BY ANTONY MUTUNGA
In this digital era, technology is at the centre of everything, changing about every aspect of our lives. However, despite all the good that comes with the digital age, it has brought about some new risks in terms of cyber security.
Unlike before when organizations were mostly worried about their physical stores and warehouses being broken into and robbed, the primary fear now is that they can be hacked into and their data stolen or worse off, be completely wiped out.
Cyber-crime has become common that organizations have shifted from asking if they will be the next victims of cyber-attacks to asking when the cyber-attack will happen. As technology has advanced so have hackers and cyber-criminals that keep upgrading their arsenal to be able to stay ahead. Organizations and enterprises all over the world are realizing the importance of cyber security to protect and defend their data.
However, one factor has stood in the way, the shortage of cybersecurity skills around the globe. Unlike other industries where job opportunities are scarce, the cyber security sector has a major drought, which is on a rise, as many organizations are unable to find the right talent to steer them in the digital age. This not only threatens organizations and their clients but it also negatively affects the global digital economy.
According to Cybersecurity Ventures’s 2017 Cybersecurity Jobs Report, by 2021 the number of job openings in the cyber-security sector will be 3.5 million. As a global community, if we do not change this we are heading to a crisis that will be near impossible to be solved. The cyber-security skill gap needs to be addressed now in order to ensure that the talent required is available so as every organization is able to fight against cyber threats.
In order for this to happen, there will be a need to change our education model in terms of IT. Little is being done to attract the young generation to fields in cyber-security. Even though the young generation is quite knowledgeable in technology, it is lacking when it comes to security. Many institutions have focused on instilling knowledge in terms of product sets and ignored the importance of security framework requirements. As a result, this has seen the number of security experts in the field decline leading to the little talent left to only be accessible to the few organizations able to match their high rates.
To be able to ensure that there are more security experts in field, learning institutions need to focus on training security frameworks and instilling some experience while the generation is still young. Governments also need to invest in technical labs that will ensure the young generations as well as minorities and women interact more in the field. This way the number of people with the required skills will increase and be able to protect organizations against relentless hackers and cyber criminals.
Organizations, on the other hand, need to invest in training their employees in terms of security. In doing so the employees will have an understanding of standards and end-to-end security issues which will enable them to maintain a robust security infrastructure.
They will also reduce the cost required to outsource contractors. Due to a shortage of skills, security contractors have high rates, which have discouraged organizations from investing in cyber-security. In fact, in other cases organizations have been forced to hire IT staff based on potential alone. This is a problem in the field as experience is crucial to ensure that one is able to adapt to the ever-changing digital age and be able to look at a challenge from different perspectives.
Training own employees in IT security does not only prevent such challenges but it also creates a collaborative environment, which is essential in the fight against cyber-threats. With open communication, the fight against cyber-attacks becomes a responsibility for all in the organization with the IT team taking the lead. This way if a security breach is to occur in the organization, everyone is able to know how to react in time.
Organizations have also identified machine learning and Artificial Intelligence (AI) programs as a way of bridging the gap. With automation becoming quite popular, machine learning and AI based security solutions are able to process billions of information in a short time thus increasing the probability of identifying a threat at an early date. However, even though the technology is able to track the threats faster than human beings, there will still be need for an employee to analyse and investigate the threat.
Therefore, organizations will need a combination of these technologies and personnel, as technology alone cannot be relied on. However, the technologies will reduce the gap as well as offload some of the repetitive tasks from the personnel allowing them to refocus on more crucial activities such as policy refinement.
Time to change and bridge the cybersecurity gap is now, the millennials and generation z need to be inspired and encouraged to join the industry so as to grow up with the skills. Organizations need to invest in training cybersecurity as well as identify the roles that will be important and nurture them now. Companies that follow this path will avoid the consequences of cyber-attacks and be the corporate leaders of tomorrow.