Cybersecurity Job Growth Must Match Growing Threats
Mike Elgan, writing for SecurityIntelligence.com, has this interesting observation about the shaky foundation of cybersecurity job growth: “Cybersecurity hiring is going through a weird phase. The pandemic, the remote work movement, budget changes, and the rising aggression and refinement of cyber-attacks are all major shifts...”
Elgan also notes that “there simply aren’t enough experts in this field to go around.” Compounding that shortage is the stark reality that, while the shortage of experts remains, the cybersecurity job description is changing, segmenting and expanding.”
The COVID-19 shock is abating, but...
Elgan notes that 2020 “was a shock to the system,” and the pandemic triggered three effects “that massively impacted” the cybersecurity workforce. Those effects were (1) the rise (to 62%) in workers at home, (2) lower company revenue impacting hiring, and (3) more opportunities for hackers to exploit weak security through mobile devices and compromised work networks.
As the business community recovers and revenues increase, most experts expect cybersecurity budgets to rise. The rising demand will, of course, increase the skills shortages, and so will the sophistication in threats.
Security teams need to stay alert
Rob Junker, Chief Technology Officer, writing for CODE42.com, writes about the evolving challenges to cybersecurity in a white paper titled ‘Why Security Teams Need to Keep Pace with Ever-Changing Security Trends.”
The old saying that “change is the only constant in life” applies. Junker notes that in cybersecurity, “to stand still is to fall behind quickly.” He describes eight cybersecurity trends:
The rise of the data economy
Information is the new commodity fueling enterprise growth. Cybercriminals know that and focus their attacks on stealing or crippling their victims’ irreplaceable data.
Mobile devices in the workplace
As data volume grows exponentially, mobile devices in the workplace are the leaky faucets feeding social media and requiring cybersecurity focus to protect proprietary and personal data. Not long ago, says Junker, “many companies did not even have a CISO or security team in place.”
Today, even smaller businesses have hired a security team. That’s good news, but the new threats require a “strong organization, (leadership) support, and a steady addition of hard-to-find skills...”
More sophistication in cybersecurity technology
Cybersecurity products are complicated, sophisticated, and effective—but they need monitoring and qualified staff. Junker refers to this problem as a “growing security stack,” where cybersecurity products, designed for larger organizations with well-staffed security teams, can be a daunting challenge and a “constant battle trying to keep up with the volume and complexity of security technology.
New, unanticipated security risks
As cybercrime becomes more lucrative, Junker notes that the “threat landscape in recent years has become more dynamic.” Sophisticated hackers are lurking and looking for vulnerabilities in new products and systems. In the leapfrog game of infiltration followed by the cyber defense, hackers can deploy malware in the morning before the defenders get out of bed.
The spread of the Internet of Things
All those connected devices (22 billion in 2018 and growing) pose an enormous challenge to cybersecurity. A hacked security alarm system can also be a virtual backdoor to a network. One company suffered an information security breach when a networked fish tank temperature monitor gave thieves an entry to a casino’s high-roller database.
Workforce turnover
According to Junker, high-demand cybersecurity workers write their own tickets and are part of a “much more turbulent” workforce. It’s a “revolving door” and could “continue to speed up in the coming years.”
The problem is that “every time some leaves an organization, there is a risk that the individual will take valuable data out the door,” believing that it’s their right to keep their work products when they move to another job.
The Cloud has encouraged collaboration
All that sharing and a far more collaborative work culture have collapsed organization charts. The convenience fueled by cloud-based tech like Microsoft Teams, etc., is good for efficiency. Still, the cloud and all those mobile devices in the workplace have made it difficult for security professionals to see how all that proprietary and sensitive information is moving around—and where it’s going.
Navigating the sea of data privacy regulations
They say that safety manuals are written in the blood of victims. Likewise, data privacy regulations are written in the wake of fired executives, compromised personal data, and enormous HIPAA fines and sanctions. As new attacks arise, more laws will undoubtedly emerge. How existing and new regulations will impact cybersecurity will add another level of complexity to the challenge.
Conclusion
Junker provides advice for security leaders and teams to stay on top of the change taking place in the world of cybersecurity. His insights also apply to educators, who are at the critical intersection where the future workforce needs to be aware of both the constancy of change and the ironic corollary: The more things change, the more they remain the same.