The year 2020 has had a profound effect on everyone living on this planet. This is true even for the field of technology. Right until the pandemic hit us, the momentum of digital transformation was progressing at a snail’s pace. There were many, even questioning the necessity of it. But when faced with reality overnight, the same organizations and their IT teams scrambled, which resulted in total chaos from which the security industry is still trying to recover.
This sudden transition to a ‘perimeter less’ network, where everyone started logging in from any unsecured device, they could lay their hands on, led to significant spikes in cyberattacks. And this unanticipated responsibility of safeguarding the data, that was so freely available everywhere fell on the shoulders of the IT teams and to this day it continues to be their worst nightmare. Many of the woes that the industry is facing today can be directly related to the cyber security talent gap that is prevailing in the market.
Fady Younes, Senior Cybersecurity Director – EMEA Service Providers and Middle East & Africa, Global Security Sales Operations, Cisco, says “There is a huge shortage of skills, obviously, it was standing somewhere around 2.5 million couple of years ago. Now they’re talking about 3.5 million to 4 million shortages. This pandemic has thought us that unforeseen disruptions can strike us any time”
This lack of talent is also affecting the Middle East region. This region has always been at the forefront while embracing new technology, this was true even for the journey to the cloud and the organizations here were also caught off-guard when this global calamity hit. “Cybersecurity talent is short across the entire region. This is not a secret. And most government and private organizations in the region continue to suffer from the shortage of talent” says Dr. Moataz Bin Ali, Vice President and Managing Director, MEA for Trend Micro.
This glaring cyber talent skill gap, for sure, cannot be addressed overnight. It requires a concerted effort from both the organizations and the current talent pool and those who are aspiring to be a security professional in the future. One such option which can address this gap at a faster pace is to provide solutions that are simple, easy to use, easy to deploy and affordable.
Jonathan Mepsted, VP UK, Middle East and Africa, Netskope said “Complexity is the enemy of security and a lot of the CISOs I talked to, have got number of security products that they are using, at any given time on their portfolio and that’s crazy, because the budgets to employ people isn’t really growing at that sort of scale. And that feeds into skill shortage. So, SASE gives them a real opportunity to simplify. And another great approach to address the skill gap is to stripe out the complexities in your approach to security.”
Chris Hill, RVP Public Cloud and Strategic Alliances, Barracuda says “What we are doing to handle the Skill Gap is to ensure that the solutions we offer are easy to use, deploy and turn on, easy to maintain and is affordable. So, we are now offering SAS solutions, that our customers can turn on and configure in five minutes and be confident that they are protected.”
“We are also providing solutions that are not just easy to deploy and on recovery, we are also trying to identify a great way to find out what went wrong, the incident response. The bad guys are becoming smarter they find the weak chinks in your network and evade your defense mechanism and get to you directly. So, we see a tremendous opportunity in that aspect and with the millennials opting to the ‘self-service’ option, we as ISV help them deploy and provision and hence need to make sure that our products are everywhere to sell and this rise in the use of the marketplace is also helping the lack of talent.”
In addition to stripping off complexities in our approach to security we need to introduce automation and prioritization of alerts explains Fady from Cisco, this in his view not only offers a secure solution but also ensures that the solution is resilient, “If we are to learn anything from this pandemic its not enough for the solutions to just be secure, it has to be even resilient.”
SMBs are one of the worst hit in this entire ‘abrupt’ digital transformation journey, as many surveys predominantly reflect the fact that despite increased spending on IT, the small business are still unprepared for the escalating cyber risks. These businesses fail to prioritize budgets for security, since they are in need of both money and security talent. Most of the solutions available are way above their allotted budget. The most preferred option for these SMBs would be to partner with a right cybersecurity provider.
