IT security experts are scarce, and competition in the job market is intense. According to the latest (ISC)² Cybersecurity Workforce Study, there is a global shortage of around 3.4 million cybersecurity experts to adequately support industry and business. The fact that critical sectors in particular, such as healthcare and finance, where cyberattacks have a more dangerous potential, have great difficulty in gaining access to qualified professionals is a threat to society. On the one hand, new technologies increase the agility and flexibility of companies, but to the same extent they also increase the complexity of the IT environment and thus the risk of falling victim to a cyberattack. Digitization plays an important role in this, but it also has its downsides.
A lack of skilled staff and understaffed IT security teams make it difficult for companies to protect themselves against threats. At the same time, the threat landscape is growing in complexity as attack volumes increase and criminal actors find ever more sophisticated ways to infiltrate networks. More than 80 percent of companies worldwide were the target of a cyberattack last year.
If the Ifo Institute had its way, the shortage of skilled workers could be combated by maximizing the degree of digitization and the associated optimization of productivity. The higher the level of digitization, the smarter the use of available resources. And the higher the level of productivity, the easier it would be to compensate for the losses caused by the lack of qualified workers. The prerequisites for this would be the teaching of new skills and knowledge and investment in new work models.
So far, so good. However, according to recent surveys, digitization is currently progressing only slowly. After the Corona pandemic, uncertainty and cost pressure continue to prevail, with the result that many companies are putting the brakes on investment – particularly due to the current combination of inflation and energy crisis. At the same time, many company managers are well aware that the digitization of administrative and operational processes will be one of the most important competitive factors in the future. And yet – as things stand today – the degree to which companies are implementing and using digital tools still varies widely.
Outsourcing and automation as levers
Acquiring powerful tools is only half the battle when it comes to arming yourself against sophisticated cyberattacks. After all, even the best tools are of no use without specialists who can analyze warnings and incidents and quickly initiate countermeasures in the event of an emergency. If companies lack in-house expertise, they should work with competent partners and consider bringing support in-house as a managed security service. This way, they are on the safe side while remaining flexible enough to focus on their core business and set the strategic course for the future.
Another option to address the skills shortage while increasing resilience to threats, both external and internal, is automation tools. Examples include Extended Detection and Response (XDR) solutions that help automate threat detection and mitigation. They also provide data and mechanisms for analysis, eliminating various manual steps. Given that humans remain the biggest vulnerability, it is only logical that intelligent cyber resilience strategies minimize this factor. The fact that the dynamics of cyberattacks are making it increasingly difficult for all stakeholders to close entry gates and take countermeasures quickly enough in the event of an emergency – especially in view of the danger posed by lateral movements – requires the use of managed threat response.
Taking advantage of digitization is not enough
But is automation and outsourcing enough to address the growing problem of skills shortages? Unfortunately, no. Because if competent personnel are not available to orchestrate the digitized processes, they will not take effect. It is therefore important to invest in the development and expansion of digital skills among employees and also to pay attention to more than just certificates when hiring new staff. After all, these technical qualifications alone are not decisive; rather, the importance of soft skills such as effective communication, the ability to solve problems and strategic thinking is increasing.
Offerings such as advanced training programs for less tech-savvy job seekers and continuing education initiatives for safety professionals can address the talent shortage. Nonetheless, companies would do well to make all their employees aware of the risks and provide them with basic cybersecurity knowledge and awareness to identify current threats. Training initiatives can also be outsourced. For example, value-add distributors such as Infinigate offer training programs for cybersecurity and digitization that help their channel partners to further educate their professionals and retain them in the long term.
Digitalization – problem and solution to the skills shortage at the same time?
The fact is: the higher a company’s level of digitization, the better it is for its employer image and the more attractive it is for tech talent. The downside: As digital technologies become more widely adopted, an organization’s attack surface expands, increasing the risk of cyber threats such as phishing and identity fraud, which in turn further increases the workload of already overburdened IT teams.
This is a huge challenge for smaller companies in particular. They often don’t have the budget to employ their own cybersecurity team – or they don’t have the clout of the industry heavyweights to bring suitable talent on board. This is a development with a domino effect, because the problems not only extend across various industries, but also affect most of the players in the value chain: just like end customers, resellers also complain about a lack of expertise and the agonizing search for qualified specialists. To help its partners in this situation, Infinigate offers classic services – from regular support to training courses for resellers and end customers.
Orietta Sutherberry is Head of Communications and PR, Infinigate Group.