By Greg Hatcher
With cyberattacks on the rise, cybersecurity is more important than ever. Yet manufacturers and organizations of all kinds are struggling to retain top-notch cybersecurity experts. If your enterprise is staring down the cybersecurity skills gap, here are the steps you can take to fill it.

According to the International Information System Security Certification Consortium (ISC2), the world’s largest nonprofit for cybersecurity professionals, almost 3.4 million more cybersecurity workers are needed than are currently available. Since the number of cybersecurity employees worldwide is about 4.7 million, the global workforce would almost need to double to meet the current demand.

In addition, that demand is unlikely to stop growing. ISC2 notes this sector’s gap between supply and demand increased 26.2 percent in 2022, and concluded the world has a “dire need of more people” in these professions.

This shortage of qualified cybersecurity personnel means organizations can find themselves understaffed. According to one survey, 70 percent of participants reported their organization lacks sufficient cybersecurity staff for effective protection, meaning their organizations are at increased risk from cyberattacks. Indeed, 68 percent of the survey’s respondents said their organizations face additional threats due to staffing issues. Over half of these respondents gauged their organization’s risk level as “moderate” or “extreme.”

Schneider Bold

As the report explains: “A cybersecurity workforce gap jeopardizes the most foundational functions of the profession like risk assessment, oversight and critical systems patching.” Meanwhile, cybercriminals haven’t slowed down their efforts.

Sophisticated Cyberattacks on Rise
Cyberattacks have been on the rise since the start of the COVID-19 pandemic. According to a 2023 Statista report, there were 480,000 cyberattacks in 2022. As of 2023, over 1 billion malware programs were in circulation. More than 20 percent (and up to 45.7 percent) of all HTML attachments in emails are from hackers.

If that wasn’t already bad enough, today’s cybercriminals launch increasingly sophisticated attacks. Emails are tailored to convince recipients of their authenticity, and targets are approached from multiple directions at once. Cybercriminals are even finding ways to circumvent multi-factor authentication.

This year, cyberattacks are expected to cost organizations over $452 billion in the U.S. alone, but if sensitive or confidential information is stolen, organizations can even be found liable and face fines in addition to legal fees. These incidents can also grind operations to a halt, resulting in an idle team.

Meanwhile, news of the cyberattack serves as a negative PR campaign, dragging down the organization’s reputation. As a result, business partners and customers can sever ties with the organization, and revenue can disappear.

Manufacturing a Top Target
Manufacturers are one of cybercriminals’ top targets, clocking in at nearly 20 percent of 2023 ransomware incidents – higher than professional, scientific, and technical services at 15.3 percent and educational services at 6.1 percent, respectively. American manufacturers are at particular risk since the U.S. is the most targeted country, followed by the UK and Germany.

According to Statista, American manufacturers suffered from 250 cyberattacks in 2022, and the cost of the average breach was approximately $4.47 million. About 24 million American users’ data was stolen, and the attackers demanded money — usually in the form of cryptocurrency — or else sold it on the black market.

Given this alarming situation, manufacturers and organizations of all kinds should take steps to address their vulnerabilities without delay.

Solving the Shortage
The first solution is to attract and retain talent with a holistic approach that asks what these highly coveted tech workers want and strives to give it to them. Luckily, research has been done to determine the priorities of tech professionals in the workplace.

Many cybersecurity employees have expressed interest in hybrid work schedules. While only 18 percent want to be fully remote and 34 percent want to return to the office, nearly half want the option to do both, and 95 percent of these workers consider the option to work remotely important. Additionally, 63 percent of respondents say if they didn’t have this option, it would affect their willingness to stay, while 64 percent said they would require a 20 percent pay increase to return to the office full-time.

That brings us to the next point: Money isn’t everything to these professionals. Flexibility can mean more to them than mere dollars because they have responsibilities at home and want to enjoy their lives. They also want to avoid wasting time on unnecessary commutes, as well as greater access to their peers and leadership, valuing connection and mentorship. That’s why about 44 percent of these professionals also want to come into the office periodically.

Today’s AI-based applications can also help organizations plug their cybersecurity holes. These advanced technologies can process mountains of information to spot anomalies and flag potential attacks almost as quickly as they begin and automate patch management and other key processes to help your IT staff better cope with their workload.

Another possibility is to consider leaning on expert consultants who can help plug any gaps in the short term and create action plans for your organization’s long-term success.

Make Cybersecurity a Priority
No manufacturer wants to shell out almost five million dollars due to a cyberattack. Preventing these incursions means investing in a robust team of cybersecurity professionals. This can be achieved by creating HR policies to appeal to these workers, implementing AI-based solutions, and consulting outside experts.

Cybercriminals don’t wait for organizations to get their defenses in order. They actively seek any weakness they can find, which is why organizations of all kinds need to make attracting, hiring, and retaining cybersecurity talent a top priority today.
Greg Hatcher is the founder and chief executive of White Knight Labs. He has taught at the National Security Agency (NSA) and led red teams while contracting for the Cybersecurity and Infrastructure Security Agency (CISA). White Knight Labs specializes in red-team engagements and penetration testing to improve businesses’ security.

ISSSource

Pin It on Pinterest

Share This