- The digital landscape is vast and vulnerable - and we don't have enough cybersecurity professionals to keep it safe.
- There is a cyber skills shortfall of around 4 million digital firefighters.
- Here's how to find and train a new generation of cybersecurity experts - before it's too late.
Earlier this year, as wildfires spread around the world, those who work in the fields of cybersecurity and information protection could not help but see parallels. Much like the land destroyed by these fires, the digital landscape we seek to protect is also vast and vulnerable. It is also prone to human error, where even the smallest misstep can disrupt entire industries. But there was one similarity that stood out the most for the cyber industry: we also don’t have enough firefighters. Unlike firefighting, in which help from near and far can be called upon to join the relief effort, there isn’t a framework by which we can call upon a unified body of skilled professionals when there are cyber breaches of other organizations, industries or regions.
Even before the COVID-19 pandemic, the cybersecurity workforce faced challenges resembling those faced by firefighters in California, Australia, Argentina and Brazil – teams stretched thin by the scale of the crises that faced them. In the cybersecurity field, scale has been a concern that has been increasing for quite some time. But when the pandemic forced an overnight shift to digital environments for the majority of companies, the attack surface grew exponentially.
As workers moved from office to home, organizations were forced to pivot and enable remote work across expansive and hastily created environments. And as that remote work contingent grew, so did the threat landscape, as cybercriminals worldwide took advantage of the fear and uncertainty created by the pandemic. For example, earlier this year, the FortiGuard Labs observed an average of about 600 new COVID-19-related phishing campaigns per day. The result has been not only an expanded digital landscape, but one that is increasingly vulnerable – with a growing population of cybercriminals all too eager to exploit those vulnerabilities.
Have you read?
The alarm has long been sounding regarding the urgent need to address the cyber skills gap, and we are here to issue another call to action, along with recommended tools to develop a skilled cyber workforce. We need more digital firefighters to stop cybercrime and protect our digital interactions. As we turn our attention from simply managing the COVID-19 crisis, to how we can continue to innovate and move forward despite it, we must all come together to address the cyber skills shortfall that makes our digital world less safe.
Even a cursory look at the numbers reveals the depth of the problem. In addition to the 2.8 million cybersecurity professionals we must retain under 'typical' conditions, a conservative estimate places the number of new cybersecurity workers needed by next year at an additional 4 million worldwide.
Meeting this need will require an approach that mobilizes a new generation of cybersecurity workers, while also raising awareness of the part we must all play in cyber safety. Just as COVID-19 has required extensive reserves of new medical workers to join the frontlines, while reinforcing basic hygiene skills to curb the spread of the virus, the cyber skills gap will require an all-hands-on approach to this shared responsibility – joining cyber professionals with every employee to collectively help secure our digital way of life and pave the way for future innovations.
As stark as this cyber skills gap is, there remains cause for optimism.
Cybersecurity is exciting and purposeful work in an industry that offers incredible opportunities for constant learning and job security. This is an excellent time to invest in cybersecurity training or reskilling. Often misunderstood as prohibitively technical, there are many critical roles in cybersecurity that don’t require a technical background to make meaningful impact. Talent could, and does, come from diverse fields such as English literature, political science or fine arts, as well as communications, project management, training and marketing. At its core, cybersecurity teams are looking for people with unbridled curiosity, an innate ability to protect, passion about how technology works and a willingness to learn.
Cybersecurity leaders are now more focused on attracting and retaining a diverse workforce and are actively seeking workers with non-technical backgrounds. As an industry, there is a renewed focus on understanding and communicating the relevance of transferable skillsets needed to create a successful cybersecurity workforce. Leaders are aware that there are great benefits in building teams that include diverse backgrounds, thought styles, genders, ethnicities, education and experience.
Increasingly, more organizations are leveraging the potential of cybersecurity to lift people from potential unemployment or interest in a new field with training that is efficient, accessible and scalable to all parts of the globe. While we are facing a global cybersecurity talent shortage, the unemployment rate among veterans in the US alone tripled to nearly 12%. That’s more than 1 million highly qualified workers who have honed such transferable skills as situational awareness, attention to detail and the ability to work under stress; everything it takes except the training, in other words, to work in competitively paying cybersecurity roles that provide additional opportunities.
Fortunately, that training is available now for free or at a very low cost for those who want to gain cybersecurity knowledge and skills. There is an abundance of online learning courses that provide training, from cyber basics to unique specializations. The World Economic Forum, Global Cyber Alliance, Salesforce and Fortinet have created the Cybersecurity Learning Hub to democratize access to cybersecurity knowledge and bring more awareness of the need for new talent, while providing resources to enable individuals to explore a career in cybersecurity.
What is the World Economic Forum doing on cybersecurity?
The World Economic Forum’s Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. The centre is an independent and impartial platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors.
Since its launch, the centre has driven impact throughout the cybersecurity ecosystem:
- Training a new generation of cybersecurity experts
Salesforce, Fortinet and the Global Cyber Alliance, in partnership with the Forum, are delivering free and globally accessible training through the Cybersecurity Learning Hub.
- Building a global response to cybersecurity risks
The Forum, in collaboration with the University of Oxford – Oxford Martin School, Palo Alto Networks, Mastercard, KPMG, Europol, European Network and Information Security Agency, and the US National Institute of Standards and Technology, is identifying future global risks from next-generation technology.
- Improving cybersecurity in the aviation industry
Through the Cyber Resilience in the Aviation Industry initiative, the centre has been improving cyber resilience in aviation in collaboration with Deloitte and more than 50 other companies and international organizations.
- Making the global electricity ecosystem more cyber resilient
The centre and the Platform for Shaping the Future of Energy, Materials and Infrastructure have been bringing together leaders from more than 50 businesses, governments, civil society and academia to develop a clear and coherent cybersecurity vision for the electricity industry.
- The Council on the Connected World agreed on IoT security requirements for consumer-facing devices to protect them from cybers threats, calling on the world’s biggest manufacturers and vendors to take action for better IoT security.
- The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace, which aims to ensure global digital peace and security.
Contact us for more information on how to get involved.
We have the training, and we have a potential workforce for whom cybersecurity could unlock long-term opportunity and security. What we’re running short of is time.
The cyber skills shortage is real, and urgent – and will become increasingly critical if we do not come together to raise awareness of this need and opportunity. Like the wildfires that have ravaged areas around the world, we are patrolling the vast plains of digital risk that could ignite with the slightest spark. Without a new generation of security professionals, the digital wildfires of data breaches, cyber-attacks and malicious activity will only become more frequent, devastating and costly.