Corner OfficeCXO Bytes

Addressing the skills shortage with an assertive approach to cybersecurity

reskilling

Year on year, cyber-attacks continue to become more sophisticated and more frequent. Attacks on industries such as healthcare, finance and education are becoming the most notable, with effects that can be devastating. In 2021, the education and healthcare sectors were the most targeted by hackers, with 75% and 71% more attacks from the previous year respectively.

 

All sectors must stop treating cybersecurity as an afterthought and be proactive in the fight against cyber-threats. Organizations should review the options available for preventing these detrimental attacks, while combating the cybersecurity skills shortage prevalent within all industries.

 

Preparation is essential in the fight against cybercrime, and all industries need to be keenly aware of the strategies that must be implemented. With 30,000 websites being hacked every day, organizations can no longer continue to play catch-up with reactive measures after an attack has taken place; investment in staff and their training, alongside the latest technologies is vital to ensure a safe and secure system.

 

Closing the training gap

All too often, businesses do not see investing in security strategy and technologies as a priority – until an attack occurs. It might be the assumption that only the wealthiest industries or those with highly classified information would require the most up-to-date cybersecurity tactics and technology, but this is simply not the case. All organizations need to adopt a proactive approach to security, rather than having to deal with the aftermath of an incident. By doing so, companies and organizations can significantly mitigate any potential damage.

Traditionally, security awareness may have been restricted to specific roles, meaning only a select few people having the training and understanding required to deal with cyber-attacks. Nowadays every role, at every level, in all industries must have some knowledge to secure themselves and their work against breaches. Training should be made available for all employees to increase their awareness, and organizations need to prioritize investment in secure, up-to-date technologies to ensure their protection.

 

Hackers can access data via unsuspecting employees, for example via phishing emails, but the risks of an attack can be reduced if staff are empowered with tools and knowledge to combat these threats. For example, employees can be trained to identify and respond to harmful and misleading emails, without putting the organization’s data at risk. However, businesses should not see this as a quick fix for skill shortages, even if it can take many years to train someone to become a competent and qualified cyber security engineer.

 

Investing in people, as well as platforms

Within the U.S. alone, the Bureau of Labor Statistics predicts employment of IT security professionals to increase 31% by 2029, over 7 times more than the average job growth in the country. Companies want to understand how to increase their cybersecurity, but presently they simply cannot always hire the skills to strengthen their workforce. By investing in professionals at the beginning of their cyber career and nurturing their development through training and providing a fair wage, they will be more likely to benefit from valuable staff and avoid costly attacks.

 

Businesses suffered 50% more attacks in 2021 than in any previous year, and it’s becoming increasingly clear that as technological advancements continue to progress, so do the number and complexity of threats. As critical industries have begun to implement these new technologies, they are increasingly becoming victims of these attacks. There are simply not enough cybersecurity professionals to deal with the unprecedented demand for their talents, as governments and the private sector continue to scour the market for experts.

 

Professionals need a berth of in-depth knowledge and hands-on experience, but all too often employers will wait until after an attack has occurred before hiring an expert to resolve the issue. If organizations continue to adopt lackadaisical approaches to cybersecurity, it will only become more difficult to track down and appoint trained professionals. Hiring and training staff from the offset will mitigate the necessity of recruiting a highly qualified security professional from elsewhere, as existing employees will have the tools required to protect the companies from risk. The benefits of a long-term approach of investing in employees at the start of their careers are clear, and pairing this with strong, preventative tactics will help businesses to limit the level of damage caused by cyber-attacks.

 

Supporting standards with state-of-the-art strategies

Businesses and organizations can go a long way to protect their systems through investing in employee training, but they cannot afford to stop there. Even the most experienced professionals need to be supplied the right tools in order to mitigate risks, and it is imperative they are able to leverage the latest state-of-the-art technology to give them the best chance of success.

 

Standards and documentation can offer guidance to help combat cyber-attacks. Learning from and working with seasoned professionals from across the industry aids the united fight against cybercrime, whilst access to work groups helps experts to share their knowledge and continually develop new standards. By carefully studying such documentation, security professionals can also learn best practices that have been developed by leading industry experts from a range of diverse organizations from across the technology landscape.

 

Standards-based technology across all industries, deployed in everything from enterprise systems to networks and mobile devices. Standardization allows systems, networks and applications to be simpler to deploy, easier to maintain and costs less to manage. Security specialists who use products with trusted computing standards can feel assured in the technology’s ability to ensure critical data is protected from attack.

(The author Mr.Thorsten Stremlau, Co-chair of TCG’s Marketing Work Group and the views expressed in this article are his own)

Leave a Response