Share this article on:
Organisations are falling short when it comes to skilled cyber security professionals and according to Trustwave, the reason is more about the number of professionals with the right level of skills and training not numbers.
It is estimated that Australia may need around 16,600 additional cyber security workers for technical as well as non-technical positions by 2026.
Despite the recent growth in Australia’s core cyber workforce, a substantial number of vacant cyber security positions remain unfilled because companies can’t find the right talent. The (ISC)² Cybersecurity Workforce Study for 2021 suggests the global cyber security workforce needs to grow 65 per cent to effectively defend organisations’ critical assets.
At any given time, there are a limited number of deeply skilled cyber security professionals, according to Jason Whyte, general manager for Pacific, Trustwave, explaining that external factors include pandemics, data sovereignty concerns, reduced student numbers in the pipeline, and the systemic network stressors of a hybrid workforce.
"The demand for cyber talent is further exacerbated by rapid changes to compliance, regulation, and reporting such as the new requirements of the Security of Critical Infrastructure Act 2018 (Cth).
"Additionally, organisations are feeling the impact of in-house requirements such as a converged IT and operational technology (OT) cyber security environment and the uptake in emerging technologies such as the internet of things (IoT).
"There is definitely a shortage of the right people with the deep understanding and knowledge to not only protect, but also detect and remediate cyber security challenges," Whyte said.
It's on organisations to take steps to either upskill their own workforce through learning and development or attract the right talent by offering growth opportunities and a culture that cyber professionals gravitate towards.
Having the propensity to effectively upskill their own workforce, encouraging a promising career trajectory, Whyte further explained, will help organisations encourage loyalty and retention.
"Like most sought-after employees, cyber specialists are searching for employers that support remote work, have interesting projects that enrich their careers, and actively appreciate their efforts.
"This is not just through financial incentives; it is about cultivating an organisational culture that supports employees and their growth as well as fostering inclusivity, openness, and diversity in a fun environment," Whyte said.
Another alternative may lie outside of the people factor altogether.
Depending on the type of cyber security skills that organisations are lacking, they may be able to complement their security team by leveraging technology to automate tasks or use partners to respond and remediate cyber alerts at 2am when their staff are not on duty, for example.
The right solution can help organisations track, hunt, and eradicate threats, keeping them ahead in a dynamic and complex cyber environment and increasing their cyber security resilience to combat the evolving threat landscape.
"With the right combination of skilled cyber security professionals, technology, and partners, organisations will be able to improve their cyber security posture in a rapidly changing and escalating threat environment," Whyte concluded.
[Related: Corporate Australia labelled an ‘attractive target’ for cyber criminals]