Australia continues to grapple with the ramifications of a huge cybersecurity skills shortage, highlighted by another recent large-scale data breach. The big concern is whether the nation even has the resources to strengthen resilience.
Recently, e-prescribing company MediSecure was the victim of a major ransomware attack. Along with other major incidents such as Optus, Latitude Finance and more in recent years, the event was a reminder of the continued and urgent need for trained cybersecurity professionals.
This need for cybersecurity skills grows by approximately 5,000 workers per year. Unfortunately, the national university system is only expected to be able to scale to produce around 2,000 experienced cybersecurity workers per year by 2026. That shortfall means more organizations will be put at risk and undermines the entire Cyber Security Strategy 2023-2030, the Australian government had designated as a central strategy.
In short, Australia cannot solve the shortage by maintaining the status quo. A multi-faceted cybersecurity strategy, supported by investments to expand cyber capabilities, will help Australia address the root causes of why so many data breaches are reported so frequently. But it will take a combination of industry, government, the private sector and individuals to work collaboratively.
Seven possible solutions to this cybersecurity enigma
Overcoming the growing gap between the demand for cybersecurity skills and their availability in the labor market requires a multifaceted approach.
Encourage people to improve their skills
Enabling people with existing skills to add cyber security to the mix is a simple way to bolster the overall depth of skills within Australia. The incentive is there, as there is greater earning potential for having cybersecurity skills. It simply requires better access and availability of flexible training (such as online and evening courses), so that people can study while they work.
Develop capabilities in the university sector.
Cybersecurity will be a lucrative career opportunity, so combined with targeted programs it should be possible to increase graduates with capabilities across sectors beyond current projections.
Improve pathways for international talent
In the recent federal budget, the Australian government announced a plan to reduce the total number of immigrants entering the country, but to make it easier for skilled immigrants to obtain visas.
With most countries around the world experiencing cybersecurity skills shortages, the social, lifestyle and professional benefits of living in Australia should help the country remain in demand for skilled migrants.
SEE: Women in cybersecurity: ISC2 survey shows pay gap and benefits of inclusive teams
Work with industry to develop solutions.
Google recently announced plans to integrate AI into its cybersecurity products, and increasingly, there are tools available at the consumer level, like Bitdefender's Scamio, that can help people manage their own security risks.
Increase investments in cybersecurity
Teams in higher-risk sectors such as banking and healthcare can be expected to increase investment in cybersecurity as protecting their customers is in their best interest. This may mean it will be even harder for organizations outside those sectors to find talent, but it should mean that across the country breaches have less of an impact.
Implement digital identification solution
The government is taking steps to protect the nation with a digital ID solution that, while controversial, would mean people do not need to send critical forms of identification to private companies to apply for loans, home rentals, etc. Because your data will not be held across multiple private companies, people can have greater confidence that if any of them were breached, cybercriminals would still not be able to access their identifying information.
Invest in the nation's education
Technology tools will help, but cyber security should also be treated like fire safety or first aid, and all Australians should be encouraged to develop a basic understanding of security best practice and then continue to update that knowledge on a regular basis. .
How cybersecurity leaders can help manage risk in the face of skills shortages
For cybersecurity leaders, it may seem counterintuitive, but the goal should be to leverage technology and partnerships to reduce your team's workloads. For internal security teams to be effective, they must transition their roles to become more strategic and focus on oversight, rather than being in the proverbial trenches.
To achieve this goal, cybersecurity leaders should:
- Partner with Managed Security Service Providers: Cybersecurity professionals should consider partnering with managed security service providers to expand their capabilities. MSSPs can offer a variety of services, from 24/7 monitoring to advanced threat detection and response. This partnership allows internal teams to benefit from the expertise and technology of MSSPs and can fill gaps in internal team capabilities.
- Participate in public-private partnerships: Public-private partnerships can be a powerful tool in combating cyber threats. By working together, the public sector and private companies can combine their resources and expertise to develop stronger security frameworks. These partnerships can also facilitate the sharing of threat intelligence and best practices, improving the nation's overall cyber resilience.
- Prioritize strategic risk management: It is essential that cybersecurity professionals prioritize strategic risk management. This involves identifying the most critical assets and vulnerabilities within an organization and focusing efforts on protecting these areas. By taking a risk-based approach, professionals can allocate their limited resources more effectively and ensure the most important risks are mitigated.
- Focus on strengthening the role of the CISO within companies: Today, the CISO is considered one of the relatively “junior” roles within senior management, and the CIO remains the one who oversees the strategic direction of IT. Smaller companies often have no CISO at all. This should be changed by recognizing that good cybersecurity is a strategic priority, because by eliminating IT risks, organizations can make better use of it. Across the organization, more effort should be made to engage security teams with other IT operations.
