Cybersecurity’s too important to have a dysfunctional team, says David Spillane, Systems Engineering Director at the cyber company Fortinet.
Technology is at the heart of business operations across almost all sectors and for entire industries to continue to operate, the recruitment and retention of tech talent, in particular coders and software engineers, has become a crucial business battleground. However, finding and retaining people with these key skills remains a major challenge for many organisations. As TechNation has found, not only does the UK technology sector have a talent shortage, but due to this, overall growth will likely be stifled.
People with digital skills which enable companies to build innovative products and solve problems are in higher demand than ever. To attract them and allow them to deliver their full potential, a stable and secure environment maintained by cybersecurity professionals needs to be in place as a bare minimum – which also needs specialist skills. According to (ISC)2’s 2021 Cyber Workforce Report, the global cybersecurity workforce needs to grow by 65 per cent to effectively defend organisations’ critical assets – currently, far too many businesses are having to make do without skilled personnel to hand.
Complacency is not an option. Breaches mean recovery costs, fines, loss of revenue, reputational damage, and more. Given its importance, cybersecurity should not be left to chance; it must be placed in the hands of highly trained and competent people. Therefore, in an ongoing fight for talent, what can businesses do to bolster their cybersecurity teams?
Plugging the skills gaps
Cybersecurity can be difficult to recruit for because of the need for ongoing training and round-the-clock vigilance. Technological advances quickly make previous cybersecurity systems less relevant, forcing professionals to remain on top of the latest trends and innovations. The job also requires people who can remain composed under pressure, a soft skill which is hard to develop and therefore attracts a premium once identified. Recruitment is only half the battle. Businesses also face challenges in retaining talent and providing continuous training, all of which magnifies the skills shortage.
A recent Fortinet report has shown that 52 per cent of leaders believe their employees still lack necessary knowledge. This can lead to dysfunctional teams which are unprepared to handle sophisticated attacks. Adding to the problem is how some employees, who are in fact knowledgeable in these roles, start to feel burnt out due to excessive workload, in part because the burden cannot be shared by others who are less capable.
Every business must take stock of what skills they have within their organisation and where their blind spots and key vulnerabilities might be. Only then, will they be aware of the skills they need to address the shortfall. Further economic storms might see cybercriminals try more sophisticated methods to access information. The Fraud Advisory panel has stated that “the risk of fraud to businesses is at its greatest in times of economic downturn.” For this reason, if the economy continues to face difficulties, it could in turn make for an even more challenging cybersecurity landscape and increase the need for robust and knowledgeable defence teams.
With such difficulty recruiting and maintaining staff, one option businesses should consider is training and reskilling programmes for existing staff to help bridge the gap. Current cybersecurity professionals can solidify what they already know and stay up to date on the latest learnings. Along with cybersecurity professionals, other technology professionals can be trained and recruited into these roles. Technology professionals are likely to have an affinity for the types of skills needed to succeed in cybersecurity.
Non-technical people by background, may still be able to learn what is needed to perform in these roles, especially if businesses are willing to invest and cover the cost of the training. When there is a skills shortage, as is the case, and when vacancies outstrip the available talent, organisations need to be prepared to be imaginative in finding solutions. Alongside this, arming all teams, regardless of their skills and experience, with the right tools and support is essential. Working with knowledgeable and trusted partners can help outsource some of the work and offset any skills gaps as the external partner becomes an extension of the in-house team.
Leading by example
Teamwork is an essential part of working in a business and this is just as true of cybersecurity teams. Due to the constant vigilance required, it helps cybersecurity professionals to know they have people around them, with whom they can share the workload. There are five fundamental qualities that make every team great: communication, trust, collective responsibility, caring and pride. Everyone individually is important, but it is in coming together that they become unbeatable.
Effective teamwork begins and ends with communication. It does not always occur naturally, but it must be taught and practised in order to bring everyone together as one.
Along with a strong and functional team, a good leader is essential. Cybersecurity teams have stressful jobs, with the whole company looking to them in times of crisis (which can be heighted during economic instability). For this, the cybersecurity team requires a capable leader under pressure to help engender trust across their staff. They must also be able to advocate for the team if some are burnt out or require further training.
Leadership should also look to create initiatives that can support employees with their workload and stress. If cybersecurity professionals are better supported, they are less likely to seek opportunities elsewhere, reducing staff turnover.
A constant state of readiness
Business growth depends on the ability for organisations to work safely and securely, which can only be done with a functional and knowledge cyber security team underpinning operations. To address the skills gap means identifying creative ways to nurture more talent into those key roles.
Investment in training and re-skilling programmes for current and new talent must now be central to budgets and plans, both to bridge the skills gaps and ensure organisations remain alert to evolving threats – as hackers adapt, so too must defences.
Just as crucially, businesses must nurture cultures of support based around strong leadership so staff can work successfully without stress or burnout.
The current cyber threat landscape is particularly hostile and presents clear challenges as a result. It is only through investment in the right people and resources, both internally and externally, that business leaders can hope to keep the hackers at bay.
