Balancing Human Expertise and Technological Resilience in Navigating the Cybersecurity Skill Gap

In our digital era, cybersecurity stands as the frontline defense for protecting sensitive information and digital infrastructures. However, the impending crisis of a severe shortage in skilled cybersecurity professionals looms large.

Cybersecurity Ventures predicts a global shortage of over 3.5 million professionals by 2025, a startling 350% increase in just eight years. Critical areas like threat intelligence, cloud security incident response, and application security are particularly affected.

To delve deeper into these challenges, Outlook Business and Sophos recently co-hosted a webinar titled 'Bridging the Cybersecurity Skillset Gap – Complementarities of Talent and Technology,' moderated by Vinita Bhatia, editor-startups for Outlook Business.

KPMG partner Vibhav Pachori highlighted the dramatic evolution of the field, accentuated by the rapid digitisation prompted by COVID-19. "Cybercrime," he quipped, "has become a booming business, ranking as the third-largest GDP globally, trailing only the US and China. The rise of crime as a service exemplifies the ease with which individuals can access hacker-for-hire services."

Vibhav further stressed a fundamental shift in how companies perceive the value of their digital assets, drawing a parallel with a refrigerator's perceived value when given away for free versus when priced at $50. The rise of cybercrime as a booming business, ranking as the third-largest GDP globally, underlines the ease with which individuals can access hacker-for-hire services.

Organisations must adapt to changing threats and work dynamics. A KPMG survey identified two significant trends: CEOs view cybersecurity as an ongoing threat to business operations, and the shortage of cybersecurity talent ranks as their most significant risk.

Bridging The Gap Through Talent And Technology

The latest NASSCOM report emphasises that the real gap in coping with evolving technological landscapes lies in the quality of skills. Organisations are actively addressing the cybersecurity talent gap by investing in technology platforms and comprehensive training programs.

These initiatives aim to equip cybersecurity professionals with the latest tools, techniques, and best practices. However, more innovative strategies are required to attract individuals from non-traditional backgrounds and promote collaboration across the entire cybersecurity value chain.

Rishi Sareen, director of technology at DTDC Express, stressed the increasing significance of cybersecurity, noting that it is now discussed at the board level in the company. "DTDC, in its proactive approach to talent acquisition, encourages participation from non-traditional backgrounds. We have initiated programs such as 'Dream, Dare, and Deliver (D3L)', partnering with educational institutions and community organisations to develop tailored certification programs that meet industry needs," Sareen revealed. Upon onboarding, recruits undergo mentorship programs, apprenticeships, and training, exposing them to the latest cybersecurity technologies.

Seconding this approach, Anand Budholia, president-IT and group CIO at BSES Delhi, highlighted the need for aligning with educational institutions to design customized courses. "BSES Delhi has partnered with the National Power Training Institute to offer cybersecurity courses tailored for the power industry. Additionally, we collaborate with other agencies to provide security-as-a-service as a solution to navigate the current talent shortage effectively," he said.

Filling the Senior-Level Roles

The critical gap in the cybersecurity workforce extends to understaffed security teams and a scarcity of senior-level professionals, leaving organizations more vulnerable to cyberattacks. While nurturing fresh talent is essential, filling senior-level cybersecurity roles is equally crucial. DTDC actively encourages internal staff interested in cybersecurity and employs hackathons to attract part-time staff.

Sophos' 2023 State of Cybersecurity report reveals a prevalence of ransomware attacks, emphasizing the need for tailored solutions addressing cyber threats and vulnerabilities specific to industries. A comprehensive risk assessment, including people, processes, and technology, is essential.

Atul Khatavkar, CISO at Serum Institute of India, recommends analyzing employee behavior, providing ongoing training on responsible platform usage, and using AI-based solutions to evaluate the effectiveness of cybersecurity training through real-time phishing simulations.

"Each sector must conduct a comprehensive risk assessment that encompasses people, processes, and technology," he advised. "For instance, the electric vehicle (EV) sector, which is experiencing a surge in sales, is susceptible to cyberattacks due to the digital connectivity of EVs and associated systems. Customised frameworks should, therefore, take into account the key aspects of people, processes, and technology while addressing industry-specific challenges."

Processes and Vendor Risk Management

Processes play a crucial role in cybersecurity, especially with the growing risks from third-party vendors. Comprehensive vendor risk management (VRM) protocols are imperative, as IT vendors and third parties are also susceptible. Ravindra Baviskar, Director of Sales Engineering for India and SAARC at Sophos, suggests that cloud partnerships could hold the key to addressing cyber threats.

"Cloud's flexibility allows organisations to assess use cases without on-premises installations, thus expediting deployment timelines. However, the shift to cloud environments, especially in operational technology (OT) and the Internet of Things (IoT) ecosystems, where traditional perimeter security is often inadequate, has introduced new cybersecurity challenges," he claimed.

The increasing complexity of cyber threats and the overwhelming number of security alerts have fueled the adoption of security automation. Technologies like AI and ML promise to fill the talent gap by facilitating process automation, enabling advanced analytics, and supporting managed services. These technologies can process vast data volumes faster than humans, significantly enhancing cybersecurity offense and defense capabilities.

Nadir Bhalwani, CITO of CareEdge Group, emphasised that investing in technology, particularly AI, offers cost-effective benefits. It enhances efficiency, provides precise decision-making, reduces costs, and ensures real-time threat detection and response, ultimately enhancing the entire cybersecurity landscape.

“With data accessed remotely and online, the volume is vast. Real-time analysis is challenging, especially when making quick decisions. AI and ML play a crucial role in addressing the information overload and ensuring real-time threat detection and response, ultimately fostering cybersecurity skillset development," he pointed out.

The cybersecurity skill gap is a multifaceted challenge that extends beyond personnel shortage. This formidable battle encompasses evolving threats, a scarcity of skilled professionals, and the need to bridge the talent divide with technology solutions. However, with a combination of human expertise and technological capabilities, organisations can stand resilient against the relentless tide of cyber threats.

Disclaimer: The above is a sponsored post, the views expressed are those of the sponsor/author and do not represent the stand and views of Outlook Editorial.