In March, Communications Deputy Minister Pinky Kekana announced that government was developing a long-term vision to address the cybersecurity skills within South Africa.

Kekana advised delegates at the CEO Forum for Cybersecurity that government was looking at instituting formal qualifications at NQF 5 level and graduate and post graduate degrees.

With the global skills shortage in this sector reaching nearly 3-million last year worldwide, the announcement couldn’t come at a better time. It is well known that the cybersecurity industry needs qualified and skilled individuals, and with cyber threats constantly on the rise, it is imperative to grow the skill set of those involved in cybersecurity.

“Trend Micro commissioned an Opinium survey which showed that almost 50% of the CISOs surveyed were gravely concerned about this skills shortage. Last year we blocked over 48 billion threats, but they still keep coming and they are becoming more and more advanced. This skills shortage actually puts enterprises at much higher risk of attack,” advises Indi Siriniwasa, vice-president of Trend Micro, Sub-Saharan Africa.

This makes things difficult for the CISO. Not only are they up against a skills shortage, but there is also a lack of cybersecurity in a number of organisations. Of course, these challenges can lead to easier targets for cyber criminals.

The question is, what do enterprises do in the meantime, while this skills shortage is being addressed? Advanced technologies, automation and the use of AI have been used successfully by a number of companies seeking a solution. Although AI and enhanced analytics are part of everyday process it must be able to be adapt to the work place to automate these processes While this may alleviate the challenges right now, the bigger issue is fostering the skills needed in the industry.

“Many IT departments are understaffed and the employees in those areas are often expected to be a jack of all trades taking care of anything from installing software to cybersecurity. Managed detection and response is an answer for the corporation looking to fill the skills gap, and it can save the enterprise money as well. Ultimately, however, we need more people in the cybersecurity sphere who know what they are doing, ” says Siriniwasa

Investing in training from the roots up as early as primary school level, could plant the seeds for the next generation of security leaders. This will clearly take time – and possibly a generation – to build, however, and a more immediate solution would be of the utmost importance.

“As the broader IT landscape has changed why not repurpose these skills into cyber security skills? The bases of cybersecurity still require basic IT knowledge in order to function. Organizations need to focus more on upskilling individuals to have more of a specialized field – like cybersecurity. The future lies in the hands of the organisation as much as it does with the education sector,” says Zaheer Ebrahim, senior sales engineer at Trend Micro, Sub-Saharan Africa.

One thing is clear is that the skills shortage in the cybersecurity sector is one that has to be addressed, and quickly. With new threats surfacing every day, the risk continues to grow of breaches, which can have powerful adverse effects on any organisation. While upskilling remains the solution for the time being, certified courses and training is undoubtedly a necessity and the way forward.