Cybersecurity talent is in high demand during the tech sector boom. It’s not easy to attract and retain the best brains in an era where cybercrime is escalating. This is straining confidence in business resilience. We examine this worrying trend. How great is the risk? What can a CEO do to mitigate it?
CSIS Report on Cybersecurity Workforce Gap
The Center for Strategic and International Studies (CSIS) researches trends in international relations, trade, technology, finance, energy and geo-strategy. It analyzed the cybersecurity workforce gap and came to these conclusions:
- Organizations are experiencing difficulty recruiting cybersecurity professionals to protect them against malicious forces
- As a consequence, they are losing $ billions annually to state-sponsored hacking groups
- Education has not kept up with this trend. There are therefore gaps in the U.S. cybersecurity landscape
The CSIS published a paper highlighting what a CEO can do to address this shortfall. We draw on their proposals in this high-level report.
The Gap is Alarming When Reduced to Numbers
- 82% of IT leaders in 8 countries are short on cybersecurity skills
- 71% believe this causes “direct … damage to their organizations”
The CyberSeek initiative reports “The U.S. faced a shortfall of almost 314,000 cybersecurity professionals as of January 2019”.
The gap has thus widened by over 50% since 2015. By 2022 there may be as many as 1.8 million cybersecurity vacancies worldwide.
CSIS casts the gravity of this situation in sharp light when it reveals the U.S. has approximately 1,000 experts possessing the following critical skills:
- Designing secure systems with safe computer code
- Creating sophisticated tools able to prevent and mitigate attacks
- Reconstituting data and ability to recover systems from malicious acts
Where Does the Buck Stop When Cybersecurity Fails?
Qualtrics has been helping customers take action on their experience data since 2002. SAP acquired it in January 2019 adding weight to its opinions. Qualtrics asked organizations who they would blame for cyberattacks or breaches.
- 40% said their leaders would hold their IT teams accountable
- Security teams scored a significantly lower 23% of blame
If these are the weak points organizations face, then it follows they should do more to bolster the talent of their cybersecurity resources. For if they do not, they may damage their morale to the point where they pack up and move on.
Sungard AS has provided mission critical IT solutions for 40 years with a focus on business continuity and disaster recovery. Its CEO says “Often the expertise needed is in demand by other organizations, which makes these skilled professionals hard to snatch up”.
A cloud-storage strategy adds an additional layer of potential strain on the network. Outsourcing responsibility does not transfer accountability in a business. We now move on to concrete proposals made by the Center for Strategic and International Studies (CSIS).
Five Steps to Manage Your Cybersecurity Risk as CEO
- Improve Communication with the C-Suite
Motivating a technical recommendation to generalist managers with other high priorities on their desk is a challenge to a specialist immersed in their design. Moreover, their proposal may be too logical in their mind to even debate.
Having hard and soft skills is a rare find in business. IT needs to think on its feet from the CEO’s perspective. For their part, the executive needs to allow sufficient time to understand the problem. The walls must come down.
2. Allow AI and Machine Learning to Play Their Part
Wasting cybersecurity resources on number crunching and repetitive code is futile. We should endow IT with tools to detect trouble brewing through correlation, pattern matching and anomaly detection routines.
We can then deploy those key human skills to investigate these anomalies, analyze their legitimacy, and respond to and hunt down genuine threats. However, Forbes warns their workload will increase as AI sharpens its aim.
3. Continually Enhance the Skill Base in IT
The dark side of the web is developing new threats at an alarming rate. We can only keep ahead of their game if we match our in-house skills accordingly. We must help our team grow, or risk losing good people.
We should train, and then cross-train instead. While this may limit our defenses for a short while, the payoff will justify this in the medium term. There is no alternative to building a stronger team to serve our business.
4. Keep Your Team Sharp by Exploring New Technologies
IT minds are sharp and inquisitive and that brought them to the field. Don’t hold your team back from exploring new ideas and trying new technologies. They will grow and so will your business and you will keep them longer.
Give them the excitement of being part of the expanding cyber world. Don’t begrudge them time to chill out as they unwind after cracking a particularly complex problem. Recognize them as a critical part of the team.
Keep your mind sharp too on what’s happening in the IT industry, with special relevance to cybercrime. As CEO, your personal files and messages are pure gold for hackers. Your IT team will be happy to show you the ropes.
5. Recognize Achievements and Promote from Within
We began this article by describing the critical shortage of cybersecurity talent in the U.S. The hunt may be on for some out your best people as we write, and they are longing for their careers to flourish on the back of new skills.
Do develop a personal career plan for each IT employee and have a succession plan that recognizes their contribution. People stay longer with companies that value them. You must have a plan for when they eventually move on.
Let Your Cybersecurity Professionals Show Their Worth
Release your cybersecurity countermeasure specialists from the drudge, by providing the AI and machine-learning tools they need. Develop their critical thinking ability before releasing them from the pack. Then they can take on cyber criminals on their home ground.
They will prove their value as high-performing assets. You will sleep better at night. However, you must remain ever-vigilant for cyber threats on your personal devices, because you are the leader of a pack under attack.