The Growing shortage of cybersecurity personnel to combat incidents

 

Introduction

 The internet-based threats have accelerated in today's world. According to recent research, the root cause of cybersecurity incidents is the cybersecurity skills shortage. The Chief Security Offer  (CSO) reports that cybersecurity skills shortage is contributing to the cybersecurity threats in that  31%  of cybersecurity professionals report they lack security training, 22%  say there is a skills shortage, 20% say business executives lack oversight on cybersecurity, and 18% say a heavy workload and shortage of personnel. This report indicates that organizations whether big or small are at risk of cybersecurity threats due to a shortage of personnel. Thus, there is a cybersecurity talent gap hence causing cyber-attack attempts.  However, the cybersecurity team has come up with response plan to protect intellectual property, customer information, and other elements. The cybersecurity response team such as IT leadership, senior managers, and other members have come up with common goals of protecting the infrastructure, preventing financial liabilities, and other goals. However, it is important to focus on cybersecurity professionals and address the unfilled positions to combat cybersecurity threats. To address the professionalism issue, professional associations in both public and private entities should develop national-level strategies toward addressing the cybersecurity talent gap.

            Organizations have come up with a response plan as part of cybersecurity incident management. They have been using supplementary knowledge to create cybersecurity strategies.  The response team has a technical know-how, communication mechanism, and they also classify the cybersecurity incidents and assign roles to the incident handler (Fields & IGI Global, 2018).Another point is that the response team focus on assessing the new technologies since the cyber-attacks are using advanced technology to launch attacks. The team work with the government to protect the critical infrastructure and to build resilience. The organization is also committed to a research-based on cybersecurity design to safeguard the environment and prevent cyber risks (Fields & IGI Global, 2018). However, there are barriers to the response plan in that the organizations are facing challenges in that they lack security practices. In other words, the available personnel lack security training, and again, there is a shortage of personnel making it hard to implement security capabilities (Crumpler & Lewis, 2019). Even though organizations have come up with a response team, they still need security specialists to handle security.

  Crumpler & Lewis (2019) affirm that cybersecurity threats are increasingly growing yet organizations continue to face the challenge of shortage of skilled cybersecurity professionals.  The alarming rate of cyber threats indicates that organizations need capable individuals who would protect the security networks. The Center for Strategic and International Studies (CSIS) conducted a survey and found that employers say that their organizations have a shortage of cybersecurity skills and others reported a talent gap. The National Initiative for Cybersecurity Education found that in 2019, there was a talent gap of 341,000 in the U. S.  Since 2015, there has been a skill gap of 50% and it is estimated that the skill gap with reach 1.8 million by 2022 (Crumpler & Lewis, 2019). The CSIS also reports that cybersecurity organizations do not only suffer from workforce shortage but also lack highly-skilled staff. This indicates that there are no experts to design a secure system, design sophisticated security tools, evaluate the system to detect malicious acts and other roles. For example, the U.S has only 1,000 security specialists within cybersecurity yet the required number of security specialists is 10,000 to 30,000  (Crumpler & Lewis, 2019). A point to note is that within the cybersecurity, the most important skills needed are technical skills. However, it is difficult to find personnel with technical skills to such as secure software development and other skills. In general, there are no cybersecurity professionals to manage software and networks.

 Burrell (2020) adds that women are underrepresented in areas such as computer science, Technology, and Mathematics. This means that Information Technology Departments lack cybersecurity professionals merely because of a lack of specialty. A point to note is that women should also enter into these domains to gain knowledge and skills since modern organizations require diversity. Diversity means working with experts with different thinking and perspectives so that the organizations solve problems and achieve operational successes (Burrell, 2020). Thus, it is important to include socially diverse groups in these domains for organizations to gain intellectual capacity. Back on the topic, there is a shortage of cybersecurity personnel merely because women and people of color are not allowed to enroll in STEM fields. A point to note is that the costs of cybercrimes in the U.S is $400 billion annually (Burrell, 2020). This indicates that cybersecurity professionals are needed to protect the organizations of cyber threats. However, there a shortage of professionals given that in 2019, the demand for professionals was 6 million yet there was a shortfall of 1.5 million (Burrell, 2020). The nature of cyber threats raises questions such as "where will the cybersecurity professionals come from yet women and people of color are underrepresented in computer sciences? Note that since 1995, the field of computer science has been male-dominated (Burrell, 2020). To address this problem, women and minorities should be allowed to acquire STEM degrees.  

 

 

Recommendations

The National Institute of Standards and Technology has organized 21 agencies to address the issues of cybersecurity jobs and address cyber threats (IRMA, 2020). In other words, the issue of skill shortage needs to be addressed by professional associations in that the advocates will develop a relationship and come up with statistics and facts of personnel shortage.  Professional associations will also develop certification and training and lead efforts towards developing an education program (IRMA, 2020). Professionals associations should also work with the healthcare industry to come up with a unified conglomerate to help the organization maximize security. CSO adds that organizations should conduct an assessment to identify the skill gaps and implement strategies and plans to bridge the gap (Oltik, 2017). For example, employers should attend training courses and mentoring programs to gain cybersecurity skills.

  Another recommendation is that the National Security Agency should collaborate with educators to identify the computing fundamentals and also implement standardized performance measures (Crumpler & Lewis, 2019). The educators should be in the forefront to establish a cybersecurity curriculum and competing fundamental, and also incorporate practical skills so that students can gain skills and knowledge and apply the knowledge to the cybersecurity environment. The curricula should include soft skills so that students can communicate skills,   networking, problems solving and more (Crumpler & Lewis, 2019).Employers should participate in eliminating the skill gap by communicating to the educators about the needs of industries. There should be retaining programs within the organizations to help the workforce improve learning and develop more skills. 

 

 

Conclusion

 Without question, there is a skill gap within the cybersecurity. Surveys and reports indicate that there is a shortage of cybersecurity professionals hence cybersecurity threats. Note that the new technology has enabled the attackers to conduct nefarious acts such as phishing. Malware, and others. Organizations have tried to create a response plan but still, they have not combated the nefarious activities The paper asserts that organizations should address the problem by identifying the skills gaps and talent shortage and employ experts including women and people of color to combat the cybersecurity threat. In general, the cybersecurity organizations should focus on professionalizing cybersecurity. This is because there is complex technology yet organizations have no specialists who would manage networks and systems.

 

 

 

 

 

 

 

 

 

 

 

References

 Fields, Z., & IGI Global,. (2018). Handbook of research on information and cyber security in

the fourth industrial revolution.

 Crumpler, W., & Lewis, J. A. (2019). Cybersecurity Workforce Gap. Center for Strategic and

International Studies (CSIS).

 Burrell, D. N. (2020). An exploration of the cybersecurity workforce shortage. In Cyber Warfare

and Terrorism: Concepts, Methodologies, Tools, and Applications (pp. 1072-1081). IGI

Global.

  The Information Resources Management Association (IRMA). (2020). Cyber warfare and

terrorism: Concepts, methodologies, tools, and applications. IGI Global, 

 Oltik Jon. (2017). The cybersecurity skills shortage acts as a root cause for security events. CSO https://www.csoonline.com/article/3237803/the-cybersecurity-skills-shortage-acts-as-a-root-cause-for-security-events.html