Earlier this year, as wildfires spread around the world, those who work in the fields of cybersecurity and information protection could not help but see parallels. Much like the land destroyed by these fires, the digital landscape we seek to protect is also vast and vulnerable. It is also prone to human error, where even the smallest misstep can disrupt entire industries. But there was one similarity that stood out the most for the cyber industry: we also don’t have enough firefighters. Unlike firefighting, in which help from near and far can be called upon to join the relief effort, there isn’t a framework by which we can call upon a unified body of skilled professionals when there are cyber breaches of other organizations, industries or regions.
Even before the COVID-19 pandemic, the cybersecurity workforce faced challenges resembling those faced by firefighters in California, Australia, Argentina and Brazil – teams stretched thin by the scale of the crises that faced them. In the cybersecurity field, scale has been a concern that has been increasing for quite some time. But when the pandemic forced an overnight shift to digital environments for the majority of companies, the attack surface grew exponentially.
As workers moved from office to home, organizations were forced to pivot and enable remote work across expansive and hastily created environments. And as that remote work contingent grew, so did the threat landscape, as cybercriminals worldwide took advantage of the fear and uncertainty created by the pandemic. For example, earlier this year, the FortiGuard Labs observed an average of about 600 new COVID-19-related phishing campaigns per day. The result has been not only an expanded digital landscape, but one that is increasingly vulnerable – with a growing population of cybercriminals all too eager to exploit those vulnerabilities.
he alarm has long been sounding regarding the urgent need to address the cyber skills gap, and we are here to issue another call to action, along with recommended tools to develop a skilled cyber workforce. We need more digital firefighters to stop cybercrime and protect our digital interactions. As we turn our attention from simply managing the COVID-19 crisis, to how we can continue to innovate and move forward despite it, we must all come together to address the cyber skills shortfall that makes our digital world less safe.
Even a cursory look at the numbers reveals the depth of the problem. In addition to the 2.8 million cybersecurity professionals we must retain under ‘typical’ conditions, a conservative estimate places the number of new cybersecurity workers needed by next year at an additional 4 million worldwide.
Meeting this need will require an approach that mobilizes a new generation of cybersecurity workers, while also raising awareness of the part we must all play in cyber safety. Just as COVID-19 has required extensive reserves of new medical workers to join the frontlines, while reinforcing basic hygiene skills to curb the spread of the virus, the cyber skills gap will require an all-hands-on approach to this shared responsibility – joining cyber professionals with every employee to collectively help secure our digital way of life and pave the way for future innovations.
Cybersecurity is exciting and purposeful work in an industry that offers incredible opportunities for constant learning and job security. This is an excellent time to invest in cybersecurity training or reskilling. Often misunderstood as prohibitively technical, there are many critical roles in cybersecurity that don’t require a technical background to make meaningful impact. Talent could, and does, come from diverse fields such as English literature, political science or fine arts, as well as communications, project management, training and marketing. At its core, cybersecurity teams are looking for people with unbridled curiosity, an innate ability to protect, passion about how technology works and a willingness to learn.
Cybersecurity leaders are now more focused on attracting and retaining a diverse workforce and are actively seeking workers with non-technical backgrounds. As an industry, there is a renewed focus on understanding and communicating the relevance of transferable skillsets needed to create a successful cybersecurity workforce. Leaders are aware that there are great benefits in building teams that include diverse backgrounds, thought styles, genders, ethnicities, education and experience.
Increasingly, more organizations are leveraging the potential of cybersecurity to lift people from potential unemployment or interest in a new field with training that is efficient, accessible and scalable to all parts of the globe. While we are facing a global cybersecurity talent shortage, the unemployment rate among veterans in the US alone tripled to nearly 12%. That’s more than 1 million highly qualified workers who have honed such transferable skills as situational awareness, attention to detail and the ability to work under stress; everything it takes except the training, in other words, to work in competitively paying cybersecurity roles that provide additional opportunities.
Fortunately, that training is available now for free or at a very low cost for those who want to gain cybersecurity knowledge and skills. There is an abundance of online learning courses that provide training, from cyber basics to unique specializations. The World Economic Forum, Global Cyber Alliance, Salesforce and Fortinet have created the Cybersecurity Learning Hub to democratize access to cybersecurity knowledge and bring more awareness of the need for new talent, while providing resources to enable individuals to explore a career in cybersecurity.
We have the training, and we have a potential workforce for whom cybersecurity could unlock long-term opportunity and security. What we’re running short of is time.
The cyber skills shortage is real, and urgent – and will become increasingly critical if we do not come together to raise awareness of this need and opportunity. Like the wildfires that have ravaged areas around the world, we are patrolling the vast plains of digital risk that could ignite with the slightest spark. Without a new generation of security professionals, the digital wildfires of data breaches, cyber-attacks and malicious activity will only become more frequent, devastating and costly.