The way information technology is breaking barriers and ushering the world into an advanced era is simply unprecedented. We are in an Internet revolution that is paving the way for today’s IT giants that were seemingly inconceivable just two decades ago. Amazon, Facebook, Google, Oracle, and even Elon Musk wouldn’t have been able to do great work without this revolution.
On the other hand, these advances have also given birth to a new menace – cybersecurity threats including cyberattacks and hacking. Today’s IT infrastructure can wreak havoc and put the lives of ordinary people in danger. Virtually everyone uses the Internet and social media in one way or the other, which puts their privacy at the mercy of hackers.
The IT skills gap appears to be making matters worse by potentially irrevocably hampering businesses, organizations, and even economies. So the key question is how is this IT skills gap causing cybersecurity risk and how can we tackle it?
According to a recent report by Kaspersky Labs, 360,000 malicious files are detected daily, and about 92% fall into the malware category. These cyberattacks are growing in number and sophistication with each passing year. Worse still, the world’s business infrastructure is increasingly connected, which will raise the annual cost of counteracting cybercrime and data breaches. Businesses will struggle to secure the talented individuals they need to protect their organizations.
How is cybersecurity a grave risk?
According to a 2016 Information Systems Audit and Control Association (ISACA) report, it takes as long as six months for 53% of organizations to hire a qualified security candidate. According to the 2017 ISACA report, 20% of organizations receive fewer than five candidates for each advertised security position. In another survey, by International Information System Security Certificate Consortium (ISC)², 51% of companies believe their systems are unprepared to defend against a cyberattack. It also revealed that widespread underfunding in training in-house IT talent is contributing to the critical cybersecurity skills gap.
Weak cybersecurity is also a serious concern for governments, as they are invariably exposed to cyber espionage, such as interference with elections (as was reported about the alleged interference of Russia in the 2016 U.S. presidential elections). Healthcare, transportation, power, and internal security are other key areas that could be severely affected by a cyberattack. Even individuals, who usually lack cybersecurity awareness, are at risk since cybersecurity threats (like the recent “Wanna Cry” ransomware attack) bring up issues of personal privacy, financial fraud, and personal data abuse. Emerging technologies such as the Internet of Things (IoT), artificial intelligence (AI), virtual/augmented reality (VR&AR), and automation require equally advanced technical skillsets to harness their potential without any risk.
The hacker industry is carrying out grave and innovative cybercrimes that can have serious ramifications. Cyber-activism is one such trend that is affecting businesses and finances. Cyberactivists work to shut down companies’ online operations as a form of protest against their business practices. PayPal and MasterCard have been attacked in this way. Some e-commerce companies have closed their online stores out of concern that they cannot adequately protect against these threats.
Four strategies to plug cybersecurity gaps
The demand for cybersecurity professionals by many industries is increasing to shore up the informal strategies and resources currently in place. The following steps could help plug cybersecurity gaps:
1. Provide proper training
If we look closely, the IT skill gap is not about lack of training, but lack of correct training and poor application of training. Plugging this gap requires a mix of niche expertise and real-world experience. Training must have some realistic components, not just theoretical knowledge. For example, it will always yield better results if the training is conducted in a real work environment.
2. Encourage institutions to step in
One way to improve cyber safety is to encourage K-12 schools and universities to include cybersecurity within their curriculum. Young school kids are widely using iPhones and playing highly interactive games on the Internet. But are they educated on the basics of cybersecurity? Universities and schools are the breeding ground for talent development and acquiring deep skill sets. In this regard, advanced IT and cybersecurity literacy must not be considered a “good to have,” rather as a “need to have” within the educational setting.
3. Invest in technology to fill the gap
Today, there is a growing need for high-end technological skills among job candidates. Professionals should prioritize attaining certifications including CCNA (Cisco), MCSE (Microsoft), CISSP, CEH, CompTIA Security+, and Linux. Also, businesses should invest more in cybersecurity and update their security tools to fill the gaps. E-commerce businesses, especially, need to use better system administration services to protect their and their users’ data.
4. Encourage competence with financial support
Governments should not ignore the need to build cybersecurity talent in their regions. According to a study, 76% of IT decision-makers from around the world believe their government is not investing enough in cybersecurity. Every country in the world needs to develop and implement a national cybersecurity strategy and encourage competence by funding initiatives to sustain these processes. Live hacking competitions (hackathons) and cyber-competition games could be highly productive ways to develop cybersecurity skills.
An international issue
There is a clear gap between the supply of skilled IT professionals and the demand for their talents. To meet the needs of the 21st-century digital landscape, skills and expertise must be reinforced. Much has been said about cybersecurity risks and their possible consequences for individuals, business, and economies. It’s time to act, tackle challenges, and address the cybersecurity skills gap.
Learn more about The Future of Cybersecurity: Trust as Competitive Advantage.