As economies around the globe embrace digital transformation, a massive cybersecurity skills gap has emerged. In fact, a report released late last year suggests that an additional 3,4-million people need to be trained in cybersecurity and then hired to have any hope of closing this gap.
By Tony Walt, co-founder and director of Port443
This skills shortage has very real implications: cybercriminals have a growing upper hand on the organisations trying to keep them at bay, with potentially catastrophic consequences.
South Africa certainly isn’t immune to such issues. According to Fortinet’s 2023 Global Cybersecurity Skills Gap report, 86% of South African organisations have experienced more than one attack that could at least be partially attributed to a lack of cybersecurity skills.
South Africa’s ongoing brain drain further exacerbates the issue. It’s difficult to get an accurate sense of how many cybersecurity professionals leave South Africa every year, but there’s little doubt that they form part of the million-plus citizens who moved overseas between 2017 and 2022.
Within that context, it’s vital that organisations find ways to box clever when it comes to cybersecurity. In doing so, they must use all the tools and strategies at their disposal to overcome a skills gap that risks becoming a chasm as a result of the country’s brain drain.
Understand the threat environment
The first step any organisation should take in mitigating this issue is to understand the rapidly evolving threat environment in which it operates.
There is, for example, an increase in the use of automation by the threat actors. That’s made it easier than ever for them to identify and exploit vulnerabilities. It also means they can launch more attacks, more frequently, increasing their chances of success.
Additionally, the increased amount of noise generated by a growing plethora of cybersecurity controls makes it difficult to know which incidents are most urgent. The growing complexity of both the business and consumer technology landscapes adds further complications.
Within that context, taking a traditional containment-based approach to incident responses is no longer viable. Putting the skills gap and brain drain aside for one moment, the evolving threat landscape also means organisations require different kinds of skills to remain secure. Today’s cybersecurity experts need to be able to combine software development with their traditional skills.
It is, therefore, increasingly necessary for effective organisational security to have access to skills who can use APIs to integrate various technologies and automate the validation of policies as well as respond more effectively to attacks.
But such individuals are incredibly rare and sought after, which makes it difficult for organisations to recruit and hold onto them.
Mitigation through automation and education
With the right tools and strategies, however, organisations can mitigate this skills shortage to some degree.
By automating as many repetitive processes as possible, for example, they can free up highly skilled cybersecurity workers’ time, allowing them to focus on areas where their skills are most needed.
Here, artificial intelligence (AI) and machine learning (ML) have important roles to play. Over time, and with the right inputs, they can “learn” how to respond to threats. It’s by no means an overnight solution but, automation can be just as powerful in cyber-defence as it is in the hands of cybercriminals.
One of the most powerful strategies remains education. The vast majority of cybersecurity incidents involve human error, so it’s vital that regular security awareness training takes place across the organisation. Such training also means that the responsibility for keeping secure does not fall exclusively on the shoulders of the security team.
Having mature incident response processes in place also eases the burden on an organisation’s cybersecurity team and further mitigates any skills shortages.
An ongoing reality
Ultimately, it’s unlikely that the global cybersecurity skills shortage or South Africa’s brain drain will be resolved anytime soon. As such, organisations need to use all the tools at their disposal, including automation and education, to mitigate those shortages and stay as secure as possible.