The skills gap in cybersecurity can be closed – with an investment into upskilling.
One of the biggest challenges for organizations today is being able to develop a strong cybersecurity program, one that is substantial enough to combat the increasingly sophisticated threat landscape.
In fact, the UK government’s Cyber Security Breaches Survey 2022 found that over a third (39%) of businesses have had to deal with a cyber-attack already this year, and 82% of senior managers consider improving security to be a primary concern.
In tandem, companies are becoming increasingly aware of the ways in which cyber-attacks can be avoided. In fact, recent research from Tanium found that the vast majority (86%) of companies that faced a cybersecurity breach in the past six months believe that investing in staff training or more modern tools would reduce the number of incidents that occur.
Pluralsight’s 2022 State of Upskilling Report corroborated these findings. The report found that cybersecurity was the top personal skills gap among 43% of respondents, above cloud computing (39%) and data storage (36%). Additionally, 44% of respondents agreed that cybersecurity skills gaps were the largest current risk to their organization. With this in mind, it’s apparent that organizations must put steps in place to keep technology teams at the cutting edge of the latest cybersecurity trends and threats – and do so quickly. This article explores how to equip technology teams with the skills to create a formidable cybersecurity program.
Defining the cybersecurity skills gap
Cybersecurity attacks remain a pressing concern for businesses, and this isn’t set to change. By 2025, total spend on cybersecurity service providers is projected to reach $101.5 billion and there is set to be a 15% increase in costs related to cybercrime. These are high numbers, and emphasize the challenge that most modern organizations face when trying to keep up with cyber threats. With this ever-changing cybersecurity landscape, it’s no surprise that a long-term cybersecurity skills gap has emerged.
At a time when cyber threats are so prolific, it’s more important than ever to have a skilled cybersecurity workforce that is armed to defend against these sophisticated and varied attacks. However, as the State of Upskilling Report suggests, a large portion of today’s tech workforce do not feel they have the adequate skills to meet their organization’s cybersecurity needs. Simply put, there is more work to be done to help technologists improve their cybersecurity skills. In fact, IBM has found that tech skills are only relevant for around 2.5 years – already outdating cybersecurity expertise that was brand new in 2019. Within a short period of time, historical knowledge and legacy methods are rarely able to continue to defend against the increasing complexity of cyber threats. As a result, business leaders must take responsibility for providing their technologists with the tools they need to keep their organizations safe and secure.
Upskill employees to overcome the gap
The skills gap in cybersecurity is a big project for businesses to take on, but there is also an opportunity. Indeed, the State of Upskilling Report revealed that 91% of respondents want to improve their tech skills. Technologists are also demanding that their organizations provide them with the means to do so, with 48% saying that they have considered changing jobs because they weren’t given sufficient resources to upskill. Additionally, 75% of respondents agreed that their organization’s willingness to dedicate resources to developing their tech skills affects their plans to stay with the organization.
However, organizations aren’t offering enough time for training opportunities to match demand. The State of Upskilling Report found that only 36% of organizations allocate dedicated work time to learning, falling to 32% for technology organizations specifically. Clearly, there is misalignment between technologists’ desire to upskill and organizations’ willingness to apportion time and effort to upskilling.
This presents an obvious challenge – how we do solve this problem and bolster cybersecurity professionals with the skills they need? The first thing organizations can do is give cybersecurity professionals access to resources such as on-demand cybersecurity training, hands-on learning opportunities to understand both red and blue team perspectives and flexible upskilling options that fit in with the busy schedules of many cybersecurity experts. The focus must be on making cybersecurity training essential. It shouldn’t be just an option for anyone within an organization, let alone cybersecurity pros. In order to keep your organization’s cybersecurity program strong, continuously equip tech teams with the knowledge that will help them defend against the next cybersecurity attack.
Securing cybersecurity success for the future
Learning how to protect against cyber criminals in order to future-proof an organization’s cybersecurity program is a continuous process for teams, requiring considerable maintenance and upkeep.
As such, creating a culture of learning within tech teams is critical, as it will condition technologists towards a proactive approach to cybersecurity. To instil this, organizations must have programmatic steps in place to constantly renew cybersecurity knowledge and best practices.
New cybersecurity strategies are being developed every year to stay ahead of attacks, but keeping up with new trends takes more than superficial knowledge. Coordinated action in the form of testing, implementation, and evaluation is required to achieve long-term cybersecurity success.
The requirement for cybersecurity professionals with the desired skills will only increase in the coming years, as threats become ever more complex. Organizations that prepare their security program to work for the future, rather than looking to fend off attackers in real-time, are the ones that will stand themselves in good stead against the latest threat.
