaborative responsibility that the whole company needs to get behind. Not only does a CEO or CISO need to maintain a comprehensive and versatile IT staff to take a proactive stance against hackers and cybercriminals, but they also need to open two-way lines of communication to address any problems before they get out of hand.
IT staff and cybersecurity researchers also needs to collaborate—with one another and with other professionals in the industry. Given the rapid evolutionary nature of the Internet and its related systems, it’s impossible for any one person—or even one team—to keep up with the day-to-day changes.
2. Lack of process standardization
Although cybersecurity isn’t a standardized job, the task of securing an online system from potential hackers can be automated. This isn’t to say that a company can get rid of its entire IT staff—in fact, it’s just the opposite. Not only are knowledgeable IT experts needed to usher in this standardization, but they’re needed to enforce it, too.
Cybersecurity standardization is achievable in multiple ways, including:
- Penetration testing: This lets IT staff members run their proprietary hacks and exploits against a system to ensure it is secure from outside hackers and unknown threats.
- Incident response: Standardizing an IT team’s incident response protocol makes sure everyone is on the same page and knows how to react if a breach does occur.
It’s a winning situation for everyone involved. Owners and CEOs gain comfort knowing that their investments are protected. IT teams get to use their tools and knowledge. And customers don’t have to worry about their personal information falling into the wrong hands.
3. Not enough training opportunities
There’s also a lack of training opportunities in the industry. Although this is an area that sees continual improvement, especially as more colleges and universities embrace areas of study such as big data, the IoT, and cybersecurity, academia still gets far outpaced by the desire, motivation, and sheer boredom that drive today’s hackers.
Potential solutions
Although it will take a concentrated effort to close the cybersecurity skills gap, society is progressing in the right direction. Companies explore and utilize several potential options, including:
1. Workforce investments
Some companies are increasing their investments in the human workforce to join the fight against cybercrime. According to recent studies, only 32 percent of organizations currently provide adequate training in IT security. The same study reveals that 86 percent of respondents do not spend enough capital on their internal training initiatives.
Other companies are hiring IT staff based on their potential instead of their actual past experience. This is a risky process, as working in cybersecurity requires technical acumen and the ability to adapt in the face of fast-paced changes, but some companies have had great success when hiring outside the box. Mathematicians, accountants, or even artists have been hired and deployed successfully to IT security or research teams. Such diverse expertise helps when examining problems from all possible angles.
Making investments to bring more women into the profession is another viable strategy. According to recent studies, female workers comprise only 11 percent of the entire industry workforce. Organizations such as Women in CyberSecurity and Women in International Security are both helping women gain a better foothold in an industry that is traditionally dominated by men.
2. The millennial generation
Millennials could be one of the best tools for fighting cybercrime. Not only are they already familiar with technology, but many of them are interested in entering and leading a tech-oriented career. According to recent surveys, 68 percent of respondents view themselves as technological innovators while 41 percent are early adopters of modern technology.
This spells good news for employers. Technological innovators are known for their outside-of-the-box thinking and proactive attitude toward next-gen technology. Some might come up with new utilities, tools, and methods to support the fight against cybercrime.
Early adopters are typically ahead of the curve when it comes to using new technology. They help by finding and popularizing new tools, and are often tech savvy enough to stave off potential scams and other social engineering tactics.
Unfortunately, the latest reports indicate that less than 10 percent of millennials are interested in making cybersecurity a long-term career. Other professionals predict that our current generation of IT experts is already starting to hit retirement age—a trend that will only make the skills gap worse within the next few years.
But the lack of millennial interest doesn’t stem from a lack of technical interest. Instead, millennials tend to embrace more “exciting” tech development careers, such as video game development, social media, engineering, and app development, to name a few. By repositioning cybersecurity as “cool,” recruiters and other hiring organizations might draw in a younger workforce ready to fight crime on the Internet.
3. Automating processes
Process automation is gaining a lot of steam in the cybersecurity niche. While it wasn’t long ago when data breaches and other incidents required a customized, manual resolution, the power of today’s machine-learning and AI-powered cybersecurity programs make manual intervention almost obsolete.
But human staff members still need to deploy and/or program these systems and monitor the processes they use. Not only does this give IT staff a position on the front lines in the fight against cybercrime, but it also gives them the opportunity to learn new concepts and technologies before many of their peers.
Minimizing the gap in the future
Companies will reduce much of the skills gaps if they divert more resources to building up cybersecurity research and IT teams, and plan ahead. This isn’t always easy—especially with the rapid and ever-changing nature of the development of IT in the 21st century. But there are some strong trends in place to help, starting with an overall increase in cybersecurity awareness over the latter part of the decade.
Roles such as the security analyst, security manager, and are almost always in demand—and they show no signs of slowing. Filling these roles with skilled, knowledgeable experts might not solve every IT problem—but it’s a good start.
*** This is a Security Bloggers Network syndicated blog from Malwarebytes Labs authored by Kayla Matthews. Read the original post at: https://blog.malwarebytes.com/security-world/2018/06/whats-causing-the-cybersecurity-skills-gap/