Several IT reports and journals suggest that the U.S. and other parts of the world could be grappling with a shortage of cybersecurity professionals. The most recent of these indicate that the COVID-19 pandemic significantly aggravated this situation.

Do you agree that there's a deficit of cybersecurity experts? What about the increased adoption of the work-from-home business model — has it impacted the professionals to market demand ratio? In case these reports are factual, what is the way forward?

James Forbis, who offers IT consulting in Cincinnati with 4BIS.COM offers insights into the increased demand for cybersecurity experts globally.

How Has COVID-19 Impacted the Demand for Cybersecurity Experts?

We cannot deny that cases of data breaches have been on an upward trajectory in the recent past. Therefore, it is certain that cybercriminals have been busier — as they always are during global events.

Why the increase? Many organizations have allowed more employees to work from home. This means an expansion in the mobile workforce using more devices — which doubles the playground for hackers. Besides, the home work-environment is not as secure as an in-office setup. Many companies are not adequately prepared for the increased activity from online scammers and hackers. Workloads for cybersecurity professionals have also increased without substantial IT budgets to fill the resulting gap.

Could the increased cybersecurity breaches mean that the experts are overwhelmed or limited in size?

Is the Increase in Cybersecurity Breaches Due to a Shortage in Professionals?

The truth of the matter is that IT is very vast and undergoes a lot of changes. Just a handful of experts would not have all the requisite subject-matter expertise. However, this doesn't imply that you need too many experts in this field. In fact, most of the breaches are due to basic fundamental security setup and implementation holes.

Whether there's indeed a shortage or not, a cybersecurity crisis is looming — and we must sort it as soon as it's convenient. If it's true that there is an inadequacy of experts, how can we solve this and prevent a possible cybersecurity predicament?

What Is the Way Forward?

Everybody has a role to play, from government agencies to individual IT practitioners.

• Facilitation of New and Responsive Cybersecurity Training Programs: As we pointed out earlier, most breaches occur due to human error. With cybersecurity concepts changing and continuously advancing, you need to facilitate regular training for your professionals. Your other employees and departments must also be at the forefront of the latest tricks used by hackers and identity thieves. What about the gap due to a shortage of experts? Stakeholders must deliberately encourage those who want to pursue cybersecurity courses to do so — and follow up to ensure they get the best training. This can be done through awareness campaigns in various institutions of learning, especially high schools. Some of the areas that need urgent training include CISM, CISSP, and CISA.
• The Government Should Provide Funding: Techradar quantifies the base cost of taking a cybersecurity expert through a specialization course at $12,500. Suppose you need five experts, basic training alone will cost you more than $ 60,000. You still need to facilitate capacity building for them and the entire staff routinely. This is definitely a financial burden? How can the government chip in? By subsidizing tuition fees or regularly training experts already in this field. The FBI's IC3 has been very vocal in conducting online and some mainstream cybersecurity awareness sessions, but they could still do more targeted training. There are also some practical programs being rolled out by the National Science Foundation and the NSA. Still, these need more funding to broaden their base and coverage.
• You Need to Source (News - Alert) Cybersecurity Talents Outside the IT Base: For a long time, cybersecurity has been a preserve of IT experts, and a few from the military or law enforcement. Does this mean that it's only them who can prevent and solve breaches? We need to reimagine the definition of cybersecurity experts and source problem-solvers from various fields. It is said that gamers, for example, make very competent cybersecurity technicians.

Is Your Organization Grappling With Shortage in Cybersecurity Experts?

Research conducted by ISSA in late 2018 revealed that up to 74% of organizations surveyed were suffering from a shortage of IT professionals or related problems — up from 70% in 2017. Does this mean that the cybersecurity skills deficit is worsening? It’s difficult to substantiate from the ISSA survey alone. What’s clear, however, is that there isn't any evidence that indicates an improvement.

With a cybersecurity department that's limited in size or expertise, your network faces a more significant risk from external interference.

The best and readily-available solution is to find yourself support from a Managed Security Service Provider — either through full management or partnership with your existing team.

They come with several benefits among them:

• Highly trained and specialized experts.
• Better equipment and software.
• The advantage of several years of experience in handling cybersecurity issues.
• They help you save on cost — recruitment, training, and remuneration expenses are all on them.

Your business' success depends on the stability and security of your networks. Therefore, it is critical to have a cybersecurity team that is adequate in both scope and expertise.