The uptick in cyberattacks to date during the pandemic is well documented at this point. Networks are being transformed to accommodate the newly expanded remote workforce, and ransomware, phishing, insider threats, and other types of attacks are increasing as a result. IT and business leaders are already anticipating an increased need for more cybersecurity professionals in spite of the fact that the industry has been dealing with a skills gap for years now. However, the one silver lining in all of this is that for those individuals looking to change careers or reskill, there is a lot of opportunity in cybersecurity.
The Pandemic and the Rise of Cyberattacks
The shift to remote work has become a tempting vector for bad actors to pursue. FortiGuard Labs has observed a significant rise in cyberattacks directly related to this shift. Cybercriminals are the ultimate opportunists, and threat researchers saw a surprising volume of new threats aimed at remote workers in a short period of time, while more network-focused attacks declined. Rather than let a crisis go to waste, bad actors capitalize on it with an agility that enterprises only wish they had.
Remote work isn’t the only change that bad actors have been exploiting. There’s also the matter of FUD. It’s not news that cybercriminals will take advantage of fear, uncertainty, and doubt, often as part of social engineering campaigns, but we’ve seen that kicked into high gear over the past few months. It’s taking the form of campaigns related to COVID-19 that are targeting hospitals, medical equipment manufacturers, and health insurance companies, leveraging the fact that there is a shortage of medical equipment and supplies. There has been a similar uptick in attacks leveraging the Black Lives Matter movement.
The Need for More Skilled Professionals
The global shortage of cybersecurity professionals has now surpassed 4 million – according to a study conducted by (ISC)2 – which means the global cybersecurity workforce must now grow at a staggering rate of 145% each year just to meet the growing demand for skilled talent. This issue has become even more critical with the transition to a remote workforce model. IT teams are stretched thin as they work rapidly to scale and secure their network to meet new demands. Some organizations have even had to “repurpose” their cybersecurity staff to perform IT-related functions as the work-from-home shift occurred, making securing the new teleworker network configuration even more challenging.
Results are just about what you’d expect. 23% of respondents to the COVID-19 Cybersecurity Pulse Survey say security incidents have increased, with some reporting that incidents have surged as much as 100%. Fifteen percent of respondents felt their IT security teams do not have the resources they need to support a remote workforce. And while another 34% said they do, it is only for the short term.
Additionally, global shortages in talent also introduce risks. A recent survey showed that 73% of organizations had at least one intrusion/breach over the past year that was partially attributed to a gap in cybersecurity skills. Clearly, the need for skilled cybersecurity professionals is great—possibly the greatest it has ever been, in large measure due to current circumstances.
Bridging the Skills Gap with Artificial Intelligence
One way many organizations are choosing to tackle their skills gap challenge is with high-tech automation solutions. Security technology powered by artificial intelligence (AI) is helping organizations strained by the lack of security personnel quickly detect and respond to sophisticated threats. Organizations are able to help their limited security staff and fill critical voids by automating manual processes and threat alerts. An effective AI system deployed in a SOC, for example, can perform the tasks of several security analysts, and at much greater speeds. While this is one way to address the talent shortage, there are still many higher-order security tasks that are being left undone. Organizations must also look to their current resources, including their teams, to fully address this issue.
New Talent Pools, New Opportunities
As the concept of remote work becomes the norm, and infrastructures become more distributed, the need for IT professionals that have timely security skills and knowledge will only grow. Security specialists with cloud and DevOps expertise are especially valuable.
Employers and employees must find new ways to address this skills gap. To start, organizations must go beyond the traditional means of recruiting talent to fill security roles. This includes focusing on individuals with technology certifications, recognizing that such certifications demonstrate needed cybersecurity knowledge and expertise.
Certifications can update and enhance collegiate studies for working professionals, grounding them in the practical application of their knowledge. They can also help non-traditional candidates – those without a technical background – transition into a cybersecurity career. By stressing the value of certifications, organizations can expand their talent pool to cover non-traditional candidates, degreed professionals from other fields, and other groups that may not have been considered in the past.
This includes veterans and their spouses. These workers typically demonstrate a strong work ethic and attention to detail, have spent their careers in an environment focused on physical and cyber security, and are successful in fast-paced, high-stress environments – skills that complement the cybersecurity industry. Because they can play a vital role in closing the cybersecurity skills gap, organizations should do more to recruit them, including investing in the appropriate resources to fully leverage their specialized skill sets with training programs and specific hiring processes.
Because the need is great and resources are scarce, some organizations are currently making free training available. It’s an ideal opportunity for organizations to upskill their employees and for all who are interested in cybersecurity to learn or add to their skills base. This is especially valuable when considering moving potential candidates from within the organization’s IT team.
Overcoming Increased Risk
With the pandemic creating a massive shift to remote workers, and the consequent rise in cyber risks, finding individuals with cybersecurity skills is harder than ever. Employers and employees alike can help overcome this dilemma by making use of training and certifications – some of which are now free – to bring greater security to their organizations in the midst of these uncertain times.
Find out how Fortinet integrates AI and machine learning capabilities across our Security Fabric to detect, identify, and respond to threats at machine speed.