What are the implications of the cybersecurity skills shortage?
The cybersecurity skills gap is burning an ever-expanding hole in enterprise tech. Until now, enterprises have been relatively spoilt; businesses can use ever-evolving technologies to meet and exceed customer expectations. We now have more technologies, solutions, and opportunities than ever, enabling business growth at unprecedented rates.
However, technologies aren't the only thing evolving – threats are too. In fact, some new technologies are actually introducing the new threats. For example, while artificial intelligence (AI) delivers a host of powerful solutions to the enterprise, it's also fuelling the fire for AI-driven cyber attacks.
Unfortunately, the only thing that doesn't seem to be evolving or increasing is the cybersecurity skills shortage. If anything, it's getting worse; the number of unfilled positions are in the millions, and that hole has burnt wider ever year.
The shortage is, in simple terms, a nightmare. Organisations can't make the most of new security solutions without the expertise to oversee it. Not only that, businesses can't embrace new technologies without the reinforcement of a full cybersecurity team.
Right now, cybersecurity teams are running thin on the ground. Organisations have no choice but to overwork their cybersecurity personnel because there is no spare talent going around. Thus, under-equipped teams are left to spin a growing number of plates, which obviously isn't ideal.
Not only that, but it's a skills gap, not a job role gap. This means that the current security personnel themselves lack the advanced skills necessary today. In turn, cybersecurity teams are under so much pressure to perform, with little resource to help.
Frankly, if it sucks for the cybersecurity team, it sucks for the organisation too. If it sucks for the organisation, it sucks for the general public.
This is because (as it may need reminding), cyber threats are everyone's problem. National security, personal banking, personal emails – the avenues for exploitation are endless and severe.
So what do we do? Hiring new people is out of the question because a) there aren't any, and b) we must abandon the idea that one new employee equates the combatting of one new threat. The growth of threats is spinning out of control, and at this rate, enterprise security will soon be circling the drain.
It's not to suggest that the shortage isn't a concern, but given that it's been ongoing for many years, organisations must find a way to tie themselves over in the meantime. Although it goes without saying, what they really need is a portfolio of robust, unsupervised cybersecurity solutions in place to make threat penetration as difficult as possible.
As well as this, the boardroom in particular should cooperate closely with the current security team and listen closely to what they need. It also wouldn't hurt for executives to undertake some cybersecurity education and best define what their security-related business needs are.
Check out our Ask the Expert with Jurijs Rapoports, covering cybersecurity in the medical and enterprise spaces.