GUEST OPINION: For cyber criminals, the economics of a ransomware attack are overwhelmingly in their favour. Last year, according to ESG, 79% of organizations reported a ransomware attack, with Ponemon’s 2021 Cost of a Data Breach report estimating that the average cost of a breach is AU$7.3 million. The threat is omnipresent and the number of victims continues to rise.
At the same time that the threat landscape is expanding, the cybersecurity sector is struggling with a global skills crisis, lacking a pipeline of talent to fill vacant positions. To keep pace with the adversary, AustCyber estimates that Australia needs an additional 7,000 cybersecurity specialists over the next two years. The problem is not just restricted to this country, because according to the (ISC)² Cybersecurity Workforce Study from October 2021, there is a shortfall of 2.72 million cybersecurity professionals worldwide.
Security teams are overstretched
Over-stretched and under-resourced security teams are currently inundated with alerts, which burdens them to prioritise the ones that represent the most risk to their business, waste their valuable time and expose their organizations to increased risk.
This is commonly referred to as alert fatigue and it’s having a big impact on the security teams, often leading to burn out. It’s not feasible for teams to continually be battling with high alert volumes, they need more sophisticated tools that are better equipped to assess the risk that delivers fewer alerts and empower them to get on with the job in hand. It’s also a critical part of the talent jigsaw puzzle. In a recent Forrester report, respondents noted a direct correlation between having the right security tools in place and staff retention.
Retaining cyber talent is paramount
It’s always in an organisation’s best interest to retain professionals who are difficult to attract in the first place. This is doubly true for security professionals because currently they are in high demand and well-paid job opportunities with good career prospects are a plenty.
Organizations cannot afford to lose top security professionals because it’s costly and introduces risk. Aside from compensation, creating a culture that builds communities that include trust, respect and inclusivity is important. Giving employees a sense of belonging to a strong, collaborative community, tied to a purpose they believe in, is a strong differentiator.
Recognition of the contributions of teammates is free, but worth so much. Great talent attracts great talent. The opportunity to work with and learn from a highly talented team is a key attraction. Today, a flexible remote work-life balance is valuable to everyone. Ensuring employees can have real downtime is important in our work-from-anywhere environment. With the investment of time, good training and excellent talent management, any organization in Australia and around the world can boost their levels of cybersecurity talent.
Ways to boost talent numbers
The cybersecurity skills shortage continues to have multiple challenges and repercussions for organizations across Asia Pacific, including the occurrence of security breaches and loss of money. As a result, the skills gap remains a top concern for C-level executives and is becoming a board-level priority. Academia, government and the public sector, working together, can act as a force multiplier to encourage people from all backgrounds to genuinely consider cyber as a career. As an industry we need to do more to show case the variety of roles available from incidence response and threat intelligence through to threat hunting and product development.
Mission is also vitally important. Cyber professionals are undertaking work that protects society at large. When you work at a security company, the mission can be clearer, so for enterprises that have cyber global teams as a ‘function’ they need to ensure that the cyber team is positioned as intrinsically linked to the broader business mission and that of the connected economic.
Australia is on the right track
We’re starting to see progress, with Australia’s cyber security workforce growing by more than 23% in 2021, but we can’t rest on our laurels. The crisis is not over yet and we need to build a sustainable pipeline of talent for the present and the future, whilst offering more flexible working conditions to attract new cybersecurity talent.
We have a significant need to recruit and train a whole new generation of security professionals, but we are all going to have to solve this one together and that includes vendors, organizations at risk, as well as governments, schools, universities and even parents.