A retired IDF Major, Roy Zur is the founder and CEO of Cybint, a leading cyber education company.
The beginning of the 21st century has seen a dramatic rise in the adoption of digital technologies. On the flip side, cyber-attacks have also risen dramatically, and they have become more cunning. It’s estimated that cybercrime will cost the world $5.2 trillion annually over the next five years, while cybersecurity spending across enterprises will reach $123B by the end of 2020.
The truth of the matter is that while AI solutions are plentiful, the human touch is needed more than ever in the tech industry, especially in terms of cybersecurity. While the need is there, the number of people in the workforce with cyber literacy is hardly sufficient. This is an issue that needs to be addressed and corrected as soon as possible to combat potentially large-scale digital risks head-on.
According to research by Akamai, the cyber attacks have mostly been seen in the form of credential abuse, phishing, and exploitation of vulnerabilities in popular systems. Over time, the attacks have become professionally weaponized:
“A decade ago, vulnerabilities were usually found by a criminal, then incorporated into attacks. Five years ago, it became much more common to see professional teams of criminals who discovered and developed attack software. The trend now is an overlap between criminal developers and the advanced persistent threat, or nation-state actors, to create a steady stream of zero-day tools targeting specific organizations and individuals.”
However, the threats that affect individuals and institutions at scale remain prevalent, and they go far beyond guessing common passwords. Some of the most common cyber attack types include:
While cybercriminals can get more out of the large targets that make it to the news, the lower-risk industries also catch their eye. Comparatively speaking, it’s safe to assume that these industries would have fewer security measures set in place. For instance, The Wall Street Journal states that “organizations aren’t necessarily prepared for the threats they are most concerned about. Ransomware was highly concerning, for instance, with nearly 80% viewing it as high risk, but just under 70% felt prepared to deal with it.”
While it is understood that there is a demand for more cybersecurity professionals in the workforce, the urgency is seldom brought to light. According to Infosecurity Magazine, the number of unfilled positions now stands at 4.07 million professionals, up from 2.93 million this time last year. This includes 561,000 in North America and a staggering 2.6 million shortfall in APAC. Conservative estimates by the Bureau of Labor Statistics indicate that the cybersecurity sector is expected to grow at 37% per year all the way to 2022. In fact, job openings for cybersecurity positions have grown three times faster than job openings in the overall IT industry.
In order to meet this demand, there is much that universities must consider when it comes to offering their students a practical and efficient way to prepare for the prosperous and ever-growing field of cybersecurity; especially when factoring the changes in learning and the workforce in the post-pandemic world.
Schools are desperate to stay relevant, and as the tech industry continues to grow, traditional four-year education is not quite fast enough to ready future cybersecurity professionals to enter the workforce, and cybersecurity bootcamps are the best route. Bootcamps blend both the hands-on learning of a vocational school and the accelerated speed of an online school to make students ready for the cybersecurity workforce (upon graduation from the bootcamp) in less than a year. Cybersecurity bootcamps are also affordable, considering they come at a fraction of the cost of tuition of most institutes for higher education, and offer a plethora of career options for graduates to choose from.
Careers in cybersecurity are the careers of the future. Unlike numerous career paths that are difficult to get into, entry-level jobs in cybersecurity are plentiful. Entry-level jobs for cybersecurity professionals include IT Technician, Network Engineer, Information Security Analyst, Junior Penetration Tester, and Systems Administrator. These positions, on average, also pay exceptionally well. Generally, cybersecurity jobs pay more than other IT jobs. The average advertised salary for a cybersecurity job is now $93,540. That’s a full 16% more — or about $13,000 — than the average for all IT jobs.
Positions that revolve around cybersecurity are also far more stable than most other positions within the tech sector, even in the current financial landscape. New research from PwC is looking at how organizations plan to tighten or budgets to accommodate for coronavirus losses. The research found that only 2% of organizations surveyed are anticipating cuts in cybersecurity or privacy. If anything, the pandemic triggered a hiring spree in cybersecurity.
According to research by Varonis, the demand for cybersecurity professionals continues to rise along with the rates of attacks and increases in cybersecurity budgets. The imbalance of the number of skilled cybersecurity workers along with the high demand to fill cybersecurity positions has caused a cybersecurity skills shortage.
Furthermore, the results of a survey by the Information Systems Security Administration demonstrate that organizations are particularly vulnerable to significant cyberattacks and data breaches. “The cybersecurity skills shortage represents the top two contributing factors to these security events, with the first being a lack of adequate training of non-technical employees (31%) and the second being a lack of adequate cybersecurity staff (22%). These are followed by business executive management making cybersecurity a low priority (20%.)”
As such, the need for cybersecurity skills shortage solutions to cater to the workforce is rising exponentially, especially with the post-pandemic remote workforce in mind. Remote work, which relies on employees’ personal devices and home networks, requires a different approach to cybersecurity, and businesses need to find a way to make IT security more accessible and flexible.
Cyber literacy plays a key role in the modern workforce, especially given the recent wave of digital transformations to cloud infrastructures. While it may traditionally be common for cybersecurity training to be reserved for IT professionals, it’s important for everyone to have it because at the end of the day, employees are the primary targets.
It’s about more than just awareness. This training covers changing risky behavior, and understanding cybersecurity. After all, employees complete cybersecurity training, they should know how to identify phishing schemes and social engineering attacks, in addition to being able to identify (and avoid) suspicious links, and evade hacking attempts.
Everything is digital in today’s landscape, and it is the responsibility of us as a collective to ensure that our constituents, mentees, and future workforce are all armed with the knowledge needed to prevent and mitigate cybersecurity threats with full confidence. This can be achieved by upskilling employees to become cyber literate, and reskilling students to train them for new careers in the glittering realm of cybersecurity.