As Australia continues to grapple with the impact of a significant cybersecurity skills shortage, highlighted by recent major data breaches, a major concern is whether the country has the resources to strengthen its resilience.
Recently, e-prescribing company MediSecure fell victim to a massive ransomware attack, which, along with other major incidents in recent years such as Optus, Latitude Finance and others, is yet another reminder of the ongoing and urgent need for skilled cyber security professionals.
It's estimated that the demand for cyber security skills is growing by 5,000 people each year. Unfortunately, the nation's university system is only expected to produce around 2,000 cyber security specialists per year by 2026. This shortage means more organisations are at risk, undermining the Australian Government's entire core strategy, the Cyber Security Strategy 2023-2030.
This means Australia cannot close its talent gap by continuing as is. A multifaceted cyber security strategy, underpinned by investment in expanding cyber capabilities, would help Australia address the underlying reasons why so many data breaches are reported so frequently. But it will require a collaborative effort from industry, government, the private sector and individuals.
Seven Solutions to Your Cybersecurity Challenges
Overcoming the widening gap between the demand for cybersecurity capabilities and their availability in the job market requires a multifaceted approach.
Encourage individual self-improvement
Making it easier for individuals with existing skills to add cyber security skills is a direct way to strengthen the overall depth of skills within Australia. The incentives are there, as cyber security skills can lead to increased incomes; all that's needed is greater access and availability of flexible training (such as online or evening courses) so people can study whilst working.
Capacity building in the university sector
Cybersecurity represents a lucrative career opportunity, and combined with targeted programs, it should be possible to produce more graduates with cross-disciplinary competencies beyond current projections.
Improve international talent development pathways
In the recent federal budget, the Australian government announced plans to make it easier for skilled migrants to obtain visas while reducing the overall number of immigrants into the country.
With most countries around the world struggling with a cybersecurity skills shortage, the social, lifestyle and career benefits of living in Australia should help the country maintain demand for skilled migrants.
SEE ALSO: Women in Cybersecurity: ISC2 Study Reveals Pay Gap and Benefits of Inclusive Teams
Developing solutions in collaboration with industry
Google recently announced plans to integrate AI into its cybersecurity products, and there are also a growing number of consumer-level tools available to help individuals manage their own security risks, such as Bitdefender's Scamio.
Increase investment in cybersecurity
Teams in the most “high risk” sectors, such as banking and healthcare, are expected to increase their investments in cybersecurity as they have the greatest interest in protecting their customers. This may mean that it will be harder for organisations outside of these sectors to find talent, but across the country, the impact of a breach should be less.
Implementing a digital identity solution
The government is taking steps to secure the country with a digital ID solution. Although controversial, this means that individuals will no longer need to send critical identification documents to private companies when applying for loans, home rentals, etc. Because an individual's data will not be stored by multiple private companies, individuals can have greater peace of mind that cybercriminals will not be able to access their identity information, even if one of the companies is compromised.
Invest in the country's education
Technology tools can help, but cyber security needs to be treated like fire safety or first aid, and all Australians are encouraged to develop a basic understanding of security best practice and continue to update their knowledge regularly.
How cybersecurity leaders can help manage the risks of skills shortages
It may sound counterintuitive for cybersecurity leaders, but the goal is to leverage technology and partnerships to reduce the workload for your team. To be effective, your in-house security team must shift its role from a so-called frontline to one that is more strategic and oversight-focused.
To achieve this goal, cybersecurity leaders must:
- Partner with a Managed Security Service Provider: Cybersecurity professionals should consider partnering with a managed security services provider to expand their capabilities. MSSPs can offer a range of services, from 24/7 monitoring to advanced threat detection and response. This partnership allows in-house teams to benefit from the MSSP's expertise and technology, helping to fill gaps in their capabilities.
- Engage in public-private partnerships: Public-private partnerships can be a powerful tool in combating cyber threats. By working together, the public and private sectors can combine their resources and expertise to develop a stronger security framework. These partnerships also facilitate the sharing of threat intelligence and best practices, strengthening the cyber resilience of the nation.
- Prioritize strategic risk management: It's essential for cybersecurity professionals to prioritize strategic risk management. This involves identifying the most critical assets and vulnerabilities within an organization and focusing efforts on protecting these areas. Taking a risk-based approach allows professionals to more effectively allocate limited resources and mitigate the most significant risks.
- Focus on strengthening the role of the CISO within the enterprise: Currently, the CISO is considered one of the more “minor” roles within the C-suite, with the CIO still overseeing the strategic direction of IT. Smaller companies often don't have a CISO at all. This needs to shift to the realization that good cybersecurity is a strategic priority, because reducing IT risk helps organizations get more out of IT. Across the organization, there needs to be more effort put into aligning security teams with the rest of IT operations.
