Hacking Cyber Security’s battle for workers

According to a new study, 95% of Cyber Security professionals are experiencing factors that would make them likely to leave their role in the next six months. As many as 40% said they are experiencing stress and burnout, harming not only their motivation to get jobs done but also their personal life. 

The industry cannot keep up with the pace at which technology, new products, and the needed technical skills are evolving. Every 39 seconds, there is a new cyberattack. Now, amid the war between Russia and Ukraine, the threat has increased again – more than 7 in 10 UK critical national infrastructure (CNI) organisations have observed a rise in cyber-attacks since the start of the Russian Invasion.  

Cyber attacks are increasing exponentially, cyber professionals are quitting, and ultimately, no one is replacing them. Worldwide, the cyber workforce shortfall is approximately 3.5 million people. We have a mountain to climb. While there are rising numbers of people with security degrees and qualifications, this falls way short of industry demand. The problem is deep-rooted and starts early – the number of young people taking IT subjects at GCSE level has dropped by 40% in the past six years. 

And beyond that, higher education can’t keep up either. The curriculum, which can take years to amend, would have to be adapted just as rapidly as the landscape. As such, the quality and depth of learning vary significantly between students, courses and institutions. We’ve interviewed candidates whose final year projects range from building their own IDS system, which is highly technical, to a report on GDPR. It’s neither the student nor the universities’ fault, but it does display the difficulty in standardising this subject and establishing a baseline of what “good” looks like.

Providing support from an internal perspective, such as sponsoring people through their degree programmes and doing apprenticeships and internships, will become crucial. Looking beyond the classroom will give potential recruits the practical and theoretical skills to grow and develop more quickly. For example, one young student who joined us for his industry placement during University has finished their degree and recently joined us as a Systems Test Engineer. It’s proof that incorporating real-life experience can be a guiding hand to support career entrants and graduates into the cyber world. 

But it doesn’t stop there – a new cyber security education pathway is a long-term solution to an imminent crisis. There must be a greater readiness to upskill employees and take on candidates from diverse career backgrounds. Internal training for the current workforce should never stop. A smart way to go about this is to create and provide a predefined plan that details the next steps in their development journey. Customised for each employee against the gaps in their skill sets and emergent technologies, it clarifies what course is needed, what accreditation is required, and what expertise would set them up for success.

Across the board, more clarity is necessary. First, people overlook the sheer scope of cyber. One can’t be an expert in everything, so every cyber security professional focuses on a subset of topics and becomes an expert in them. Many people considering or looking to move into a cyber career are not familiar with the various fields you can enter. We’ve seen graduates with software and engineering degrees, who were up to speed on programming, but didn’t know what they would be able to do in cyber. Part of the problem is that the people who want to be involved don’t know in which area, never mind how to then get their foot in the door. 

Even with an idea of the subject area, it becomes even more complicated by the number of courses available. Consider at undergraduate level, for the 2020-21 academic year, UCAS, the Universities and Colleges Admissions Services, lists 131 undergraduate programmes from 59 establishments. At postgraduate level, there are 58 options. And amongst all these, courses range from IT with cyber sprinkled in, pure cyber or combined with other specialisations such as cyber security and Digital Forensics, Artificial Intelligence, and the Internet of Things. Although the list of courses is extensive, the list of programmes formally certified by the National Cyber Security Centre (the UK’s government body) is far from it. Just six of these programmes are certified.

This is just in the UK, but the same problem is globally representative. Related regulatory approaches need to achieve greater consistency. Currently, each country has their own kind of certification that will provide cyber news and advisories nationally. But that means different standards, regulations, and terminology too. Reducing this inconsistency will facilitate more communication and, as a result, create a more aligned and transparent measure of success across borders. 

In the meantime, targeting stress and burnout to support existing talent is the obvious – and necessary – next step as we work on preparing the next generation of cyber professionals. Managed security services are a promising option for off-hours monitoring, analysis and incident response. Especially as alert fatigue is crippling security operations centres. Too much noise and false positives can desensitise teams, resulting in important alerts being ignored or not responded to in time. Moreover, 69% of professionals say they are finding it much harder to detect and respond to threats because of the increased volume.

A Managed Detection and Response (MDR) solution, manned by a team of highly skilled cyber analysts, can be an invaluable service, continuously monitoring an organisation’s network traffic, 24 hours a day, 365 days a year. It’s worth noting, though, that while automation is consistently heralded as the answer to cyber stresses, it can sometimes create more of a problem – it’s not necessarily going to find all of the threats that a human analyst would. We’ve found that a human-led threat service is much more effective than solutions with significant automation and AI elements. A secure service, manned by a highly-trained expert, offers that peace of mind and assured security. 

Interestingly, it’s also helped the work-life balance of our own employees. Whether early-bird or night-owl, our analysts can choose their shift pattern to fit their life. Having that flexibility is a crucial aspect in today’s working world and essential in an industry that doesn’t stop at the end of the working day. Ultimately, cyber threats happen 24 hours a day and can come from anywhere in the world. Companies will need to work hard to maintain that service level without compromising their staff’s health and wellbeing.

It’s no simple task. In some ways, the rate at which the cyber industry is expanding is becoming a weapon of its own destruction. We must act now, ensuring security leaders have the proper authority, budget and technology stack to lighten the load on their team and to engage with and nurture talent.

Andrew Marsh

Andrew is Head of IT & Security Services at Telesoft Technologies

Choose an AI solution to transform beyond technology

Kit Cox • 09th December 2024

The first step is knowing exactly what your business wants to achieve with AI; think faster, smarter and more efficient. Once you know what you are working towards, you can start looking for a solution that can help you make it a reality. AI integration can feel like a daunting task at the beginning, so...

A Roadmap to Security and Privacy Compliance

John Lynch Director of Kiteworks • 04th December 2024

Only by understanding the current regulatory environment and implementing robust data protection measures, can organisations enhance their security posture, ensure compliance, and build resilience against the latest cyber threats. This article provides a comprehensive roadmap of how to do it.

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...