2021 predictions: cyber skills

It’s that time of the year when industry watchers try to provide a glimpse of what we might expect in the coming year. So, this week, Think Digital Partners is publishing a series of predictions on different subjects in the realm of cybersecurity and digital identity. Today we look at cyber skills in 2021.

Posted 21 December 2020 by Christine Horton

The issue of the cyber skills gap continues to be a problem. Last month a survey by Infosecurity Europe showed a lack of expertise is having the greatest negative impact on cyber resilience within small businesses.

And just last week, research by research by STX Next showed that only 20 percent of businesses have a dedicated cybersecurity team in place, which tend to be larger firms.

The issue of the cybersecurity skills gap is particularly acute for the SMB market,” said David Ellis, VP, security & mobility at global IT distributor, Tech Data. Ellis believes this will drive the need for managed service providers (MSPs) to deliver security services on behalf of customers, along with other areas of IT.

“If not already a priority, there should be a major push for MSP enablement via technical training and certifications and business transformation programs designed to help partners build security offerings, take them to market and follow through with end-to-end delivery,” he said.

Similarly, Richard Hutchings, CTO at MSP Littlefish believes the current worldwide shortfall of cybersecurity skills makes it more difficult for companies to ‘hire their way out’ of the problem.

A 2019 report by (ISC)² found that while there were approximately 2.8 million security professionals working worldwide, another four million trained professionals are still needed to close the current cybersecurity skills gap. We’re therefore likely to see an increase in spending and outsourcing in the short term, until a push in training and hiring can catch-up, which will take quite some time.

“To correct this in the longer term, we’re likely to see a huge recruitment drive to try and get young people interested in the field of cybersecurity,” he added.

Elsewhere, automation may be one way to help mitigate the skills crisis. “Automation is one way that organisations can help plug the skills gap, because it can aid training as well as help with staff retention by freeing analysts from repetitive, manual tasks,” said Faiz Shuja, Co-Founder & CEO of SIRP, a risk-based Security Orchestration, Automation and Response (SOAR) platform. “Security staff are in short supply, so it pays to give them tools which make their life easier and more fulfilling.”

Employee training

Importantly however, it’s not just dedicated specialist cyber teams that will be critical to ensuring the security of organisations. As we’ve seen, there has been a significant rise in cyberattacks in the UK over the last 12 months, with more than nine out of 10 cybersecurity professionals reporting that attack volumes have increased due to more employees working from home during COVID-19 stay at home orders.

As organisations realise that a hybrid model of working is here to stay, cyber education and training for employees working from home will be critical in 2021 and beyond. Indeed, Jon Fielding, EMEA managing director at security vendor Apricorn believes its security culture that will make or break the new hybrid approach to working – not the technology.

“Combined home and office working will set in as a long-term model and doing this safely will demand a major culture shift. Lack of employee education was singled out as the biggest cybersecurity weakness during the first lockdown in a recent Apricorn poll. Companies must make urgent changes to improve awareness of the different security risks associated with hybrid working, and the knowledge of how to control them. 

“Training employees in the ‘practical stuff’ won’t be sufficient. Everyone is accountable for protecting data in the new working environment, which requires a culture of information security best practice across the entire dispersed workforce. This isn’t something that can be enforced; employees need to buy in to it. 

“This will require IT teams to build deeper engagement with staff and devolve greater responsibility for security onto the individual. Education programmes must therefore explain the ‘why’, as well as the ‘what’ and ‘how’: the reasons data protection is important, and the specific risks and consequences to their company of a breach.”

Similarly, Nikhil Mahadeshwar, co-founder of new cybersecurity app Hackshield says that every IT position needs to be treated as a cybersecurity position.

“Given the complexity of today’s digital world, we all have to work together to support the protection of the enterprise. Every IT and technology worker needs to be involved with safeguarding data, devices, infrastructure, and people. Unfortunately, the pipeline of security talent isn’t anywhere it needs and to be to help curb the cybercrime epidemic. This is going to continue to be a problem in the coming year if we don’t rectify the quality of education and training that our new cyber experts receive.”

Employee retention

Agata Nowakowska, AVP EMEA, Skillsoft agrees there will be a renewed focus from businesses on upskilling and reskilling – both for current employees and new hires. However, crucial is employers providing opportunities for employees to move laterally within their organisation into parts of the business where new skills are needed most urgently, such as cybersecurity.

“It’s also important to remember that providing training and options to learn new skills is not only crucial for business growth, but for employee retention as well. After all, when employees feel their employer values both their current skills and their potential to progress, they are more likely to stay with the business.”

Organisations face a set of new challenges when it comes to securing their workforces in 2021. Ensuring every employee – whether working from home or not – is educated on the risks to their organisation and can ‘buy in’ to a culture based on security best practice will go a long way towards addressing the cyber skills gap.