As threat levels continue to rise, it’s vital to ensure you have an A Team in your corner, writes Glen Maloney from ExtraHop.
In the early 1990s, Northern Ireland pop group D:Ream raced to the top of the charts by singing Things Can Only Get Better. But unfortunately, when it comes to finding cyber security talent in the 2020s, the opposite is very much the case.
Despite the recent proliferation of tertiary education courses in cyber skills, and heightened awareness of cyber security in the community, severe staff shortages persist and successful cyber attacks are on the increase. Recent examples include the attack on JBS Foods in May 2021, which disrupted meat processing in the US and Australia, and the China Microsoft hack, which saw an estimated 7,000 Australian servers affected by an Exchange email and calendar vulnerability.
Meanwhile, decision makers have twigged that having the right set of skills and talent to manage cyber attacks and data breaches is no longer just a technical challenge for the boffins in the back room to manage.
Today, organisations of all sizes need to look for inventive ways to fill cyber security roles. Indeed, the federal government is leading the way, having committed $1.67 billion to its 2020 cyber security strategy, including $89.9 million to hire 100 cyber detectives within the Australian Federal Police.
The cyber skills shortfall
Australia continues to suffer from a longstanding and well-documented skills shortfall in the cyber security sphere. AustCyber research suggests that in the 12 months prior to September 2021, there were over 14,000 job vacancies for dedicated and related cyber security roles in Australia. Restrictions on international movement imposed to stop the spread of the COVID virus have exacerbated the problem, prompting RMIT Online chief executive Helen Souness to call for a concerted response from government, industry and the education sector.
“Traditionally, we’ve done a lot of importing skills and that’s been really fantastic to bring in experts in some of these areas. But that’s not an option anymore – we have to grow these skills,” she told AAP last year.
She’s right, of course. But few businesses have the time or inclination to wait for a pipeline of new talent to become available some time during the next five years. They need cyber security leaders and workers with the knowledge and skills to tackle the myriad challenges this year will uncover, including managing remote and hybrid working and the security issues associated with migration to the cloud. And they need them now.
One option may be to augment your team with IT professionals who have skills aligned with security, such as network engineering or forensics.
Poaching is also a problem for many organisations, and HR departments need to develop strategies to encourage cyber specialists to stay put. Organisations may also need to work harder to attract more women into the field. Offering flexible working arrangements and family-friendly policies that support work-life balance is key to attracting and retaining top talent – both male and female.
Accessing international talent remotely is a potential interim solution to the skills shortage but one which may meet with resistance in some organisations, from leaders chary about the wisdom of offshoring vital, sensitive work to organisations and individuals in foreign jurisdictions.
Remunerating security professionals, from the CISO down, competitively, providing them with a clear path for career advancement and publicly acknowledging the vital contribution they make to the enterprise can help keep your team onboard and onside. Make your organisation a fun place to work, reward your staff well and reap the benefits.
Adopting technology that provides your cyber specialists with greater insight into threats, and makes it easier for them to detect and disarm advanced attacks before damage is done, can also help to mitigate the threat posed by a shortage of bodies on the ground.
In 2021, the risk of falling victim to a cyber attack, e-crime or data breach is real and rising for Australian organisations. Any incident can be disruptive and expensive – and damaging to your enterprise’s reputation – particularly if customer data is compromised. Ensuring you have the talent and tools that can stop you from becoming a statistic should be a high priority, now and into the future.
Glen Maloney is the ANZ regional sales manager at ExtraHop.