“There are hundreds of 1000s of cybersecurity job openings in the US alone, probably around the world, it’s in millions. I am very certain that smaller organizations will struggle to find and retain top cybersecurity talent. My advice to them, don’t try to do that by yourself. Don’t try to spend millions to build your own sub operations with your own threat hunting teams, partner with the right security provider, who can give you a force multiplier of your existing workforce.” explains Roland Daccache, Systems Engineer Manager MEA, CrowdStrike.
Another major constraint plaguing this sector is the retention of talent. With the market ready to devour any highly skilled person, retaining talented cybersecurity employees has become very expensive and challenging. Building skills in-house instead of looking outside the organization and offering support to your existing talent pool would rather be a reliable approach.
“Talented cybersecurity engineers and architects are now very hard to find. But we develop our own team. And we are keen to make sure that our internal teams are really adapted to the evolving threats. We provide regular trainings in the US and Europe, every now and then and make sure that our teams are really ahead. If not then the customers and partners will be in trouble.” said Emad Fahmy, Systems Engineering Manager Middle East, NETSCOUT.
With cybercriminals now shifting their focus on people and are getting to them using various social engineering techniques, the onus now is also shifting slowly from just the shoulders of cybersecurity experts to any one who has a digital presence! This further fuels the need to raise cybersecurity awareness among the masses and offering a people centric approach to security is fast emerging as a key challenge.
While emphasizing the importance of people centric solutions to address the skill gap, Haifa Ketiti, Senior Sales Engineer at Proofpoint said “People usually are the last line of defense. We’ve been encouraging organizations to enable users elevate their skill sets, letting them participate in enhancing the security posture, letting them be responsible for securing the assets in general. In fact, a recent survey on 1000 people in this region highlighted vast majority of organizations have employees who believe that they’re not responsible for securing the data, we have to change that! So, we have Proofpoint provide a security awareness and training platform that provides the tools and solutions to the customers. We believe in training users in real time.”
Organizations too have to play an active role in addressing this pain point by not just restricting all their awareness and training programs to just their employees and their partners but also include university and high school students, who will shape their future roadmap.
While highlighting the active role of Trend Micro in investing in cybersecurity talent in the region, Trend Micro’s Dr. Moataz, explains, “Trend Micro as a leader in cybersecurity is investing a lot in the region in establishing the Trend Micro Academy for college graduates to train and develop them and provide employment opportunities after graduation, but also opening up Co Op opportunities for summer training and Co Op student internship opportunities to train them in developing their security skills. We work with governments, to establish awareness programs and to establish public training programs to basically increase the skills and the talent that are needed to address the cyber security market. We just don’t adopt a vendor, partner or country specific approach. We don’t just try to utilize the skills, we try to develop them, nurture them, and grow them.”
“When you’re talking about skill gap, this is not just regarding channel partners, very important that even students coming out of universities, also need to be actually given a lot of essence around cybersecurity awareness. Hence, Check Point has launched a very important initiative, we call it the Knowledge Portal, wherein we are actually tied up with a lot of training partners, and offer courses in and around the checkpoint training portal, which is very important for the students to take on, it’s not necessary that he needs to be a channel partner to actually access it.” said Prashant Menon, Channel Manager, UAE at Check Point Software Technologies, Middle East.
When our team drilled down further to understand how UAE and the Middle East in particular is positioned to handle this cybersecurity skill gap challenge, Jonathan from Netskope, offers a positive outlook, he says “My first impressions about UAE suggests incredibly high level of skill sets. It’s a wonderful destination. This is the place where people want to be coming to from a financial point of view. And if you look at the global outlook, from an economic point of view, with the talks of impending recession doing rounds, UAE and Saudi are seeing explosive growth. I think this is going to attract the highest level of skills going forward. Netskope will look to consolidate on that.”
To summarize, with the increasing pace of digitization, cyberthreats are bound to increase and with that the need for the right talent to mitigate those threats. This dearth in skills can be addressed only when both the users and the organizations join hands and start working together to protect both the organizations and one’s personal digital identity.