As the need for cybersecurity skills soars, how can organisations address the talent gap?

As the need for cybersecurity skills soars, how can organisations address the talent gap?

Nick Taylor, Security Lead for Accenture UK and Ireland, explains how organisations can address the cybersecurity skills gap.

We’ve recently witnessed a monumental shift to remote working, changing business priorities and the reconfiguration of supply chains. While businesses have had to overhaul how they operate, cyberthreat actors have been quick to take advantage of these changes. There are increasing numbers of attack vectors and new vulnerabilities to exploit. So much so that, according to Interpol, threat actors are moving their focus away from targeting individuals and now organisations are back on top as the most lucrative opportunities.

Businesses know this only too well. Accenture’s UK Tech Talent Tracker, which analyses data from LinkedIn’s Professional Network to uncover the latest trends in the UK’s technology jobs market, found that job postings for cybersecurity experts had increased across many cities since the end of 2019. In fact, in July, 39% of the total tech job postings we tracked across the UK required cybersecurity skills.

That’s good news for prospective cybersecurity employees but presents a real challenge for stretched teams who are being tested like never before. Here are just a few ways businesses can look to address the gap:

Expand your horizons

Competition for the right talent is fierce. Remote working might present a security challenge, but it also comes with its advantages. Businesses can look beyond their immediate talent pool, as professionals offer value and expertise from any town or city in the country.

For a long time, skills have been concentrated in the capital. While 22% of cybersecurity professionals in the UK call London home, we are starting to see signs that this may change. People are arming themselves with cybersecurity skills at a faster pace in other regions of the country. Both Manchester and Leeds saw the ‘supply’ of cyber talent increase by 13% in the first half of 2020, and in Cardiff the talent supply rose by 17% – compared to 8% in the capital.

Supporting these emerging talent hubs is also key for future recruitment. Organisations must be looking to invest in talent through the likes of training programmes and apprenticeships, as well as upskilling or reskilling existing employees.

Automate where it makes sense

There are many tools that enterprises can consider investing in to help fill the talent gap. The top of the wish list for many is automation. Investments in advanced technologies, such as Artificial Intelligence, Machine Learning and robotic process automation, are already rising substantially. Today, 84% of organisations spend more than 20% of their cybersecurity budgets on tools that use these three technologies as fundamental components.

Automation can be used to simplify some processes that can actually benefit from limited human intervention. Tool deployment is a good example of this. To better protect remote workers, many teams have deployed endpoint detection and response tools (EDR). But by building analytics and automation into this, teams could reduce the amount of human intervention required and better protect multiple devices in less secure locations.

Other tasks that benefit from automation are security event response and rule management. SOAR (security orchestration, automation and response) tools gather data from a wide range of sources, allowing machines to interpret threats and automatically respond as appropriate. Adopting automation tools for these tasks will allow teams to make the most of the skills that matter and prioritise a proactive, rather than a reactive, approach to security. Conducting threat intelligence research, red teaming exercises and penetration testing are higher-skilled practises that can help security teams get a step ahead.

Build better business resilience

No matter the tools in place, employees will always be your first line of defence. In the past, educating users about threat actors has often been patchy, with blanket training for all and a lack of focus on the areas most at risk. Teams should instead now look at rolling-out tailored, interactive training – particularly as home networks are 3.5x more likely to have at least one family of malware.

This is something Accenture has focused on, enrolling over 350,000 people in a Security Academy which teaches cybersecurity basics through simulations and game-like scenarios. As a result, there have been 66% fewer failures on social engineering tests. These programmes can also measure individual human vulnerability. With more analytics available, organisations can prioritise the areas that need additional support.

Employers will need to think creatively to ensure they have the skills needed to adapt to ever changing security threats and demands. But with new regional tech hubs emerging and more tools than ever at their disposal, security teams can take steps to address the talent gap at a time when it’s needed most.

Browse our latest issue

Intelligent CISO

View Magazine Archive