With this year’s Safer Internet Day theme being ‘together for a better internet’, it seems fitting to discuss the cybersecurity skills issue significantly impacting my industry.
According to recent estimates, there will be 3.5 million unfilled positions in the cybersecurity space by 2021. And in order for businesses and consumers to stay safe online, we need to make sure that we have retained the right talent, with the right experience.
First, we must look at the current state of the security talent landscape. Researchers found that just 26% of IT British professionals think they are adequately experienced in cloud-related security. And cybersecurity skills topped the list of a skills crisis within an organisation, with 53% of respondents reporting it as a major shortage.
To support this, we’ve found trends indicating that those skilled experts are turning to the dark side. Why? We surveyed security professionals and found the reasons ranged from more pay, more challenges, retaliation against an employer and them not perceiving it as wrong.
In addition, we spotted a worrying growing trend of ‘grey hat’ hackers – employees who dabble in cybercrime without giving up their day job as a security professional. In the UK, one in 13 security professionals are perceived by peers to be grey hats. Companies should be using insights like this to retain their security talent and deter more away from the criminal route.
How can we solve this crisis?
The positive news is its on the Government’s agenda as it recently invested money into growing the local cybersecurity community and an additional £100m was announced for research and development of hardware and cybersecurity software. These investments aim to make Britain a more resilient player in eradicating a significant portion of the current cyber risk.
But more investment from the public sector and private sector is needed. Other recent initiatives encouraging young people to consider a future career in cybersecurity include the free Cyber Discovery programme.
This investment seeks to encourage people from all backgrounds to see cybersecurity as a viable career path. These are positive steps in the right direction but businesses cannot rely on this investment alone.
In order for organisations to retain and attract this sought-after talent, businesses must put their money where their mouth is and review current employee engagement schemes, pay perks to ensure they are in line with what cybersecurity professionals want: good pay and a challenging role.
Another way to keep legit security professionals away from the criminal route is more bug bounty programmes. When the NCA says that young people are getting into cybercrime thinking it is ‘cool’, the industry must do much more to turn these skilled young people on the white hat hacker path. They need to be fighting crime, not contributing to it and bug bounty programs are an exciting prospect for professionals – that also pay well.
In fact, it was revealed that Facebook has now paid out $6.3m to bug bounty hackers since it began its program in 2011. Google has also invested in the program and the biggest reward was $112,500, paid to someone who found vulnerabilities in its Pixel smartphone. Not a bad earner.
In addition, in order to tackle this crisis, the industry must work together in sharing their collective experiences and come up with a combined answer.
Of course, the security skills shortage is nothing new. In fact, the cybersecurity skills deficit has secured the top spot in ESG’s annual survey every year since 2015.
But there are steps businesses can be taking to take the matter into their own hands and I encourage companies on this Safer Internet Day to take a look at themselves, see what could be improved and take action.
After all, it’s only with the support of talented cybersecurity professionals that we will be able to take on the growing threat of cybercriminals.