Why Australian companies should be investing in more cybersecurity talent

Is Australia a “testing ground” for new hackers? According to a number of cybersecurity specialists, in the wake of growing media attention on the subject, the answer is a resounding ‘yes’. Less than two months ago, a cyber-attack on parliament exposed the weaknesses in the set-up of network infrastructure, leaving the country vulnerable: if one of the most secure networks in the country was compromised, what does this suggest about the resilience of all other Australian networks?

According to AustCyber, a government funded organisation set up to grow Australia’s cybersecurity ecosystem, Australian companies are lagging behind their developed counterparts in the UK and USA on cybersecurity, making the country a much more attractive target for opportunistic hackers. Despite pouring more resource in at government level, the pace of change needs to increase in order to develop the infrastructure to effectively combat future threats.

 The current cybersecurity landscape

The cybersecurity workforce in Australia is currently short some 2,300 workers, according to data released by AustCyber. As demand continues to soar, it is predicted that Australia will need an additional 17,600 cybersecurity specialists by 2026. At the workforce’s present growth increment of 7%, we are catapulting towards a huge talent deficit. For this to change, companies need to prioritise cybersecurity as part of their growth strategies.

A 2016 report released by global security software provider, McAfee, argued that companies were being hacked every day because of inadequate cybersecurity workforces. 82% surveyed (including Australians), agreed that there was a cybersecurity education deficit, and 33% concluded that the shortage of skilled workers made their organisations more susceptible to attacks. Fast forward a few years and Australia is continuing to battle with similar frustrations. