With the proliferation of remote workers over the past eighteen months, companies have had to rely on cloud-based applications to ensure they remained in business. The recent Application Security Report from Fortinet and Cybersecurity Insiders found that 48% of respondents had more than 100 unique applications running in their environment, whilst 26% reported using more than 500 unique applications. This rapid proliferation of applications has intensified current challenges that security teams face when it comes to securing applications.
And at the same time, less than half of organisations say they’re very or extremely confident about their application security. With an average of 25 application updates every month, multiplied across so many applications, the attack surface for organisations continues to evolve and expand rapidly, and organisations are having a hard time keeping up. There’s never been a greater need for professionals with cloud security skills, yet they remain hard to find. What can organisations do to fill these essential slots and stay ahead of bad actors?
The skills gap persists
A lack of skilled personnel is one of the biggest barriers that organisations report when it comes to securing their web applications. Many of the survey respondents feel that they don’t currently have the resources on their teams to match pace with the growing and sophisticated threat landscape. A lack of skilled personnel tops the list of barriers for 46% of the surveyed organisations when it comes to securing web applications.
This is a major problem across the security industry. There’s an estimated shortage of 3.12 million professionals, according to (ISC)2’s 2020 Cybersecurity Workforce Study. And the pandemic has exacerbated this, with cloud management and cybersecurity ranking highest in a recent report on the biggest gaps organisations notice.
Improving cyber hygiene for existing employees
Not only are organisations lacking in certain skill sets, but 43% of the Application Security Report respondents also cited an issue of low security awareness among employees. This is why all employees should receive significant training on spotting and reporting suspicious cyber activity, practicing cyber hygiene and securing their personal devices and home networks. Organisations should give employees training as part of the onboarding process and periodically throughout their tenure, so the security information stays current and top of mind. Organisations should also keep training up to date and include any new security protocols that may need to be implemented.
Training individuals, particularly remote workers, on how to stay wary of suspicious requests, maintain cyber distance and implement basic security tools and protocols can help CISOs build a frontline of defence at the most vulnerable edge of their network to help keep digital resources secure.
Expanding the talent pool
Cyber hygiene and training for existing employees is essential, but it’s just one piece of the puzzle. Strong cloud security also requires a new way of thinking about hiring. In times past, many candidates who didn’t have computer science backgrounds or otherwise fit the traditional mould of a cybersecurity professional were often quickly disregarded by recruiters and hiring managers. Given how quickly the field is changing, this mindset must not continue. By widening their searches, organisations can expand their talent pools and play an active role in bridging the skills gap.
Consequently, organisations must consider not only individuals with the traditional IT background but also individuals who are willing to learn and grow. This presents a great opportunity for women and minorities to enter the field. Whether a person studied computer science or social sciences, women and minorities can bring immense value to security teams by offering different perspectives. Research has shown that more heterogeneous teams perform at a higher level than their homogeneous counterparts. Diversity across different educational and professional backgrounds can bring forth differing viewpoints that can help teams piece together the complex puzzles that cybercriminals create.
This approach will require a commitment to training. To help individuals reach their full potential, organisations must provide appropriate resources, and candidates must be willing to take advantage of this opportunity. For instance, groups like ICMCP and WiCyS partner with private organisations to develop various types of training and mentorship programs for women and minorities looking to transition or grow within the field of cybersecurity. In the workplace, employees can continue to build their technical and non-technical skillsets through training and certification programs. These strategies enable people with the aptitude and desire to succeed in a field that direly needs them.
Hope on the horizon
The cybersecurity skills gap continues to plague businesses; cloud skills are particularly in high demand, especially as more organisations take advantage of cloud apps, multi-cloud, and hybrid cloud strategies. Data from multiple recent reports shows that organisations simultaneously face increasing cyber threats and a persistent talent shortage. Organisations can help bridge the cloud security gap with ongoing training for all employees and a new hiring mindset that’s willing to hire those who may not perfectly fit the job requirement but who have the ability and drive to succeed in this field.
To further help alleviate the skills gap shortage, organisations need to consider deploying a broad, integrated, and automated cybersecurity mesh platform as part of a sound cloud deployment strategy. This type of platform reduces the operational complexities such as allowing for consistent policies across on-premises and cloud instances, deep visibility, and simplified security. Effectively, this allows organisations to broaden their talent pool options when hiring and increase output while reducing workload of those teams already on-hand.
Find out more about how Fortinet’s Training Advancement Agenda (TAA) and NSE Training Institute programs, including the Certification Program, Security Academy Program and Veterans Program, are helping to solve the cyber skills gap and prepare the cybersecurity workforce of tomorrow.