Introduction:
A cause-effect relationship is becoming increasingly evident within the cybersecurity world. A shortage of qualified candidates who are capable of tackling cybercrimes and preventing data breaches have resulted in both individuals and corporations being persistently vulnerable to cyber-attacks. As hackers on the dark web attack in waves, it is inevitable that the need for “white hats” to combat this global issue has elevated in importance.
Numbers Put Into Perspective
8,000
Cybersecurity roles to be filled in Canada between now and 2021
20 Weeks
Ryerson University’s newly introduced cybersecurity boot-camp program
31,968
2018 cybercrime cases in Canada
2.93 Million
Number of unfilled cybersecurity positions worldwide
5 Years
Average graduation duration at Canadian universities
USD $3.62 Million
Average cost of a data breach globally
Recent Notable Cybercrimes Spanning Various Industries:
Twitter’s CEO Jack Dorsey’s Twitter account was hacked in August, with a string of offensive tweets posted during the 90 minutes before Twitter officially announced the account was secure.
Canadian cooperative of credit unions Desjardins Group announced on June 20 that an “ill-intentioned employee” stole information for over 2.7 million consumer clients and 173,000 businesses.
On July 15, a hacker operating under the alias “Instakiller” announced that it had hacked Bulgaria’s National Revenue Agency, obtaining the personal information of over 5 million citizens and residents (about 70% of the country’s population).
Toyota Motor Corporation announced on March 29 that eight of its subsidiaries were affected by a data breach, where 3.1 million Toyota and Lexus customers were impacted.
Toronto based photo sharing service provider 500px announced in February a data breach affecting 15 million user accounts, where names, usernames, birth dates, genders and addresses were exposed.
A Labor Shortage:
There is an increasing shortage for cybersecurity personnel throughout the country, especially with the number of cybercrime cases growing significantly without showing any signs of slowing down.
According to Laurie Pezzente, senior VP of global cybersecurity at the Royal Bank of Canada, one of the major factors behind the labor shortage is the duration of existing academic programs being offered at universities. Students interested in pursuing a career in cybersecurity would take an average of five years to graduate, but the surging demand for this workforce today cannot wait.
Other common factors contributing to the labor shortage include the difficulty in finding qualified instructors to teach such courses as these professionals are in high demand, as well as job burnout that result in cybersecurity personnel seeking to switch professions.
Overcoming the Problem:
A. Shorter educational programs and increase in academic scholarships Ryerson University initiated a process to launch a boot-camp style program to prepare workers for entry level roles in the cybersecurity sector in 20 weeks, instead of the traditional five-year average. The Rogers Cybersecure Catalyst program, which is free for students aims to have 640 professionals graduate over the next five years and is expected to launch in February 2020.
In addition, Bell is currently finalizing plans for a new master’s program in cybersecurity to be offered at the University of New Brunswick this fall. Bell intends on paying students’ tuition fees and guaranteeing them employment upon graduation. Approximately 70 students will graduate within the first three years.
B. Preventing job burnout to increase employee satisfaction With the current labor shortage, employers should focus on employee retention by managing burnout. Employers can overcome burnout by providing employees with interesting problems to overcome and equipping them with the latest technology and techniques to overcome problems. By ensuring the professionals are equipped with the right tools for the job, problems can be solved more efficiently while minimizing burnout.
Cybersecurity employees should be empowered to complete their projects, which will lead to high employee satisfaction. The importance of organizations valuing human talent and knowledge sharing should not be diminished.
C. Efforts to diversify the cybersecurity workforce need to be introduced to achieve the goal of building a broader pool of cybersecurity talent.
As cybersecurity skills can be taught, employers should consider hiring individuals with other degrees or expertise as well. Typically, a candidate that is organized, pays attention to detail and has strong communication skills will be a prime candidate for a career in cybersecurity. In addition, organizations should redefine the minimum credentials for an entry level cybersecurity job, instead prioritizing hands-on experience and technical certifications.
Other potential solutions to address the labor shortage include:
D. Corporations and academic institutions offering more scholarships to students pursuing a career within the cybersecurity field.
E. Investing in automation processes and cognitive technologies to offset the skills shortage. While understanding that automation will not replace human judgment entirely, it creates efficiencies that allow cybersecurity personnel to focus their time and skills on more advanced threats requiring human intervention.
F. Outsourcing cybersecurity efforts to a managed IT services provider, which would be more equipped to prevent and overcome potential cyber attacks.
Conclusion:
Bridging the cybersecurity talent gap today is crucial as our lives are increasingly dependent on software and technology, as well as the increasing number of hackers that are constantly seeking new cybercrime opportunities to capitalize on. To address this issue, cooperation between educational institutions, the private and public sectors are essential.
Small business owner: The importance of protecting your clients’ confidential information cannot be neglected. The benefits of internally implementing or outsourcing cybersecurity measures by far outweigh the monthly cybersecurity costs incurred for any business.
Managed IT services providers: Emphasize your cybersecurity service offerings to current and prospective clients, identifying this strategy as a key requirement to increase one’s competitive advantages and market leading position.
