The World Economic Forum’s Global Risks Report 2019 rated the likelihood of massive data fraud and theft as the third-largest risk facing the global economy, closely followed by cyber-attacks. Cyber-attacks are increasing in prevalence and disruptive potential, and several high profile breaches and data leaks have acted as a major wake-up call as to just how vulnerable critical systems are to disruption and damage.
Alongside inflicting serious reputational damage and harm, the commercial impact of attacks is rising and expected to accelerate, particularly as cloud and Internet of Things (IoT) adoption continues. Lloyd’s of London estimates the global cost of a serious cyber-attack to be more than £92 billion.
The people and skills shortage challenge
To thrive and survive in today’s increasingly connected world, organizations in the private and public sector are in hot pursuit of digital transformation to accelerate innovation. This drive is also increasing their potential vulnerability to the threat of cyber-attack. With cybersecurity professionals in short supply, many are under enormous pressure to meet the challenges of the modern cybersecurity environment. Organizations need to apply some holistic thinking to address the impact of digital transformation on cybersecurity.
Widening the search for cybersecurity personnel
As the cyber skills gap widens, enhancing the workforce – in the face of stiff competition – for the limited supply of skilled cybersecurity personnel is no easy task. Recruiting new cyber talent is not the answer.
To address the skills gap, organizations need to extend their talent pools in other ways. For example, the (ISC)2 survey found that 48% of IT staff are looking to become certified in some form of cybersecurity. Implementing a clear career progression path for those taking on cybersecurity duties will help incentivize existing IT personnel to join the cybersecurity ranks.
Bolstering the cybersecurity workforce means businesses also need to broaden the range of potential candidates and focus their recruitment efforts on those from non-technical backgrounds to help ease the skills shortage.
This means considering people with the potential to work in a collaborative and smart way to solve problems, for example ex-military veterans. Veterans Work, a collaborative research project led by the Officers’ Association, Deloitte and Forces in Mind Trust sets out a compelling business case for hiring veterans; they are problem solvers, ask the right questions, perform well in strategic management roles and the management and motivation of staff.
Similarly, firms need to empower women to join the cybersecurity workforce. In the UK, just eight percent of women work in the cybersecurity profession, despite the sector experiencing double-digit growth and a huge demand for new recruits. This represents a vast untapped resource and organizations need to address the discrimination barriers that are disincentivising women from working in this field.
Train widely
Alongside improving recruitment engagement and outreach, organizations will need to train and prepare employees for cybersecurity transformation, introducing a broader base of professionals to educational opportunities previously reserved for cybersecurity analysts and other roles.
Organizations not investing in training and development programs for individuals from a non-technical background are taking a short-sighted approach – one that exposes the enterprise to greater risk as the threat landscape continues to evolve over the coming years.
When it comes to mining the potential of the female empowered workforce, numerous national programs are encouraging women to acquire cyber-skills. The UK’s National Cyber Security Centre has created courses to encourage girls to consider studying the subject at A-level and university.
Similarly, since 2013 the Code First: Girls organization has been supporting young adult and working age women in the UK to develop further professional skills, such as coding and programming, and working with companies to help them capture top female tech talent.
Make cybersecurity everyone’s responsibility
A key aspect of taking a more holistic approach to cyber training is increasing cyber awareness for all employees. This needs to be a top priority. According to the Online Trust Alliance, 93% of all breaches in 2017 could have been prevented by basic cyber hygiene.
Initiating regular short training sessions for the entire workforce, exploring topics such as phishing – so that employees are primed to recognize a threat and know who to alert – is a must do activity. Training input needs to be to the point, relevant, and reinforced regularly, so that everyone understands the latest threat trends and their responsibilities in relation to keeping company and customer data safe.
In the face of a persistent shortage of cybersecurity skills, companies need to take a new look at people and resources to maximize their resilience to attack. From broadening their view of the workforce to developing new, previously untapped, candidate pools and extending cybersecurity awareness and training to the wider workforce, taking a more holistic approach can help organizations adapt and ensure the new digital workplace stays protected.