Share this article on:
Cyber security has begun rising to the top as one of the key concerns for business leaders in 2022. Because of this, building strong cyber security programs that can hold up to today’s ever-changing threat landscape is a business imperative, Aaron Rosenmund at Pluralsight, writes.
According to PwC’s 24th CEO Survey, 95 per cent of Australian CEOs saw cyber risks as the top threat to business growth. Cyber security challenges are exacerbated by a talent shortage in the cyber security workforce. It is estimated that Australia may need around 16,600 additional cyber security workers for technical, as well as non-technical, positions by 2026.
Pluralsight’s 2022 State of Upskilling Report, which surveyed 760 technology learners and leaders on the most current trends in skill development, corroborated these cyber security trends. The report found that cyber security was the top personal skills gap among 38 per cent of Australian respondents, above cloud computing (33 per cent) and data storage (31 per cent). Additionally, 44 per cent of respondents agreed that cyber security skills gaps were the largest current risk to their organisation.
The cybersecurity skills gap
According to research from the Australian Cyber Security Centre, cyber attacks are on the rise in 2022. Over the 2020–21 financial year, the ACSC received over 67,500 cyber crime reports, an increase of nearly 13 per cent from the previous financial year. The self-reported losses from cyber crime total more than $33 billion. These staggering figures emphasise growing cyber security issues that are plaguing most modern organisations. Organisations’ difficulties in keeping up with the changing cyber security landscape has created a cyber security skills gap.
In a time when cyber threats are so prolific, it’s more important than ever to have a skilled cyber security workforce that is able to defend against sophisticated and varied attacks. However, as the State of Upskilling Report suggests, a large portion of today’s tech workforce does not feel they have the adequate skills to meet their organisation’s cyber security needs. Simply put – business leaders have work to do to hone their technologists’ cyber security skills.
With the rate at which the cyber security landscape is changing, businesses need new tools in their arsenal to handle increasing cyber threats. Organisations and business leaders must provide their technologists with the tools they need to keep their organisations safe and secure.
Securing the perimeter through upskilling
Tackling the cyber skills gap can seem daunting. There is some good news, however – technologists are eager to bolster their tech skills. According to the State of Upskilling Report, 92 per cent of Australian respondents want to improve their tech skills. Technologists are also demanding that their organisations provide them with the means to do so, with 36 per cent of respondents saying that they have considered changing jobs because they weren’t given sufficient resources to upskill. Additionally, 73 per cent of respondents agreed that their organisation’s willingness to dedicate resources to developing their tech skills affects their plans to stay with the organisation.
Despite the fact that technologists are asking for more learning opportunities, most organisations still do not set aside dedicated time for their technologists to boost their skills. The State of Upskilling Report found that only 44 per cent of Australian organisations allocate dedicated work time for learning. While this represents a fairly sizable chunk of Australian enterprises, every organisation needs to be providing their employees with dedicated upskilling time.
The first step in closing this cyber skills gap is to arm cyber security professionals with resources such as on-demand cyber security training, hands-on learning opportunities to understand both red and blue team perspectives, and flexible upskilling options that fit in with cyber security pros’ busy schedules. The key takeaway here is that cyber security training should not be optional for anyone within your organisation, let alone your cyber security experts. In order to keep your organisation’s cyber security program strong, you must continuously arm your tech teams with the knowledge that will help them defend against the next cyber security attack.
Strategies for long-term cyber security success
Your cyber security teams will never be done learning in order to future-proof your organisation’s cyber security program. Because of this, your organisation’s cyber security program must be constantly updated and maintained.
Creating a culture of learning within your tech teams will help your technologists develop a proactive, rather than a reactive, approach to cyber security. This means that your organisation must have programmatic steps in place to constantly renew cyber security knowledge and best practices.
Just like the cyber security threat landscape is constantly changing, so too are the methods for defense. New cyber security strategies are being developed every year to stay ahead of attacks. For instance, zero-trust architecture, a cyber security method that does away with the idea of “trusted” insider and “untrusted” outsider, has begun gaining traction in private businesses and governments alike, ushering in new standard operating procedures for security teams. Staying abreast of these cyber security trends takes more than superficial knowledge, however, it requires coordinated action in the form of testing, implementation, and evaluation to drive towards long-term cyber security success.
The need for cyber security skills will only increase in the near future, and the need for skilled cyber security pros will grow with it. Organisations that prepare for the future of their security programs, rather than scrambling to block attackers only in the present, are the ones who will be best prepared to take on the latest threat.
Aaron Rosenmund is the director of security research and curriculum at Pluralsight.