A Fortinet executive identified in a post for the World Economic Forum (WEF) that a global shortage of nearly 4 million cybersecurity professionals is currently being experienced, and this skills gap is expected to widen due to rising demand for cyber experts. Concurrently, nearly 90 percent of organizations reported experiencing a breach in the past year, a situation they partly attribute to the scarcity of cybersecurity skills. He also expects that with a consistent year-over-year increase in the demand for qualified cybersecurity professionals, this deficit will only grow wider.
“The impacts of the skills shortage are felt among businesses of all sizes across all industries,” Rob Rashotte, vice president for global training and technical field enablement at Fortinet, wrote in his WEF post on Tuesday. “By working together, we can create and share actionable approaches to help every organization build a sustainable cyber talent pipeline.”
He highlighted that public-private collaborations are crucial for closing the cybersecurity skills gap. Just as no single organization can combat cybercrime alone, these partnerships are vital to collective efforts in addressing the shortage of cybersecurity professionals.
Quoting data from a Fortinet ‘2024 Cybersecurity Skills Gap’ Report, Rashotte detailed that 87 percent of leaders said their organization experienced one or more security breaches in 2023. More than half of those respondents indicated that breaches cost them more than $1 million in lost revenue, fines, and other expenses last year.
Amidst this scenario, more than 70 percent of security leaders said their board members are taking a greater interest in cybersecurity than before, which sets a foundation for organizations to dedicate more focus and resources to building a pipeline of cybersecurity talent.
Rashotte prescribed three key areas for organizations to focus on to grow the cybersecurity workforce and fill critical positions. These include identifying and recruiting from fresh cyber talent pools, offering continuous learning opportunities to existing employees, and developing a cyber-aware workforce.
When it comes to identifying and recruiting from fresh cyber talent pools, Rashotte said that over half of organizations struggle to recruit cybersecurity talent. He added that with an additional 4 million professionals needed to fill vacant cybersecurity roles, recruiting from new talent pools is vital.
“Many organizations are already implementing unique recruiting strategies to bring new talent to the field. More than 70% of IT decision-makers have structured recruiting efforts targeting women, and 60% have similar initiatives for minority candidates,” according to Rashotte. “There are numerous public-private collaboration efforts in place as well designed to provide individuals of all backgrounds and career levels access to cybersecurity educational opportunities.”
The World Economic Forum’s Strategic Cybersecurity Talent Framework offers valuable guidance on attracting new talent to the profession, including prioritizing diversity and inclusion, hiring from underrepresented groups, partnering with academic institutions to attract qualified candidates, showcasing learning and career development opportunities, and developing in-house talent.
Addressing the need to offer continuous learning opportunities to existing employees, Rashotte identified that while recruiting new talent to the field is critical to shrinking the skills gap, organizations must also identify ways to retain current talent. This could be accomplished through upskilling current cybersecurity hires or reskilling individuals within the organization who possess key soft skills that can translate to a cybersecurity role.
Pointing to the Fortinet report, Rashotte said that employees want to learn and grow, while 50 percent of leaders say that a lack of training and upskilling opportunities is their biggest retention challenge.
“Offering employees the chance to earn cybersecurity certifications is a great place to start and benefits both the individual and the organization,” Rashotte added. “More than a third of cybersecurity professionals look forward to earning a certification, and 89% of IT leaders say they will pay for an employee to obtain these certifications. Leaders hold certifications in high regard, noting that those employees who pursue these opportunities have increased skills and knowledge, perform job tasks better, and grow their careers faster.”
In addition to recruiting new cybersecurity talent, Rashotte pointed to the need to develop a cyber-aware workforce as a critical component of any risk management strategy.
A recent Fortinet survey found that 81 percent of organizations faced attacks that directly targeted users, such as malware, phishing, and password attacks. “When employees know about common risks like phishing and social engineering, they can be a solid first line of defense against attacks. In the past year, 61% of leaders said their organization has discussed or implemented security awareness training programs for all employees,” the post added.
Rashotte explained that to create an effective security awareness education effort, leaders should establish a vision for the initiative, cover relevant topics, and develop a long-term strategy for delivering new content and engaging with employees.
In March, the European Union Agency for Cybersecurity (ENISA) published an executive summary of the second iteration of this year’s ‘Foresight Cybersecurity Threats for 2030’ presenting an overview of key findings in the top 10 ranking. The study reassesses the previously identified top ten threats and respective trends whilst exploring the developments over a year.
Comments
Post a Comment