A recent paper that cites a “lack of an adequate cybersecurity workforce” has been released to provide guidance for companies and governments on how they should approach cybersecurity education and workforce development.
The study, titled “Hacking the Skills Shortage: A study of the international shortage in cybersecurity skills,” found that countries can address a lack of cybersecurity talent by increasing government expenditure on education and by creating more cybersecurity programs in higher education.
Other useful initiatives, the study suggests, include the promotion of gaming as well as technology exercises.
Meanwhile, issues that have compounded the “critical problem” include a lack of funding from governments, diversity issues in the tech sector, and a lack of cybersecurity specific training courses, especially within higher education.
These problems, the study claims, have resulted in a situation in which “attacks outpace defense,” with more and more companies being hacked every day.
The study, which was carried out by Intel Security and the Centre for Strategic and International Studies, focused on four dimensions of the workforces in eight different countries: total cybersecurity spending, education programs, employer dynamics, and public policies.
The paper claims that the cybersecurity profession is severely lacking a productive pipeline, saying:
“Respondents in all countries surveyed said cybersecurity education was deficient.”
This means that “one in three say a shortage of skills makes their organizations more desirable hacking targets.” According to the paper, these respondents feel the lack of skill not only makes their companies more vulnerable to attack, but it also has an effect on their reputation on the world stage, with fewer companies willing to invest in or trade with companies they view as being vulnerable to cyber attacks.
The skills that are in greatest demand are intrusion detection, secure software development, and attack mitigation, with these being in “critically short supply.” A majority of respondents also said that the cybersecurity skills shortage is the worst in all IT professions, although nine out of ten did think that improved cybersecurity technology could compensate for skills shortages.
The report’s findings reveal that a large number of companies feel that the government is not doing enough to improve the situation, with professional development, laws, and regulations being key areas of concern.
The paper cites figures that show low levels of confidence in the state of maintaining a cybersecurity pipeline:
“More than three out of four (76%) respondents said their government is not investing enough in building cybersecurity talent, and the same percentage said the laws and regulations for cybersecurity in their country are insufficient.”
One indictment of governments’ lack of spending is the fact that the profession is barely represented within universities, with the paper saying that “cybersecurity-specific offerings in higher education are rare.”
Another reason for the shortage of talent, as reported in the study, is a lack of diversity within the cybersecurity workforce. The paper cites “a dearth of women and minorities” in the North American pipeline in particular.
The diversity problem is wide-reaching within the tech sector, with companies such as Facebook and Twitter having recently been in the spotlight for diversity issues within their workforces.
Despite this, the paper says that the US and the UK are the countries with the highest ranking in current investment in cybersecurity education and places them in the best position to initiate necessary educational reforms.
The report highlights the cybersecurity talent shortfall as an urgent issue and makes the following recommendation on how to proceed:
“Countries and companies have to act quickly to fix this problem by facilitating the entry of more people into this profession through improvements in education, workforce diversity, training opportunities, security technology, and data collection.”
The paper’s findings are based on open-source data, targeted interviews with experts, and an eight-nation survey of information technology decision makers in both public and private sector organizations.
The eight countries included in the study were Australia, France, Germany, Israel, Japan, Mexico, the United Kingdom and the United States.