Cybersecurity: how skilled is the tech workforce?

The cyber security landscape is constantly evolving. As cyber attacks become more sophisticated, the need for IT professionals to stay ahead of the game is ever more essential. New threats are surfacing all the time and IT departments need to be prepared with a robust strategy for handling attacks.

According to our research, only half (50%) of UK businesses say they have the right skills to combat a cyber threat. Only half (51%) of IT workers said that cyber security was included in their training, and almost one in four (23%) say they are not confident in handling a cyber security attack.

So, why is the IT industry diffident in its ability to handle cyber security threats? One possible reason is the lack of cyber security skills in IT departments. Research carried out by Cybersecurity Ventures predicts that there will be 3.5 million unfilled cybersecurity positions by 2021. And given that cyber crime is predicted to cost the world $6 trillion annually by 2021, there is a real need to address the skills shortage.

How did the tech industry become so vulnerable to cyber security attacks?

Technology firm Cisco cites malware, phishing, man-in-the-middle and denial-of-service attacks as the most common threats to businesses today. The combination of rapid digital transformation and a cyber security skills gap has left the tech industry vulnerable to hackers.

Smaller companies in particular often struggle to handle cyber threats. The few security specialists that there are, tend to take up positions with larger companies, leaving small businesses with insufficient expertise.

For an overview of the skills gap in the tech industry, take a look at this short video from cyber security training organisation Cyber Training 365:

According to the 2017 Global Information Security Workforce (GISW) Study, 60% of decision-makers say that human error is the biggest cybersecurity risk facing businesses. For cyber attacks to be successful, people need to make mistakes. Security analytics firm Rapid7 analysed the threats faced by companies in the first quarter of 2017 and found that hackers mostly rely on human interaction to successfully infiltrate a computer network.

These findings demonstrate the need for cyber security education within organisations, not just in security roles, but company-wide.

How to address the skills shortage in cybersecurity

The cyber security skills shortage doesn’t look like it will be resolved any time soon in the industry’s current climate. Cyber security experts are in high demand and there are far more available positions than workers who are appropriately skilled to fill them.

Companies need to address the issue holistically, looking at their employees, processes and the technology they have available. Rather than relying on one expert to oversee all cyber security matters, companies need to make the most of their existing resources.

This means ensuring that all employees are aware of security best practices and are well-versed in the warning signs of a cyber attack.

Tech companies also need to realise when they’re unable to handle their cyber security needs by themselves. Outsourcing requirements to third-party providers ensures that responsibility doesn’t fall to one person alone. Outsourcing provides companies with peace of mind, knowing that their security is being handled by a skilled team of specialists.

Looking to the future, tomorrow’s workforce needs to be made aware that cyber security is a viable and rewarding career option. According to U.S. defence contractor Raytheon’s 2017 study Securing Our Future: Cybersecurity and the Millennial Workforce, 67% of men and 77% of women said that cyber security was never mentioned as a career in high school.

The UK Government has started taking steps to address the skills shortage. Dominic Harvey, Director at CWJobs has previously shared his insights on the matter in an article in Information Age. He said:

‘‘The Government has started taking steps to address the skills gap with plans to treble the number of computer science teachers in schools, introduce a national centre for computing, and boost digital skills with the provision of distance learning courses.

It’s really encouraging to see the government listened to the concerns of the tech industry and responded by putting in plans to upskill the next generation of tech employees. This is not only important for the UK to keep pace globally, but so that businesses and organisations can be adequately prepared in the event of a cyber security attack, for instance.

Now that we have a commitment from Government – and a clearer sense of where the skills are needed in areas like coding and cybersecurity – all parties can make a concerted effort to direct the new resources where they are needed most.’’

Technology’s role in protecting against cyber attacks

Given the shortage of cyber security skills in the tech industry, many companies are looking towards technology itself to provide support. Artificial Intelligence (AI), Big Data and machine learning can help bridge the skills gap.

Human capacity to defend against cyber security is limited – we can only process so much information at any one time. Machine learning, however, can handle billions of data in a matter of minutes, making the technology a useful tool in identifying cyber threats.

Although cyber security flags still need to be investigated by humans, technology can be the driving force for ensuring that companies have robust processes in place to handle threats as quickly as possible.

Cyber attacks are becoming more sophisticated and the tech industry’s skills shortage places small and medium-sized businesses at particular risk. Cyber attacks rely on human error, so companies need to ensure that their entire workforce is educated in identifying potential threats. The UK Government is now taking steps to ensure that the next generation of tech workers are aware of the career opportunities in cyber security. Coupled with developments in AI and machine learning, companies can begin to address cyber security from the ground up.