Why is Asia plagued by a cybersecurity talent crunch?
Cybersecurity is a critical aspect of business that organizations can’t afford to take lightly.
From email to network security to endpoint security management, there’s a litany of things to watch out for when it comes to cybersecurity.
Admittedly, cybersecurity isn’t a cheap investment. Not only are solutions pricey, but maintaining them yearly can be a costly affair.
This has often led to IT security teams having trouble justifying these costs to senior management and board members of their companies.
Cybersecurity takes a backseat
Most companies want to digitally transform to remain competitive and increase their revenue. But many fail to realize that migrating to new systems, services, and offerings needs to be done in a secure manner.
Shockingly, and very worryingly, research by Trend Micro showed that 90% of IT decision-makers claim their business would be willing to compromise on cybersecurity in favor of digital transformation, productivity, or other goals.
Additionally, 82% also felt that they have been pressured to downplay the severity of cyber risks to their board. The research reveals that just 50% of IT leaders and 38% of business decision-makers believe C-suites completely understand cyber risks.
While some think this is because the topic is complex and constantly changing, many believe those in C-suites either don’t try hard enough (26%) or don’t want (20%) to understand.
Sure enough, there are myriad managed service providers (MSPs) that offer cybersecurity protection services to businesses.
However, the costs of depending on MSPs or a Shadow IT team for cybersecurity may pose a risk as well.
For example, businesses around the world had trouble accessing their systems when Kaseya, an MSP provider, suffered a ransomware attack.
While the cybercriminals targeted the MSP provider, the impact was severe enough to affect businesses all over the world.
Building a team of cybersecurity professionals
As emerging technologies have enabled an increase in AI-driven security solutions, businesses still need to have a cybersecurity team to be physically around to help them manage it. Unfortunately, there are simply just not enough skilled talent in the cybersecurity industry available to meet growing demand.
Salary figures in cybersecurity have proven to be higher compared to other IT roles in an organization. But even so, people are still not interested in working in this field.
According to The Life and Times of Cybersecurity Professionals 2021, a research report by the Information Systems Security Association (ISSA) and industry analyst firm Enterprise Strategy Group (ESG), the top ramifications of the skills shortage include an increased workload for the cybersecurity team (62%), unfilled open job requisitions (38%), and high burnout among staff (38%).
The report which surveyed 489 cybersecurity professionals also showed that 95% of respondents state the cybersecurity skills shortage and its associated impacts have not improved over the past few years and 44% say it has only gotten worse.
Notably, the three most often cited areas of significant cybersecurity skills shortages include cloud computing security, security analysis and investigations, and application security. These areas should be the focus for cybersecurity professionals when looking to develop skills.
Going back to Southeast Asia, the demand for such roles to be filled signifies the problem in the industry. There are simply just not enough professionals available in the market to fill up these roles. Some organizations have already reached out to foreign talents, with the hope of bringing them in to fill up these roles.
In fact, most senior IT roles in Southeast Asia, especially in large enterprises are normally held by employees originating from India or China. While there is no problem with this, companies have been facing the call to develop and produce more local talents as well.
What industry players are doing
For SMEs, establishing a cybersecurity team is unfortunately not at the top of their list of priorities.
SMEs often outsource their cybersecurity protection to MSPs, which is still good enough as they are protecting their business. However, in the long run, SMEs should be looking to build a security team, especially as they are the kinds of businesses most targeted by cybercriminals.
Larger enterprises and organizations are now looking to hire tech talents directly from universities and institutes of higher learning as a means to develop these graduates’ competencies the moment they graduate. Yet, despite this, most students are fond of the idea as they do not want to be bonded to a particular organization.
To help with skills development, big tech companies have themselves taken the role of ensuring the skills shortage problem is solved.
In Singapore for example, Dell Technologies recently announced a joint commitment with four Institutes of Higher Learning (two polytechnics, two universities) to enhance the pre-employment training curriculum for over 5,000 tertiary students over the next two years.
The program seeks to build and attract a robust talent pipeline for the local information and communications technology sector by equipping the students with industry-relevant skills.
Dell Technologies will co-develop new content for curriculum modules, specialist diplomas, and degree courses focused on critical core skills tied to new and emerging technologies such as cloud computing, data analytics, the Internet of Things (IoT), and digital cities management.
Additionally, the Singaporean and British governments signed an MoU to collaborate on improving cybersecurity professional development and build a cyber security skills base.
This includes possible initiatives relating to mutual recognition of qualifications and diversity so that both societies are future-proofed and are equipped with the skills and professional standards they need to support the needs of the ever-evolving digital economy.
Apart from Singapore, tech giants have also partnered with regional governments and universities to help develop more skilled employees in tech, including cybersecurity.
The only question now is, will they be able to produce cybersecurity professionals quickly enough to fill the gap?
Whatever it may be, the reality is, the industry is having a massive shortage. Even if MSPs are able to help businesses solve the problem, in the long run, companies, especially large enterprises will want to have their own security team to manage all their cybersecurity.
Solving the cybersecurity issue
It is really uncertain why is there a lack of interest in cybersecurity jobs. After all, the training and salary packages offered are often one of the highest in the IT sector as well. Perhaps the field of cybersecurity is just not appealing enough to most IT professionals. For some, the job may seem mundane and not exciting enough, as compared to being an app developer or a programmer.
Another concern is the general mindset towards cybersecurity roles. Cyberattacks and data breaches are becoming rampant. Whenever a data breach occurs, the security team would be held responsible, even if it was due to a breach by a third-party provider, or via legacy infrastructure that was not upgraded by companies (despite being advised to by the very people tasked to overlook the area).
Even with modern technologies automating most processes and detecting breaches, the full responsibility would still eventually fall on the physical IT security team. And perhaps for some, the responsibility that comes in ensuring the company’s and consumer’s data are secured may just be one that’s too heavy to bear.
However, this mindset needs to change. Modern technologies are have enabled better data security and recovery process, which provides some ease with which cybersecurity processes can take place.
With that said, unless the mindset towards cybersecurity roles is changed, the region will continue to see a talent shortage for some time.
Note: The views represented here are of the author’s and do not represent Tech Wire Asia.