Vikas Kapoor, practice head: cybersecurity & GRC at In2IT Technologies, talks about the skills shortage facing cybersecurity.
The digital landscape has grown at a rapid pace over the past 10 years. This growth is increasing year-on-year as new trends are uncovered along with their enabling technologies. The sheer scale of our connected, digital world means that the scope for cybercrime has also broadened. As each new technology is unveiled, it introduces a new security risk.
South Africa has seen a steady rise in cybercrime, jumping to rank as the 31st most cyber attacked country in the world out of 117 countries. The situation is dire, and not helped by our vast shortage of cybersecurity skills. Cybersecurity professionals are constantly having to play catch up, and the development of cybersecurity skills is simply not keeping pace with digital and technological expansion – a lack which cyber criminals are capitalising on.

Mind the gap
This skills shortage is not confined to South African borders, and countries across the globe face similar challenges. The highly publicised global security breaches of this past year point to an increase in the prevalence of the likes of ransomware, a malware that keeps evolving to find new ways to penetrate and attack networks.
As fast as cybersecurity measures improve to bridge current security gaps, so does cyber threats, resulting in a continuous shortfall of suitably skilled people capable of properly protecting networks from intrusion.
Beyond the vast size of growing security concerns, another contributor to the dire shortage of skills in this critical sector is time. Becoming a knowledgeable expert in cybersecurity takes a considerable investment of time spent learning various technologies and systems, and understanding how they integrate. It takes time to build a pool of skilled resources, including time spent in the classroom, to time spent garnering experience protecting live networks. Unfortunately, the cybersecurity space is already on the back foot and time is of the essence.
Cybersecurity experts require more than just the skills taught in a classroom. They also require a mindset that thirsts for knowledge on security threats. It’s more than simply understanding how to protect a network but, also, what to protect it from. The ability to navigate and understand the dark web, or what new cybersecurity threats are emerging goes a long way towards a building proactive, security centric mindset.

Fill the gap
The challenge for businesses is that they do not necessarily have the right in house skills to cater to their growing cybersecurity needs. Furthermore, they may not have the right knowledge to hire people with the right skills either.
There is a distinct gap in the market for recruitment agencies that specialise in the cybersecurity industry. Organisations that are tackling this recruitment process themselves, need to ensure they are opting for individuals who possess the full package: suitable cybersecurity certifications, experience with multiple environments and the security centric mindset. However, such individuals are, for now, few and far between.
Organisations can look to co-sourced services to address their cybersecurity needs, partnering with experienced outsource partners to supplement their own teams, thus building on their skills while benefitting from the expertise of, well, experts.
From a national perspective, South Africa needs to begin addressing the skills gap before we can start to reduce our chances of cyber-attack. The United States of America have developed their NICE Cybersecurity Workforce Framework which details a framework around categorising, organising, and describing cybersecurity work into various roles and areas. South Africa, at a national level, should be looking to develop a similar initiative. Government led initiatives around building specific learning centres or training facilities for the development of cybersecurity skills would also go a long way padding skills development.
Additional encouragement of careers in this field can also be attained through offering tax breaks for students pursuing cybersecurity studies, or organisations who invest in programs for cybersecurity development. Perhaps even encouraging the bringing in of talent from outside of our borders, in order to supplement our skills pool as well as increase our knowledge base.
It’s a matter of time before South Africa feels the full brunt of being a cybercrime target. We need to act now to begin to address this gap before cybercrime affects our economy and our reputation.