With increasing regularity and frequency, cybercrimes are making headlines around the globe. Significant data and privacy breaches are occurring at an alarming and growing rate. The ever-changing cyberthreat landscape becomes more and more challenging for corporations and individuals to protect themselves against well-funded and sophisticated cybercriminals. A report conducted by Juniper Research estimates that cybercrime will cost global businesses over $8 trillion in the next five years.

Protection against cybercrime comes down to three things – people, process and technology.

Challenges in Protecting Organizations Against Cybercrime

In today’s marketplace, there is no shortage of cybersecurity technology. Studies indicate that the average enterprise company has 80 or so security technology tools. While this does provide increased protection, this proliferation has also led to increased operational complexity and cost.

Simply implementing technology does not assure strong protection – robust processes are required to ensure that cyberthreats are identified and resolved as quickly as possible. The proliferation of tools makes this more challenging resulting in an increasing requirement to automate processes and workflow to detect and eradicate the threats. Automated Intelligence (AI) and Machine Learning capabilities are now a major focus in the war against cybercrime.

While people, process and technology are all important factors in a cybersecurity strategy, this article focuses on the increasing shortage of talent in this field – perhaps the greatest issue facing the cybersecurity industry today. Many studies have been conducted recently on this topic. Here are a few key data points:

  • According to a recent Deloitte study, the demand for cyber talent in Canada is climbing by seven per cent annually and estimates there will be more than 5,000 cybersecurity roles to fill between 2018 and 2021. Deloitte says the skills shortage is part of a global problem where the cybersecurity workforce gap is expected to stand at 1.8 million by 2022.
  • In response to a global survey by the Enterprise Strategy Group to more than 600 IT and cybersecurity professionals, respondents indicated that cybersecurity represents the biggest area where their organizations have a problematic shortage of skills. This trend has been growing year over year with 51% of respondents claiming their organization have a problematic shortage of cybersecurity skills (compared to 23% in 2014).
  • Colleges and Universities continue to have challenges keeping up with the demand for cybersecurity professionals and incorporating the newest skills into their curriculum. Even if someone does graduate with a focus in cybersecurity, their expertise may not be up-to-date with the latest threats or industry knowledge. Co-op programs help with this to some degree.

Dealing with the Shortage of Cybersecurity Talent

So, how are forward-looking companies dealing with this skills shortage?

  • Consolidating and integrating security technologies.
  • Moving toward technologies with advanced analytics, artificial intelligence and machine learning.
  • Automating and orchestrating processes to reduce human intervention and increase response/remediation times.
  • Taking a “portfolio management” approach to security by taking stock of their people, skills, and limitations and managing accordingly through contracting third parties or outsourcing specific security controls and operations to third parties.
  • Investing in their people via increased compensation, investing in career development, mentoring and training.
  • Take a multi-dimensional approach by hiring both cyber specialists and training others on the job.

Conclusion: Given the perilous and ever-changing cyberthreat landscape and the aggressive push toward digital transformation, the cybersecurity skills shortage represents a very serious threat to corporations and society at large. This situation also provides an opportunity for Coreio as we continue to join the fight against cybercrime as we build our Advisory Services capabilities in the cybersecurity space.