Cyber attacks globally have risen by 63% in the last three years, and with increasingly sophisticated methods at hackers’ disposal, organisations face a rising tide of targeting phishing, attacks, software hacks and password theft.
With companies integrating more forms of technology, including internet of things, artificial intelligence and cloud computing into their operations, hackers have many more avenues through which to attack and as a result. the majority of UK companies have experienced some form of cybercrime.
However, despite the increasing prevalence and awareness of cyberattacks, the hiring of cybersecurity professionals has not adequately reflected this.
The number of cybersecurity roles has surged in the last few years. Cybersecurity is one of the fastest growing career fields, with the Bureau of Labor Statistics estimating that it will grow 28% between 2016 and 2026. It is also an extremely lucrative field, with the average salary for cybersecurity jobs currently at £72,500, which rose by 16% over the last month alone.
But despite this, many organisations are struggling to find enough skilled professionals to fill their cybersecurity roles. A new study from Tripwire has revealed that 99% of organisations are struggling to manage all of their cybersecurity needs, while 96% say they are either currently facing difficulty in staffing security teams due to the cybersecurity skills gap or can see it coming.
The cybersecurity skills gap continues to widen
Tripwire’s report found that 85% of respondents believed that their security teams are already understaffed, and only 1% believe they can manage all of their organisation’s cybersecurity needs when facing a shortage of skilled workers.
93% of respondent say the skills required to be a great security professional have changed over the past few years, suggesting that incoming talent is struggling to keep up with demand, despite efforts to attract young people to Science Technology Engineering and Mathematics (STEM) careers.
Research by Bidwells found that the professional and scientific tech industry had the largest skills gap of any industry, with 69.49% more jobs than enrollments in related university courses in 2017. This suggests that until the amount of tech talent with the related cybersecurity skills catches up with demand, organisations will continue to operate with fewer cybersecurity professionals than they need, risking being ill-prepared to deal with an attack.
A recent report by Agari found that the average security operations centre (SOC) needs 54 analysts to deal with the number of phishing incidents that occur. However, the average number of analysts in UK SOCs is just 12. This means that cybersecurity teams are experiencing more attacks than they can handle, meaning serious breaches may not be investigated until it’s too late.
The cybersecurity skills gap is only set to get worse, with the number of unfulfilled jobs in the cybersecurity sector expected to reach 3.5m by 2021.Therefore the skills gap that has affected this industry and many others from the tech sphere remains one of cybersecurity’s biggest challenges, and means that many teams do not have the personnel needed to ensure organisations are fully protected.
Organisations look beyond their organisations for cybersecurity support
As a result, many may start to look elsewhere. 93% said they would benefit from security help outside of their organisations. According to Panda Security, for organisations unable to hire or train cybersecurity analysts as quickly as possible, outsourcing cybersecurity management is a viable option.
Matt Walmsley, EMEA Director at Vectra believes that companies need to re-think who they are recruiting for cybersecurity roles:
“Organisations need to cast a wider net when looking for new cyber security hires. Employers need to put less reliance on credentials. The cyber landscape and attack surface are growing and changing at too fast a pace, meaning that curriculum and certification based upon yesterday’s tactics and battles ultimately won’t win tomorrow’s cyberwars.”
He also believes that the use of AI is another solution to the skills gap:
“A greater use of AI technology to automate tasks and augment human workers can make a considerable contribution to bridging the cyber skills and resource gap. AI augments the human capabilities to work at a scale and speed manual approaches simply can’t touch, and with “lack of time” as one of the top job concerns being cited from IT and security professionals this would be invaluable.”
It can also be useful in recruiting graduates or those with less experience in the cybersecurity field:
“Aside from productivity gains, AI can also help increase the number of available cybersecurity professionals, as it lowers technical skills barriers of entry into the profession and allows less trained individuals to be effective on the front lines of the cybersecurity battle. We’ve already seen enterprises actively deploying AI platforms to support junior staff in front-line cybersecurity operations roles. In some cases, even utilising graduate program interns. These are people who traditionally would be unable to take on these positions without significant further education, professional development, and substantial experience. Using AI to empower them, they are able to quickly ramp up to being productive members of the cybersecurity team, so that “you get what you need.”