The information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased.
I’ve examined the IT talent drought in several articles before, including in “The Cloud Talent Drought Continues (And Is Even Larger Than You Thought).” From a business security perspective, lacking cybersecurity expertise in today’s world is incredibly dangerous. Cybersecurity expertise has never been needed more as workforces remain remote through the rest of the year, and cyber threats continue to rise and grow more powerful.
Stretched to The Limit, Businesses Face New Challenges
The overall talent market has a noticeable shortage of advanced cybersecurity skills, and there are not enough resources across the board. It is an arduous task to find an experienced Security Analyst, Threat Researcher, Security Architect, Security Analyst or a Cloud Security Architect; it will typically take several months of searching and investment to fill positions like these.
On top of specializations, businesses must defend against threats in real-time, so they should recruit for a 24x7x365 cybersecurity team – adding a layer of difficulty to the hiring process. Cybercriminals do not take a break on weekends, nights or even Christmas Eve, and filling positions with a work schedule across all hours of the day, weekends and holidays is incredibly challenging.
Amid continued and increasing cloud growth, the implication of this skills drought is potentially catastrophic business failures. Stretched to the limit and facing constant turnover, companies risk fostering the following conditions:
- Existing cybersecurity staff is overworked and not set up for 24x7x365 incoming threats
- Inexperienced professionals are being asked to deliver on advanced security requirements
- Team and business are dependent on technology-based solutions without the expertise to manage them properly
Even though the lights have stayed on and things have worked (so far) for businesses functioning under these circumstances, it does not make it acceptable. Unfortunately, many operations continue to grow under these perilous conditions.
The More Things Change, The More They Stay the Same
2020 has been a challenging year on various fronts. Among those challenges are cyber threats across all industries, which continue to rise, accelerated by financial circumstances. Cyberattacks increased during the pandemic response and workforce shift. Research, hospital systems and healthcare industries endured severe cyberattacks, resulting in breaches, ransomware and outages – and the threats show no signs of slowing down.
Meanwhile, volumes of cybersecurity jobs sit, unfilled for months at a time, and companies haphazardly attempt to address these labor gaps by providing less-than-adequate training on the job with hopes that technology solutions can make up the rest – despite the demands of cybersecurity rapidly increasing and evolving.
If talent production continues at today’s pace, businesses will continue to fall behind. The New York Times projects a staggering 3.5 million unfilled cybersecurity jobs globally by 2021, increasing from one million such positions in 2014. And the situation might very well be worse than that.
Even if the industry were to produce a new security framework, it would take time to learn and prove itself, and businesses would find themselves even further behind. Unless there is a rapid influx of skills, the industry will continue to struggle with cybersecurity issues.
The Solution: Two-Pronged Counterattack
With the rise in nation-states, hacking groups, powerful easy-to-use tools, underground forums, and financial and disruptive motivations elevating the threat levels, the industry must emphasize a two-pronged counterattack:
- Skills Development: Businesses must invest in skills growth and development that keeps pace with emerging technologies. Skill growth is a mission-critical priority in all fields, including education, elected office, business leadership and cybersecurity.
- Third-Party Support and New Technologies: Businesses must leverage outside firms who specialize in cybersecurity and have 24x7x365 “eyes on glass,” coupled with Artificial Intelligence (AI) and Machine Learning (ML) technologies to sniff out and mitigate common as well as “Zero Day” threats.
Organizations must be resourceful, implementing these counterattacks in innovative, thoughtful ways. Approaches that have been proven successful to date include:
- Groom talent internally
- ‘Upskill’ and ‘reskill’ current staff (a tactic covered in detail in my article, “3 Steps To Address The Cloud Talent Drought”)
- Look outside traditional talent pools
- Roll out training programs for a broader base of employees
- Invest in outside managed security services to fill gaps and improve overall cybersecurity stance
Securing Today, Securing Tomorrow
The integrity of data, networks, devices and systems are critical to industry success. Businesses can rise to fight the current talent drought if the industry embraces an approach to fostering knowledge by leveraging the entire ecosystem. As the cloud continues to deliverable valuable success and advantages to businesses across the board, more workload migration can be expected, including application development, hybrid use cases and higher security needs. To secure a digital present and future, companies must adapt now, tightening their operations to deliver a more secure and reliable platform.