Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa.
With budget constraints and a limited supply of skilled talent, businesses need to get creative to defend against rampant cybersecurity threats.
March 18, 2024
COMMENTARY
Globally, cybersecurity threats continue to accelerate in pace and scale with rising malware and deepfake attacks. Over a third of organizations worldwide suffered a material cyber incident from malicious actors in the past year, while 73% were affected by ransomware attacks in 2023. With these cyberattacks come serious financial costs — global damages total an astonishing $8 trillion each year. As attack surfaces continue to expand and cybercrime emerges as the world's third-largest economy, trailing only the US and China, the time to act is now.
Cybersecurity professionals are key to addressing this problem. Yet, the global cybersecurity skills deficit has reached a record high of 4 million. In the UAE alone, a recent study finds that 66% of IT managers believe their organizations lack "the right people and processes to be cyber resilient." So why is there a growing disparity between the demand for cyber staff and the availability within the talent pool, and how can we tackle this?
There are multiple reasons for the ongoing cybersecurity skills shortage. First, as breaches increase year over year, there is continued high demand for high-quality cybersecurity professionals, such as those proficient in cloud security, threat intelligence analysis, and incident response, and the supply of qualified individuals has not kept pace. For instance, the Middle East and Africa have a total cybersecurity workforce of about 402,000 people but require another 102,000 professionals to meet demand. This shortage of workers means cybersecurity teams are overworked and time-poor and struggle to identify and prevent threats in a timely manner, which leaves businesses vulnerable.
Also, there is a shortage of high-quality cybersecurity programs in schools and higher education institutions. While there are good examples, many programs have limited course offerings and outdated curricula. The result is a shallow pool of candidates who can identify, assess, and mitigate cyber threats such as phishing attacks. Similarly, many current cybersecurity programs are not up to date with the latest cyber threats, leaving a gap between the skills taught and those required in real-time scenarios.
Limited organizational funding for security training is another contributing factor. According to a recent report, 31% of respondents cited lack of budget as a key challenge. Insufficient budget allocations mean organizations must deal with outdated technologies and tools and struggle to prioritize employee training. This leaves critical systems and data exposed to potential breaches.
For businesses looking to mitigate the effects of the cybersecurity skills shortage, upskilling and reskilling staff through ongoing education and learning is one of the most important steps. To do this effectively, businesses must first conduct a comprehensive assessment of the existing skills within the organization and then determine the cybersecurity skills required based on the company's industry, size, and risk profile. Equally important is creating an environment that encourages a continuous learning culture, helping staff stay up to date with cybercriminals' latest tactics, techniques, and procedures.
We also need to shift towards a skills-based hiring approach, broadening the pool from just those who have a cybersecurity-related education, such as computer engineering degrees. Soft skills such as communication, teamwork, and problem solving are also vitally needed in our sector. With the ongoing skills gap and many cybersecurity skills being transferrable, recruiting workers from outside the industry could fill hiring needs faster by tapping into a wider talent pool. It also allows the opportunity to employ more creative solutions to cyber threats.
Another way to tackle the shortage is through raising awareness among C-suite executives and decision-makers about the importance of cybersecurity skills, the talent deficit, and the economic and security implications. Corporate boards and government oversight bodies need to continuously update their knowledge on developments in the cybersecurity landscape, as well as receive training to ensure they understand their roles in risk management and can make informed decisions.
To conclude, as organizations across industries and geographies continue to rely on digital technologies, we need a robust cybersecurity workforce to protect networks and data from emerging cyberthreats. Going forward, the focus needs to be on upskilling staff, shifting towards a skills-based hiring approach, and encouraging more collaboration between industry and government. To be more effective, businesses must prioritize areas where the demand for skills is growing, such as cloud security, and create an environment that supports developing those skills.
Read more about:
Jesper Trolle
CEO, Exclusive Networks
Jesper is a vastly accomplished entrepreneurial channel business leader who joined Exclusive Networks — a global trusted cybersecurity specialist for digital infrastructure — as CEO in September 2020. Since starting out in his native Denmark building successful reseller and distribution businesses, Jesper has amassed almost three decades of executive experience and worked around the world at the head of multibillion-dollar VAD organizations. He was President of the Americas for ECS Arrow prior to joining Exclusive and holds an MBA from the Henley Business School.
You May Also Like
How To Optimize and Accelerate Cybersecurity Initiatives for Your Business
Building a Modern Endpoint Strategy for 2024 and Beyond
Building a Modern Endpoint Strategy for 2024 and Beyond
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
Cybersecurity Strategies for Small and Med Sized Businesses
CYBERSECURITY’S HOTTEST NEW TECHNOLOGIES: WHAT YOU NEED TO KNOW
Black Hat Asia – April 16-19 – Learn More
Industrial Networks in the Age of Digitalization
Zero-Trust Adoption Driven by Data Protection
How Enterprises Assess Their Cyber-Risk
Zero Trust and the Power of Isolation for Threat Prevention
2021 Data Breach Investigations Report (DBIR)
Upgrade your cybersecurity in the era of AI
A Solution Guide to Operational Technology Cybersecurity
Incident Response Planning Guide
Endpoint Best Practices to Block Ransomware
2023 Software Supply Chain Attack Report
CYBERSECURITY’S HOTTEST NEW TECHNOLOGIES: WHAT YOU NEED TO KNOW
Black Hat Asia – April 16-19 – Learn More
Copyright © 2024 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.