For companies who want to protect themselves from the massive costs associated with data breaches, cyber security has become a top priority. Unfortunately, there is a global issue hampering that objective. Indeed, the demand for skilled and experienced cyber security professionals is skyrocketing. Yet, according to the 2019 (ISC)² Cybersecurity Workforce Study, the world has a shortage of 4.07 million cyber security professionals to adequately defend organizations. Further, in the U.S. alone, it would take a whopping 62% increase just to fill the cyber security consulting gap. Globally, the field needs 145% more cyber security professionals to end the shortage.
Without cyber security professionals on staff, organizations aren’t prepared to detect and mitigate cyber attacks. It’s really not a matter of “if”, but more a matter of “when.” For most businesses, hackers have the upper hand. A 2018 IBM and Ponemon Institute study found that the average data breach incurs a $3.86 million price tag while large breaches can cost an institution $350 million. With that in mind, many companies are eagerly hunting for trained cyber security consultants but there just aren’t enough in the field to fill these critical roles. It’s simply one of the biggest challenges companies face today. In addition, cyber security is an evolving industry. Professionals must make the time to study the latest in threat intelligence, much like physicians.
The problem with the pipeline
A little over a decade ago, cyber security was generally managed by the IT staff. Back then, data breaches were conducted by hackers looking for some fun. As the world’s digital footprint increased, and more people used their devices to run their work and personal lives, then the threat surface also increased. As a result, more attacks started occurring and they also became much more sophisticated. It wasn’t too long before companies realized they needed help, and quickly. However, the rush to acquire cyber security professionals on the team essentially depleted the talent pool. Further, the number of new cyber security consultants coming out of various training programs has not met the hiring demand. Not to mention, many companies want employees with hands-on technical skills, but many schools just don’t have these types of programs available or trained professors in this field. While it should be, cyber security still isn’t a common area of study.
Human error is rampant
Often, the weakest link in a company’s cyber security strategy might be humans. You can find technologies to deter viruses and malware, but you just can’t always control whether a human can be manipulated by sophisticated phishing techniques. Moreover, hackers now know that the easiest way to access an organization’s systems is from the inside. Without cyber security skills training, non-technical staff are left vulnerable to social engineering tactics and traps. When they fall for phishing emails or texts, it just adds to the workload of the already-burdened IT staff. If the IT department spends their days putting out fires, they don’t have time to create cyber security skills’ training sessions or to focus on higher-value, and more strategic plays against the latest cyber threats.
Has COVID-19 impacted the cyber security professional shortage?
Invariably, data breaches are on the rise. Cyber criminals make a living this way. Also, the pandemic has accelerated the work-from-home trend. It appears the trend is now normal, without any end in sight. Mobile workforces are using their devices from their home networks, doubling the threat surface almost immediately. There isn’t any question that the work-from-home environment is just not as secure as the office configuration. The result is the perfect storm of increased workloads for cyber security professionals without enough available to fill the widening shortage.
How can you mitigate the shortage?
The most important factor is to focus on skills, certifications, and training. To bridge the gap, companies must be open to non-traditional means of hiring such as partnering with a cyber security consulting firm. You don’t have to hire any more staff, but you have access to cyber security professionals 24/7. The risks will only get worse, so it is crucial to be proactive before it’s too late.
Is your business in dire need of cyber security consulting?
ISSA found that 74% of companies were experiencing a shortage of cyber security professionals – the percentage is up from 70% in 2017. External threats will only continue to grow in sophistication and tactics. The most strategic way to mitigate this threat is to partner with a Managed Security Service Provider. As a result, you can have immediate access to highly-trained experts who can help you save on the costs of hiring, training, and other related costs while providing the latest equipment and software to manage every cyber threat successfully. If you’re ready to learn more, contact SSI today.