The cybersecurity skills gap continues to widen. According to the recent Global Information Security Workforce Study from ISC(2), there will be 1.8 million unfilled jobs in this field by 2022 – an increase from the 2015 estimate of 1.5 million by 2020.
No wonder then, that Cyber Security Month’s theme this week is all about skills – supporting people with gaining cybersecurity skills through training and education.
As a global specialized security company, NTT Security regularly witnesses the rapidly increasing global demand for cybersecurity professionals. It’s a threat in itself that must be taken seriously.
Why? The first and most obvious reason is that cyberattacks are occurring more frequently and with greater sophistication, as revealed by our latest Global Threat Intelligence Center (GTIC) Threat Intelligence Report.
Second, the General Data Protection Regulation (GDPR) is imposing data breach notification rules on organizations, which means data controllers must report all breaches to regulators within 72 hours of becoming aware of an attack.
This urgently calls for businesses to be better prepared for the growing attacks and to be able to respond quickly and efficiently should the worst happen.
New attacks spread quickly across the hacker community however, making it difficult for over stretched IT departments to keep up. In fact, the Global Information Security Workforce Study (GISWS) by Frost & Sullivan highlighted configuration mistakes and oversights as a material concern and indicated that remediation time following system or data compromise is steadily getting longer.
Equally concerning is that the number of organizations with formal incident response plans in place is not rising year on year. Our Risk:Value 2017 Report indicates that 52% of organizations globally do not have an incident response plan in place and there’s no significant increase in this figure over the past 12 months.
The net effect? Internal teams are providing a reactionary role rather than proactively addressing the wider problem. Fewer skilled professionals means that organizations will continue to struggle to do anything beyond keeping the lights on.
Employers around the world therefore need more resources to manage this – and that means growing the next generation of skilled cybersecurity professionals. These must include people with compliance and forensic skills, industry expertise, incident handling experience, an understanding of mobile security demands, experts in cloud security and people with the analytical skills and experience to see what others might miss.
Existing employees with people and business skills can make a great contribution – the ability to listen, empathise and de-mystify cybersecurity is key to helping organizations make informed decisions. Recruiters and HR departments should take note.
And there’s the growth in millennial workers. With 50% of millennials set to make up the global workforce by 2020, employers are looking to recruit young people to fill the cybersecurity skills gap. Yet millennials aren’t going into the field – largely due to their lack of awareness of cybersecurity as a potential career and that the industry attracts people with non-technical backgrounds as much as those with technical backgrounds.
Employers therefore need to look beyond traditional recruitment practices, value workers from diverse backgrounds and better understand what motivates their workforce. There’s a disconnect between a manager’s expectations and what a new recruit requires for a successful career and it’s a gap that needs to narrow if the anticipated global skills shortage is to be addressed.
Recruiting and managing a team of security professionals brings its own challenges though. There’s the obvious cost of recruitment and the length of time it takes to fill each position. Plus the requirement to train the team and keep skills and certifications up-to- date. And when people leave, there’s the challenge of starting the process over again.
An immediate solution would be to outsource some or all of an organization’s security operations to a Managed Security Services (MSS) provider, which can help alleviate the problem of there not being enough resources in-house.
MSS providers like NTT Security are equipped to keep their fingers on the pulse of current and next generation threats, and they also have access to regional and global threat intelligence. This enables businesses to be proactive and keep one step ahead of the game, rather than simply reacting to what has already happened.
The bottom line? Don’t go it alone. The skills gap is very real and, in a world with increased threats and new regulations to contend with, organizations should work with an MSS provider that understands how and where to find the right experts, invests in training, improves professional qualifications and continuously monitors networks round the clock, every day of the year. Working this way will take all the time-consuming and repetitive workload away, leaving you to get on with managing your business.