Intelligent CIO Europe speaks to Marie Hattar, CMO for Keysight, who tells us how we can take steps to try and combat the cybersecurity skills shortage.
It’s official: 2017 was the worst year ever for cyberattacks globally according to the Online Trust Alliance. The number of cyber incidents, ranging from the massive WannaCry and NotPetya ransomware attacks, to huge data breaches at Equifax and Uber, doubled compared with 2016. So far, 2018 hasn’t been quite as bad, but there have still been many high-profile damaging breaches, such as those which affected Facebook and British Airways. It’s no surprise that the World Economic Forum’s Global Risks Report 2018 rated the potential damage from cyberattacks as the third-largest risk facing societies and the global economy today, behind extreme weather events and natural disasters.
One of the main reasons why cyberattacks are having such an impact is resourcing. Put simply, many organisations’ security teams are overstretched and getting overwhelmed because they don’t have enough skilled personnel to enable them to deal with current and emerging threats. In early 2018, a report by analyst ESG found that over half (51%) of enterprises have a problematic cybersecurity skills shortage. This has more than doubled since 2014 when ESG conducted similar research. The specialist careers website CyberSeek states there are currently over 300,000 unfilled cybersecurity jobs in the US alone and it’s predicted there will be 1.8 million unfilled security roles globally by 2022.
This shortage of experienced personnel manifests itself in several ways. It increases the workload of existing cybersecurity staff and leads to the hiring of junior personnel who require on-the-job training, rather than skilled pros. It also perpetuates the situation in which security teams only have the bandwidth to focus on firefighting problems and simply trying to ‘keep the lights on’ as best they can and don’t have the time to work on more strategic initiatives that would enable the business. Against the backdrop of a fast-growing array of cyberthreats, coupled with an increasing demand for secure Digital Transformation, it’s clear that the cybersecurity skills shortage poses a huge risk to organisations of all sizes, industries and geographies.
Education matters
To help drive awareness of this problem, one of the focus themes for the 15th annual National Cybersecurity Awareness Month (NCSAM) is ‘Educating for a Career in Cybersecurity’. It aims to highlight the opportunities to inform students of all ages, from high school to higher education and beyond, about cybersecurity as they consider their future career options and to motivate teachers and counsellors about the range of roles available in the sector. But how do we go beyond just creating awareness and take positive action?
Addressing the skills gap quickly demands action at all levels of education, because the problem isn’t just limited to the cybersecurity sector. According to the Smithsonian Science Education Center, 2.4 million science, technology, engineering, or maths (STEM) vacancies will remain unfilled in 2018. Seventy eight percent of US high school graduates don’t meet the required grade for one or more college courses in maths, science, reading or English. There is also significant under-representation of women and people from diverse ethnic groups in STEM roles. As such, the first challenge to overcome in closing the skills gap is increasing school students’ interest in relevant STEM subjects and building their skills.
This is why Keysight operates education programmes worldwide, to address this issue head-on with local, national and international projects. These involve direct school-support activities and running educational events targeting students from age nine upwards, to foster an early interest in STEM topics, show how these drive innovation and help to develop their problem-solving capabilities.
Aiming higher
Driving interest in STEM subjects shouldn’t stop when students leave high school, it needs to continue into higher education too, with established courses that provide a defined pathway into relevant careers for students of all ages. But there’s still some way to go here, as a 2016 cybersecurity skills report showed that just 7% of top universities internationally offered cybersecurity degree courses at undergraduate level and only one-third offered a Masters programme.
However, this situation is changing fast. Several universities and colleges are investing in new facilities offering cutting-edge education technologies, with the aim of enticing students onto cybersecurity courses.
The cybersecurity industry is also playing its part in creating opportunities to attract and develop new cybersecurity talent. Ixia, a Keysight company, established the international Cyber Combat competition, in which teams of students and cybersecurity industry professionals pit their skills against one another. These cyber war games have two main objectives: to present cybersecurity in an exciting and engaging context to students, and to enable current security pros to hone their skills and stay up-to-date on the latest tools and techniques in simulated cybersecurity attack scenarios. They also help contestants to understand the mindset of cyberattackers, which in turn makes them better at defence.
In conclusion, the security skills shortage will not be fixed overnight. After all, creating a threat hunter or cyber analyst with three years’ experience takes, well, three years. But by engaging students’ interest early and highlighting the extensive range of opportunities and rewards the industry offers, we can attract the new talent that’s required to help us keep pace with the growing cyber risk.
Click below to share this article