A recent CSO Online article provided a quick overview of cybersecurity skills shortage data gathered from various sources. Data that stood out to me included:
- 45 percent of organizations claim to have a problematic shortage of cybersecurity skills.
- 70 percent of cybersecurity professionals say the cybersecurity skills shortage has had an impact on their organization.
When asked to identify factors that contributed to past security incidents:
- 22 percent said their cybersecurity team was not large enough for the size of their organization.
- 18 percent stated that the cybersecurity team cannot keep up with the workload.
- More than two-thirds (67 percent) of cybersecurity professionals claim they are too busy with their jobs to keep up with skills development and training.
According to employees surveyed, the skills shortage has led to an increasing workload on existing staff, the need to hire and train junior employees due to the lack of experienced talent, and a situation where the cybersecurity staff spends most of its time on emergency issues and very little time on proactive strategic planning or training.
Alarming, I would say! It is clear that in aggregate, many organizations are understaffed, lack different types of advanced cybersecurity skills, and are too busy to provide their staff with enough time for continuing education to keep up with the latest threats.
In my world…that’s called a caboodle…just a big caboodle…and untangling that caboodle isn’t going to happen overnight.
But a caboodle is a caboodle and the gap increases every day; the need for more cybersecurity skills is reaching a crescendo. In its 2017 Internet Security Threat Report (ISTR), Symantec reported that 7.1 billion identities had been exposed through data breaches over the last eight years.
The material cost is formidable with damages related to cybercrime globally expected to reach $6 trillion annually by 2021. Meanwhile, organizations are projected to spend $1 trillion on cybersecurity cumulatively from 2017 to 2021 to combat growing cyber threats.
But even as organizations plan to deploy more security-related technology and services, they will also need to figure out ways to solve the shortage of cybersecurity personnel and compensate for the lack of skills, through outsourcing and training. Because you see, today’s technical IT professionals and network administrators were not recruited to be cyber warriors.
While you might not be able to solve the global cybersecurity crisis on your own, you can take responsibility for skilling up your organization. The fastest way is probably not by giving your warriors to practice full cyber warfare simulations. They need to focus on how best to protect your business systems, not the national grid (unless that is your business of course).
What you need is to expedite new hire onboarding and the skills of your existing team through delivering effective cyber range training, including the ability for each individual to handle relevant cybersecurity attacks.
And you want these mini-stars to master skills and techniques through hands-on experiences with realistic scenarios, enabling them to get to work quickly, effectively protecting critical business systems in your own organization. You don’t want to overshoot – everybody’s time is simply too precious.
This is where untangling the caboodle starts…With effective training that can replicate your business environments, regardless of their complexity, and allow you to unleash attack scenarios in the agilest and safe manner and provide student monitoring and assistance all along.
This alone can enable you to maximize the effectiveness of your employees, customers, and partners in the most impactful ways, so they can become shining warriors as soon as possible.
Because sometimes you just need a sniper and not a cluster bomb.