Don’t Get Hacked: Closing the Cybersecurity Skills Gap

That's not a valid work email account. Please enter your work email (e.g. you@yourcompany.com)
Please enter your work email
(e.g. you@yourcompany.com)

hacker

With the Internet of Things (IoT) connecting every “smart” piece of equipment to the cloud, the number of potential targets for hackers the world over is growing exponentially. Hackers have been known to take on a wide array of challenges, ranging from personal identity theft to stealing bank accounts. Even political espionage isn’t off the table: An American presidential candidate recently suggested that Russian hackers attack his opponent, and the hackers have allegedly obliged.

One of the things that makes American government agencies and companies so vulnerable to cyberattacks is the skills gap that exists in the cybersecurity field.

“The cybersecurity workforce shortfall remains a critical vulnerability for companies and nations,” says Hacking the Skills Shortage, a report recently released by Intel Security. “Conventional education and policies can’t meet demand. New solutions are needed to build the cybersecurity workforce necessary in a networked world.”

Identifying the Problem

We keep moving more of our infrastructure into the cloud, but we don’t take steps to make sure we have the workforce available to defend against cyberthreats. Intel’s report breaks down the cybersecurity labor shortage into four areas:

1. Cybersecurity Spending: The study shows a direct correlation between what countries and companies spend on cybersecurity and how the skills gap affects those entities. The report also shows that 76 percent of survey respondents believe their government isn’t investing enough in cybersecurity talent.

2. Education and Training: The general opinion of survey respondents is that school alone isn’t good enough, with 77 percent of respondents saying current education programs don’t prepare students to enter the workforce. Considering that many hackers are self-taught or pursue certifications in place of degrees, this isn’t surprising. More nontraditional methods, such as “hands-on training, gaming and technology exercises, and hackathons” might be more successful in fostering and identifying cybersecurity talent, according to the report.

3. Employer Dynamics: Pay up. Having the know-how on staff to stop a cyberattack can save a business millions or more. If you want top talent in a field where the selection is limited, you’ll need to offer top salaries. Once you’ve got the best cybersecurity talent on board, you’ll also need to offer top-notch training if you want them to stick around.

4. Government Policies: If there’s one thing the American government is good at, it’s letting the law lag behind technology. Look at commercial drones or self-driving cars, for example. Cybersecurity is no different. More than 76 percent of respondents said that their governments don’t invest enough in building up the cybersecurity workforce.

Related: Are Cybersecurity Threats Increasing for the Public and Private Sectors?

What Companies Can Do

First, focus on your internal team. If you want an impenetrable wall standing between your company data and every third-rate hacker looking to make a buck, you’ll need to pay for it. Make sure your IT team has what it needs to do the job, and make sure they are well compensated for doing it.

In addition, make sure your team is constantly training to adapt to the latest technologies and threats. New cyberthreats arise all the time, and without continuous training, any degree in any computer-related field becomes obsolete quickly. Some may fear that such high levels of training make their employees riper for poaching by competitors, but in truth, lack of training is actually one of the main reasons people leave cybersecurity jobs, the report says.

Make sure your recruiters are establishing relationships with universities so your business gets first crack at top talent. The best of the best in the IT pool will probably get snagged up at a university job fair or through an internship before they even graduate. Also, keep in mind that most universities don’t offer specific concentrations in cybersecurity. If your organization builds a strong relationship with a school, though, you could influence the curriculum to include more courses that teach candidates what you need them to know.

Additionally, the Intel report recommends companies ease up on the requirements for cybersecurity jobs by accepting candidates with nontraditional educations. Don’t focus strictly on college degrees. Be willing to consider experience and certifications in place of formal education.

Companies that take these steps will find themselves hardest to hack, and if you’re too difficult to breach, the hackers will find easier targets. Technology will only continue to evolve and expand. Laying the groundwork now for a solid cybersecurity workforce can only benefit your company today and in the years to come.

By Jason McDowell