Corporate espionage, international spies and teenage hackers make for easy headlines but a major issue keeping security professionals awake is the news that the skills gap within the IT security industry could reach a 1.5 million person shortage by 2020 (Global Workforce Survey 2015, Frost & Sullivan). Despite this, The Cybersecurity Market Report carried out by Gartner states that investment within the industry is on the rise.
Global spending on IT security is set to increase by 8.2% at the end of 2015 to $77 billion. In three short years, predictions suggest the world will spend a total of $101 billion on cybersecurity. A growing industry with a shrinking workforce sounds like a recipe for disaster, but it does not need to be.
Reducing The Impact Of The Skills Gap
The question is this: how can we reduce the inevitable damage that a cyber security skills shortage would inflict on successfully combatting cyber criminals who pose risk? There are four main areas that could dramatically improve the industry’s skills situation: education, government, business, and the global network of IT security professionals itself.
Start the learning early and make IT security part of the curriculum in schools around the world. From a young age, teaching about everything from cyber threat, hacking and protection, to IT programming, network engineering and real time technology is vital to growing the numbers of IT security professionals we will have in the future. AQA, one of the UK’s biggest examination boards, recently announced offering ‘Tech-levels’ to college students. This needs to be a global reality and offers countries the opportunity to lead the way in the fight against cyber criminals.
Global governments need to support the education sector by continuing to invest in the industry, its skilled workforces and in technological development. Working together is the only way we can ensure we have the right people with the right skills, to combat those who risk our security.
Businesses need to invest in their IT security departments as a whole and ensure that ongoing training is offered to the skilled professionals they hire. Organisations must also broaden the knowledge that all employees have of cyber security. It is not a concern isolated to the cybersecurity professionals; every employee must be educated of the possible risks attached to remote working and Bring Your Own Device (BYOD).
Despite the skills gap, there is a global network of highly skilled and very experienced IT security professionals who have a wealth of knowledge that could be easily shared for global benefit. Platforms are gradually emerging that allow industry professionals to anonymously share their knowledge amongst peers as well as debate cybersecurity threat, solutions and technology. However, so much more could be done to create a wider understanding within the global IT security community.
There are a number of reasons why the IT security skill gap exists. Firstly, as cyber attacks continue to get more sophisticated and difficult to identify – let alone remedy – the more pressure there is on security experts to stay one step ahead.
It is my belief that the focus should not be on the skills gap itself, but on how to reduce the impact it has on businesses and their security. The clear answer is to work together to find a long term solution. However, in the shorter term, we need to find better ways to support existing workforces and security departments. Real time intelligence and threat forensic technology working simultaneously with educated employees and a well-funded IT security department, will ensure greater, faster, more robust security for all organisations.
Anton Grashion is Director of Security Market Strategy EMEA for Intel Security and has over 20 years’ experience in the IT industry, spanning across research, teaching, product development, product management, entrepreneurship, consultancy and IT management. For the past 16 years, he has specialised in cybersecurity and how best to understand the rapidly changing landscape of threat, response and macroeconomic impact.