In recent times, businesses are grappling with a formidable challenge in bridging the skill gap in the domain of cybersecurity. The relentless evolution and increasing sophistication of cyber threats, coupled with the ingenuity of threat actors, demand a cybersecurity workforce that is not only highly skilled but also exceptionally motivated and adaptable. Staying one step ahead of cybercriminals is an ongoing battle, where outdated knowledge and skills can quickly become liabilities. This dynamic nature of the field necessitates a continuous commitment to learning and upskilling, especially in the High-Skill & High-Will quadrant. However, complacency can be a stumbling block, as many professionals remain ensconced in their comfort zones, hindering timely upskilling efforts.
“Today, as organisations expand their digital footprint that extends across hybrid cloud environments and add more digital real estate, Security Operation Centre teams (SOC teams) have more data and assets to protect, less control, and increased complexity to tackle,” says Pradeep Vasudevan, Country Leader, Security Software, IBM India and South Asia. “This challenge is compounded by highly manual and labour-intensive processes to detect, investigate, and respond to threats. SOC teams have to manually stitch together insights and pivot between disconnected data, tools, and interfaces. In fact, a recent IBM study found that about 81% of SOC professionals feel that they are slowed down by Manual Investigation of threats.”Vasudevan further stated that in today’s digital-first world, cyberattacks are growing more disruptive and complex, as adversaries are also engineering attacks to cause disruption in society. An example of this is the advent of the ransomware-as-a-service model globally – which allows even threat actors with limited skills to carry out cyberattacks. In such a scenario, security AI and automation can be the driving force needed to help defenders bridge the speed gap with attackers.
In the Jan-May period of 2023, reports indicate that 30% of the 40,000 cybersecurity positions remained vacant due to a lack of skilled professionals. “To address this challenge, boosting resource availability and fostering cybersecurity talent development through industry-wide initiatives and strategies is crucial,” says Maninder Bharadwaj, Global Head – Cybersecurity and Risk Management, Tech Mahindra. The key to enhancing the security resource pool is to reskill individuals with adjacent technology knowledge to become cybersecurity experts, for instance, cloud-skilled individuals being reskilled to cloud security experts. Additionally, improving diversity is a crucial step towards addressing the shortage of skilled workers, as a more diverse pool of candidates can lead to a wider and more skilled workforce. Another effective approach is to emphasise communication skills in conjunction with technical skills to bridge the cybersecurity skill gap. Bharadwaj also suggested that organisations can consider partnering with universities to promote knowledge-sharing and establish recruitment channels for new talent while navigating a constantly evolving cybersecurity landscape.
“It is essential to recognize that cybersecurity is not solely a matter of technology; it is a collective responsibility that transcends industries, borders, and backgrounds,” says Teja Manakame, Vice President (IT), Dell Technologies. “It is about protecting our shared digital ecosystem and ensuring that it remains a force for good. In today’s hyperconnected world, the threats we face are constantly evolving. From ransomware attacks that hold businesses hostage to the theft of sensitive personal information, the cyber landscape is fraught with peril,” Manakame added.
Ratan Jyoti, CISO, Ujjivan Small Finance Bank Ltd., firmly believes that automation can help bridge the cybersecurity skill gap. Automated tools excel in promptly identifying and responding to known threats, effectively reducing the workload on cybersecurity professionals, and mitigating the risk of burnout. They proficiently handle repetitive and routine tasks, liberating human experts to concentrate on the more intricate and critical dimensions of security. Furthermore, automation exhibits impressive scalability enabling it to manage vast quantities of data and security events—an undertaking that would be impractical for an individual. Additionally, automation can assist in gathering and correlating data during incident investigations, thus accelerating response times.
“However, while automation can certainly play a supplementary role in cybersecurity, it should not be overemphasised at the expense of human expertise,” says Prateek Bhattacharya, CISO, Liventus, Inc. “In my opinion, the human element remains absolutely crucial in addressing the cybersecurity skill gap, while automation can be used as a supporting tool for quicker responses rather than a 1:1 replacement for skilled professionals.” Bhattacharya says that to find the right balance, organisations must focus on investing in the training and development of cybersecurity professionals to build great teams, and for fostering a culture of continuous learning and improvement.
Bridging the cybersecurity skill gap is definitely a challenge for CISOs. “When it comes to talent development, it is important to invest in the continuous growth and development of your existing team. Building a diverse team is also crucial as it taps into a broader pool of talent,” says Srinivasan Mahalingam, Group CISO and DPO, ANSR. He advised not to forget to leverage automation and AI to enhance the team’s capabilities. He emphasised that collaboration is key, so partnerships with educational institutions, industry groups, and peer organisations need to be made. Srinivasan also mentioned to stay informed about the evolving threat landscape and adapt the strategies accordingly. He expressed the belief that together the cybersecurity efforts can be strengthened.