Download this article in PDF format.
Cybersecurity and IT teams have a lot on their plates right now as cyberattacks—and the costs associated with those attacks—continue to increase. According to a recent Bitdefender Enterprise report, internal cybersecurity teams are dealing with an increase in ransomware and phishing attacks, all while managing increasingly complex computing environments.
“Just as an organization’s infrastructure evolves to meet changing business needs, so do the toolkits employed by hackers to compromise sensitive data,” Bitdefender points out. For example, ransomware attackers are adopting a “double extortion tactic” whereby they steal and exfiltrate data in addition to encrypting it. “Similarly, social engineering techniques are evolving to the extent that phishing attacks are becoming more and more convincing,” the company adds.
These threats are definitely keeping cybersecurity professionals up at night. By Bitdefender’s count, 99% of these professionals are concerned about evolving cybersecurity threats, with vulnerabilities and zero-days being the primary concerns.
“These concerns are justified, as more than half (52%) of respondents said they experienced a data breach as the result of a cybersecurity incident in the last 12 months,” Bitdefender adds. “This figure increases to 75% among respondents in the United States with an average total cost of $4.35 million.”
The Threat is Real
In September 2023 alone, ransomware gang Dunghill Leak claimed that it had launched a cyberattack against travel booking company Sabre; an X-based NFT phishing attack resulted in over $690,000 in losses; a ransomware gang stole 6.8 terabytes of data from Save The Children International; and MGM Resorts’ operations were halted by a cyberattack.
These are just some of the cybercrimes that made headlines during the 30-day period. Add in the rest and multiply by 12, and you wind up with a full year’s worth of high-profile attacks. There were also many other unreported or lower-key attacks taking place throughout 2023.
Unfortunately, there may not be enough cybersecurity experts in the world to deal with all of these current and emerging threats. Globally, Cybersecurity Dive points to a ISC2 2022 workforce study that found that there’s a need for more than 3.4 million security professionals, an increase of over 26% from 2021’s numbers.
“This reverses a trend seen in ISC2’s 2021 study, where the number of open cybersecurity jobs actually dropped over a two-year period,” the publication reports. The core problem isn’t a new one: the demand for cybersecurity is greater than ever, due to an evolving threat landscape with attacks that are more difficult to detect and defend.
“But the available potential workforce isn’t keeping pace with that demand, largely because of a lack of interest from young people entering the job market,” Cybersecurity Dive adds. It says too many organizations hiring cybersecurity talent are looking for “unicorns,” or those candidates who are able to check off every single box on the application form.
“Instead, it is more important to remember that technical skills can often be taught,” the publication advises. “What those looking for cybersecurity staff should look at in individual applicants are the soft skills, which tend to come naturally rather than through classroom education.”
71% of Companies are Grappling with the Shortage
Nearly three-quarters (71%) of IT and cybersecurity professionals worldwide say their organizations had been impacted by the cybersecurity skills shortage, according to Enterprise Strategy Group (ESG). That’s a sharp increase from 57% who cited the skills gap in a study released by ESG in July 2022, CNBC reports.
“The worsening shortage has led to an increased workload for cybersecurity teams, unfilled open job requisitions and high burnout among staff,” CNBC adds. “Nearly all of them said the cybersecurity skills shortage and its associated impacts have not improved over the past few years and 54% said it has gotten worse.”
Universities Step up to the Plate
Some universities are taking steps to help fill the cybersecurity talent gap. For example, a new coalition of eight universities led by Rochester Institute of Technology (RIT) is paving the way for military service members and first responders to transition into cybersecurity careers.
The pilot program is backed by $2.5 million in funding from the National Security Agency (NSA)—which will make the training free for transitioning veterans and first responders.
The certificates will prepare participants for careers in auditing and compliance, RIT explains, and participants may also take on jobs as cybersecurity consultants or vulnerability testers.
“We have this deep and broad need for cybersecurity workers and we have about 200,000 transitioning military members every year who have military service that could be congruent to these careers,” said RIT’s Justin Pelletier, in an announcement about the new coalition.
“They have a deeper understanding of what right looks like, and they are used to assessing needs and solving security problems,” Pelletier continued. “Maybe they don’t have the right vocabulary, but after five or 10 years in the military, they have the foundation.”
