Enterprises need to mitigate the demand-supply gap by building long-term and short-term workforce strategies, talent transformation, and knowledge-sharing initiatives
The growing number of remote workers and increased online activities have augmented cybersecurity breaches like never before. In the first quarter of 2020 alone, the country saw 37% more data breaches than 2019, as per a study by IBM. According to another survey by Computer Emergency Response Team (CERT-In), India witnessed 1.16 million cases of cyberattacks in 2020, nearly three times that of 2019.
Taking advantage of COVID-19 driven work from home environment, cybercriminals have adopted a range of novel tactics to target insecure network endpoints to launch targeted campaigns and large-scale distributed denial-of-service attacks. Many companies, including Air India, Dominos, Facebook, Juspay, Bigbasket, Upstox, among several others, have seen data breaches in recent times, compromising the personal information of millions of customers.
Despite growing investments by organizations in deploying real-time cybersecurity solutions to spot and halt incongruities and unsure behaviors, it becomes challenging for enterprises to predict the new threat patterns. The growing drought of cybersecurity talent is further making the job of enterprise IT teams more challenging to create a robust in-house security monitoring ecosystem.
The industry findings reveal that companies that are understrength with cybersecurity professionals are more prone to cyberattacks. Much like the global phenomenon, India faces a massive skill-gap challenge and needs about ten lakhs of qualified cybersecurity professionals by 2025, according to Data Security Council estimates. The country currently has just about 2 lakh cybersecurity professionals.
Here are three steps the businesses must take to mitigate this talent shortage challenge and build secure networks for the future.
Short- and long-term planning
Most organizations are still at a very early stage of implementing security automation and response mechanisms and hence need quality cybersecurity in-house talent to build and monitor corporate security intelligence. However, having skilled talent onboard requires intensive practical experience, and due to the mismatch in the demand-supply equilibrium, all organizations can't hire and retain exceptional, experienced cybersecurity talent.
In such a scenario, IT leaders should focus on short and long-term workforce planning. For instance, hiring an external or foreign consultant to beef up cybersecurity ecosystems can be a makeshift arrangement, especially for big companies that can afford the fees of expansive consultants. However, enterprises need to train their IT teams on necessary skills and emerging technologies such as zero-trust to safeguard critical infrastructure and data for a long-term strategy.
There should be long-term planning on the kind of technologies that an enterprise wishes to deploy. Accordingly, they can take the services of external cybersecurity experts to get their people trained extensively on securing those technologies.
Essentially, scaling and firming up cybersecurity talent will be critical for a robust security approach in the era where technologies such as 5G, artificial intelligence, and automation will take center stage.
Reskilling, upskilling and more incentives
Another alternative for enterprises is to run-skill gap analysis and leverage the transferable skills of existing IT employees. Concerns such as poor career growth and lack of attractive incentives also prohibit many young IT professionals from entering the cybersecurity profession.
Organizations should take substantial efforts should be taken to reskill, upskill and retain the existing cybersecurity talent. Cybersecurity is an evolving and complex field. In the age of multi-cloud infrastructure, the industry witnesses new and unpredictable attacks every day. Cybersecurity professionals need to be vigilant like a military person and keep up with the latest trends to defend the networks. Regular training, certifications, and attractive incentives can go a long way in attracting young and experienced talent and retaining them for a more extended period.
Knowledge sharing and collaboration
It is essential to understand that in the cybersecurity space, most of the formal educational programs run by universities do not offer required training to the candidates to tackle threats in a real-time business environment. Moreover, most enterprises find it hard to absorb the essential cybersecurity talent considering the limited internal IT security training tools and resources at their disposal. They also can't afford to provide them long-term practical training without adequate supervision in the growing cybersecurity threat environment.
"Formal educational programs and industry cybersecurity training programs will never replicate cybersecurity experience, and employers must be willing to embrace their role in developing the cybersecurity leaders of tomorrow—a proposition that always carries the risk that the employee may leave. However, employers alone cannot shoulder this responsibility—especially when the resounding skills gap is not technical, but rather soft skills," states the ISACA report on State of Cybersecurity 2021.
Enterprises should take aggressive steps to tackle this demand-supply problem by devising industry-focused cybersecurity training and career development programs. Organizations can build a robust talent pipeline through partnerships and outreach programs with educational institutes and peer companies. Companies like IBM, HCL, Wipro, and TCS have taken early steps in this direction, but IT organizations need more training and reskill the existing cybersecurity talent pool.
This will help develop future-focused cybersecurity talent and bridge the industry-academia gap in the long run.