The Cyber Skills Shortage & Training Gap - What Is The Solution?

With large-scale data breaches increasing in not only frequency but also complexity, increasing cyber security resiliency should be a top priority for all industries.

According to the International System Security Certification Consortium (ICS2) there are more than 4.07 million unfilled cyber security positions across the world. 

With a lack of training for this undersubscribed role, the problem is only going to persist and progress.

Many businesses across the globe that do not have highly classified information put cyber security to the back of their minds. That is however, until a cyber attack occurs. More consideration needs to be taken to see what options are available for preventing these detrimental attacks. Proactively hiring cybersecurity staff and implementing cybersecurity technologies will help to ensure all areas of the business are secure.

Hiring Cyber Security Professionals

Many HR departments may have outdated hiring approaches, when compared to a new discipline such as cybersecurity which needs a different approach. Therefore, some companies will disregard an application due to a lack of qualifications even though a lot of successful cybersecurity professionals are self-taught and have a lot of hands-on experience. However, it is often that hands-on practice that makes a candidate so valuable. 
Most companies will go on a hiring spree in the aftermath of a cybersecurity incident and expect professionals, with over 10 years of experience, to flood in instantly. Unfortunately, this is not always the case.

With a lack of “qualified” candidates, instant hiring and results are unrealistic. It is essential that a proactive approach is adopted.

If companies invest in professionals at the beginning of their cyber career, enable their training and provide a fair wage, then they are more likely to keep hold of valuable staff and avoid costly attacks. This will partly be due to having preventative tactics already in place, but also not having to worry about hiring new people as soon as an attack has occurred.

Making Cyber Security Attractive

Unfortunately, hacking is now a lucrative profession and it is attracting a lot of rogue talent. Alongside this, businesses are not investing in the proper staff training to ensure that employees can appropriately handle the critical cyber threat landscape. There is no shortage of cybersecurity jobs in the market, but there is a shortage of experts taking the jobs. This is due to a number of factors, with low wages being one of them. It is up to businesses to make these roles more desirable, as a lack of cybersecurity implementations could lead to the demise of a business. 

Companies need to invest in supporting and training their employees, rather than expecting them to come fully experienced. Proactively investing in cybersecurity professionals, rather than only relying on them when an attack occurs, will allow employees to be trained properly for an attack. Salary and training are both costly, but they would likely save money by avoiding the attack.

Investing In Preventative Tactics, Rather Than Expensive Recovery

The importance of preventative tactics is sometimes not realised until it is too late and then there is no expense spared in getting everything back on track. 

Not only should companies invest in staff, but also in the technologies that staff implement and manage. By utilizing trusted computing technologies, businesses can be sure that their data and devices are protected and secure from any risks or potential threats. More than a billion devices include technology that leverages TCG standards, but the impact is small if people do not adopt them on a wide scale across all industries and businesses.

Knowledge is power in the fight against cyber attacks and with such a shortage of knowledge and skills in the industries most affected, it is essential that trusted computing technologies are used to their full potential.

Trusted Computing Group (TCG) provides standards and documentation that allows cybersecurity professionals to be up to date on the best techniques. For those highly experienced in cybersecurity, it is a chance to contribute to industry practices and keep up to date. If businesses with limited cybersecurity knowledge cannot afford to hire experts, they should reference information and documentation provided by organizations like TCG to get the support and guidance they need. For new employees in cybersecurity, TCG membership can provide access to workgroups that consist of seasoned experts to help them with the much-needed guidance and support for growth in the industry. 

Implementing Secure Technologies To Alleviate Pressure

TCG’s trusted computing standards are designed to be open and can be applied across many industries and sectors, as well as meet international security standards. Choosing which policies and security features to use in the design of software, hardware, or services is made easier with the knowledge that TCG standards that are applicable are tried and tested. This alleviates the need to re-engineer common security architectures in isolation. By carefully studying TCG documentation, a security architect can learn best practises that have been developed by seasoned and recognized industry experts from a multitude of diverse companies represented in TCG.

It is imperative that all industries understand the importance of cyber security technologies and professionals before they suffer an attack.

Once experts are hired, organizations should strive for continuous training of their cybersecurity staff with appropriate funding, alongside implementing new cyber security technologies to cover all areas of the business. 

Thorsten Stremlau is Co-chair of Trusted Computing Groups’s Marketing Work Group

You Might Also Read: 

Leading the Way in Cyber Security Skills:

 

« Apple’s Cyber Security Flaws Didn’t Stop It Reaching $3 Trillion
African Nations Join UN Cyber Crime Initiative »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Leonardo

Leonardo

Leonardo (formerly Finmeccanica) is a global high-tech company in Aerospace, Defence, Security & Information Systems including Cybersecurity & ICT solutions.

Blueliv

Blueliv

Blueliv is a leading provider of targeted cyber threat information and intelligence. We deliver automated and actionable threat intelligence to protect the enterprise and manage your digital risk.

NCC Group

NCC Group

NCC Group is a global cyber and software resilience business operating across multiple sectors, geographies and technologies.

Aviva

Aviva

Aviva provides Cyber Liability cover for small to mid-market customers to help combat the threat of data and privacy breach.

ngCERT

ngCERT

ngCERT is the National Computer Emergency Response Team for Nigeria.

Information System Authority (RIA) - Estonia

Information System Authority (RIA) - Estonia

RIA ensures the interoperability of the state’s information system, organises activities related to information security, and handles security incidents in Estonian computer networks.

AppGuard

AppGuard

AppGuard prevents breaches by blocking applications from performing inappropriate processes using our patented dynamic isolation and inheritance technologies.

Secure IT Disposals

Secure IT Disposals

Secure IT Disposals specialise in professional Computer Recycling, Computer Disposals, Computer Destruction, Data Erasure and end-of-lifecycle solutions.

Quantum Armor

Quantum Armor

Quantum Armor is a next-gen cyber security monitoring platform that allows you to continuously stay aware of your security posture, and proactively spot trends, vulnerabilities and potential attacks.

Amvia

Amvia

Amvia is a fast-growing telecoms, Internet and Microsoft service provider. We supply voice, data and cyber security services to 100s of small and large companies.

Jisc

Jisc

Jisc is a membership organisation working in partnership with the UK’s research and education communities to develop the digital technologies they need to teach, discover and thrive.

Scholarly Networks Security Initiative (SNSI)

Scholarly Networks Security Initiative (SNSI)

SNSI brings together publishers and institutions to solve cyber-challenges threatening the integrity of the scientific record, scholarly systems and the safety of personal data.

Riot Security

Riot Security

In today's world, most successful cyberattacks start by a human failure. Riot have developed a platform that makes it easy to prepare your employees for cyberattacks, in a way they love.

Telit Cinterion

Telit Cinterion

Telit Cinterion is a global enabler of the intelligent edge providing highly secure IoT solutions, modules and services.

Standard Notes

Standard Notes

Standard Notes is a secure digital notes app that protects your notes and files with audited, industry-leading end-to-end encryption.

Edera

Edera

Edera is changing the way containers are run and secured, making isolation a reality and fundamentally transforming computing in the process.