Download this article in PDF format.
Unlike some career tracks, cybersecurity hasn’t been around all that long. Sure the first recorded use of the term “cybersecurity” took place back in 1972, but the actual need to protect computers from “bad actors” is a newer phenomenon. And as our world becomes more and more digitally connected, it’s opening up new routes for these criminals to hack into, steal and exploit systems and data.
Early on, the responsibility of cybersecurity fell on a company’s engineers and system administrators. As the number and sophistication of cyberattacks proliferated, organizations and governments began hiring dedicated cybersecurity professionals to help them avoid and/or thwart the bad actors.
Fast-forward to 2023 and the number of global cyber-attacks has grown considerably over the last few years. During the first quarter of this year alone, Infosecurity Magazine says weekly cyber-attacks have increased worldwide by 7% compared to the same period last year, with each firm facing an average of 1,248 attacks per week.
Citing Check Point statistics, the publication says the education and research sector experienced the highest number of attacks, rising to an average of 2,507 per organization per week (a 15% increase compared to the first quarter of 2022).
A Profession in Dire Need of More People
Unfortunately, as the number of cybercrimes continues to escalate, the pool of professionals that have been trained to manage these issues hasn’t kept up. According to (ISC)²’s most recent Cybersecurity Workforce Study, the current global cybersecurity workforce gap currently totals 3.4 million people.
The talent gap is particularly severe in aerospace, government, education, insurance and transportation, (ISC)² reports.
“While the cybersecurity workforce is growing rapidly, demand is growing even faster,” the organization states. “[Our] cybersecurity workforce gap analysis revealed that despite adding more than 464,000 workers in the past year, the cybersecurity workforce gap has grown more than twice as much as the workforce with a 26.2% year-over-year increase, making it a profession in dire need of more people.”
Five Ways to Start Filling the Talent Gap
Cybersecurity acumen and experience don’t just develop overnight, but there are some steps organizations can take to minimize the skills gap and ensure that their systems, data, customers and employees are protected. Here are five strategies experts recommend:
- Use gamification to get teams up to speed. Along with continuous learning programs, tech job platform Dice says capture-the-flag competitions gamify cybersecurity training while keeping it engaging, competitive and interactive. These competitions help participants develop hands-on experience in solving real-world cybersecurity challenges, fostering practical problem-solving skills and enhancing their understanding of various attack scenarios. For example, one company holds Capture the Flag competitions sponsored by Fortinet to hone skills and protect microelectronics and semiconductors from attacks.
- Foster an inclusive work environment. Dice sees prioritizing diversity and inclusion as an important way to address the cybersecurity skills gap with creative talent. For example, Microsoft works with partners to bridge the gender gap in cybersecurity. In April, the company announced it is expanding access to cybersecurity skills for women and girls with its Ready4Cybersecurity program. With the initiative, Microsoft plans to skill and certify 100,000 young women and underrepresented youth in cybersecurity in Asia by 2025, Dice reports.
- Build cybersecurity skills in-house. In “Cybersecurity skills gap: Why it exists and how to address it,” Karen Scarfone says organizations can tap into a much larger pool of workers if they relax job requirements and then build cyber skills internally by providing training, education and certification support. “Enable new graduates, veterans, people transitioning from other careers, and those with an interest in and aptitude for cybersecurity to learn and grow,” Scarfone writes. “College degrees, certifications and several years of experience are simply not necessary for success at most cybersecurity positions.”
- Support your existing talent. Automating routine tasks, using managed security services and offering job rotations are all good ways to reduce burnout among current staff. It can also help employees build additional skills, making them even more valuable to your company’s cybersecurity team. “Small organizations may want to outsource most of their security services altogether to reduce their need for dedicated cybersecurity staff and instead train their IT personnel to also handle occasional cybersecurity tasks,” Scarfone writes.
- Get the whole organization involved. “Cybersecurity should not be the sole responsibility of the IT team — no matter its size,” RedTeam Security cautions. “It may be IT leading the charge, but the entire organization needs to recognize and understand the importance of cybersecurity. All business processes, data and application owners have a role to play in protecting enterprise resources.”
