Written By: Naveen Jaiswal, Founder and Director, Vehere
Cybersecurity has been one of the prime concerns for enterprises for quite some time now. An Accenture report states that 68 percent of business leaders are bothered about the increasing security threats. The situation has worsened drastically since the outbreak of the pandemic. About 36 billion records were leaked through data breaches in the first half of last year, revealed a report by RiskBased.
In such a scenario, the enterprises have a Herculean task to safeguard their businesses and assets. However, they face challenges in that regard: the talent or skill gap. The demand for people with cybersecurity expertise has risen by 18 to 20 percent in the last few months, according to TeamLease Digital. But Sophos’ survey, in collaboration with Tech Research Asia, makes it clear that 60 percent of companies in India find it difficult to get people with the desired skills. Security analysts, security architects, threat hunters and cloud security experts are in much demand. At the same time, cybersecurity requires 24×7 monitoring.
Not an ideal scenario:
This acute talent drought exacerbates the situation, especially when we see increasingly people are working from home and bad actors finding more vulnerabilities and resorting to sophisticated methods to launch attacks. It does not sit well, especially when India recently made it to the top-10 in Global Cybersecurity Index (GCI) 2020 by the International Telecommunication Union. Also, the country’s cybersecurity products industry registered a steady jump from $475 million in 2018 to $1 billion in 2020 (as per the Data Security Council of India). The mismatch between the requirement for cybersecurity personnel and the availability leads to three key issues:
- People inexperienced at handling specific portfolios are required to do so, which can have catastrophic consequences.
- The existing employees are overworked. That is not an ideal scenario for security professionals.
- The cybersecurity solutions in place need to be monitored and managed by analysts. That, however, is not always possible with inadequate staff.
The positive aspect is Kaspersky’s observation of a 3 percent increase in cybersecurity spending share of the total IT budget for small, medium and large enterprises in 2020, compared to the year before. That doesn’t bridge the skill gap overnight. Enterprises cannot afford to wait until that time and need to have mechanisms to secure their data, information and resources.
- Enterprises can employ companies specializing in cybersecurity to look after the core and most critical processes and actions. At the same time, automated solutions, powered by Machine Learning and Artificial Intelligence, can reduce the monitoring workload to some extent.
- Current employees need to be upskilled to handle cybersecurity aspects and portfolios.
- Enterprises may explore recruiting people with complementing skill sets who are better placed to support cybersecurity activities.
- Engage, encourage, and collaborate in the process of developing cybersecurity talents through education and special courses.
Irrespective of whether an enterprise is big or small, a cyberattack can cause irreversible damage. Thus, the current supply gap in terms of cybersecurity talent is appalling and does not bode well. The problem needs to be tackled head-on and measures adopted to address it to carry out business in a more secure environment.
Bridging the talent gap is a matter of paramount importance if the enterprises are to carry out their operations without disruptions in this dynamic cyber environment.