As the skills gap widens, organizations must do these 3 things to improve resilience

The cybersecurity industry needs nearly four million professionals to fill vacant roles, and as adversaries improve their tactics, this number will grow. Meanwhile, this skills shortage is having a major impact on organizations around the world, with 70% of IT leaders saying this widening gap is creating more risk for their business.

While many organizations are implementing creative ways to recruit and hire new cybersecurity talent, these efforts alone will not quickly address the growing skills gap. As an increasing number of organizations fall victim to cyber incidents—87% say they have breached one or more laws by 2023—leaders must take steps to address skills shortages, fill critical open positions, and expand their security posture.

A breach has a more significant and more visible impact

Leaders increasingly attribute more violations to a lack of Internet capabilities in their organization. According to the Fortinet 2024 Global Cybersecurity Skills Gap Report, last year, nearly 90% of organizational leaders said they experienced a breach that may have caused a lack of cybersecurity knowledge, up from 84% in 2023 and 80% in 2022. .

When cyber incidents occur, they have a huge impact on businesses, from financial implications to reputational challenges. According to the report, corporate leaders are increasingly being held accountable for cyber incidents, as 51% of respondents noted that directors or managers have faced fines, imprisonment, loss of position, or job loss following a cyber attack. Additionally, more than 50% of respondents indicated that a breach cost their organizations more than $1 million in lost revenue, fines, and other costs in the past year.

As a result, boards of directors are taking a greater interest in cyber security, which they consider a business imperative. Executives and board members are increasingly making security a priority, with 72% of IT leaders indicating that their boards were more focused on cybersecurity in 2023 than last year. Mandatory organization-wide cyber security training, certification opportunities for IT staff, and the purchase of new or better security solutions are just a few of the developments discussed or implemented by boards of directors.

Urgent need to strengthen cyber defense

As cyber attacks increase in frequency and the consequences become more severe and visible, many businesses are reviewing and updating their cyber security efforts to strengthen their defenses. While there are countless steps IT leaders can take to improve their organization’s risk management system, we’re seeing organizations focus on a three-pronged approach to improving cybersecurity that includes training, awareness, and technology.

First, organizations help IT and security teams acquire critical security skills by investing in training and certification opportunities. Finding opportunities to improve the skills of existing employees benefits both the individual and the organization. And the good news is that leaders see the importance of developing skills. For example, nearly 90% of IT leaders say they are willing to pay an employee to obtain cybersecurity certification. Those who are self-certified or work with someone who holds a certification notice clear benefits, including increased cyber security skills and knowledge and the ability to perform work-related tasks better.

Organizations are also working to create a company-wide culture of cyber awareness. Cybersecurity is everyone’s responsibility, and employees are often at the forefront of cyber attacks. With the right knowledge of common cyber attacks, employees can act as a strong first line of defense against adversaries. Developing an effective security education effort requires leaders to develop a program vision, cover relevant topics such as phishing and social engineering, and create a long-term strategy to engage employees with new content and new opportunities to test their knowledge. The Fortinet Training Institute—providing one of the industry’s most comprehensive training and certification programs—is dedicated to making cybersecurity education and related career opportunities available to all and offers a security awareness training program for organizations to use to develop a cyber-aware workforce.

Finally, businesses are reassessing their technology stacks and acquiring effective security solutions to strengthen their security posture. Nearly 60% of IT leaders say their managers and board members have discussed or moved forward with purchasing new security solutions. This is encouraging, as 54% of respondents note that a lack of cybersecurity products has contributed to a breach in the past within their organization. To help businesses improve their security posture, Fortinet offers the largest integrated portfolio of more than 50 enterprise-class products through its Fortinet Security Fabric platform.

Addressing the skills gap must be a team effort

While organizations can take many steps to compensate for the skills gap, meeting the challenge of bringing new talent into the cybersecurity field should be a collaborative effort. From public-private partnerships designed to upskill and retrain students in cybersecurity to free or low-cost training and certification programs, there are many resources available for the industry to use to make meaningful progress in filling critical cybersecurity roles. By working together and finding new, innovative ways to attract, hire, and retain talent, we can make progress in better protecting our organizations and effectively disrupting global cybercrime.


Source link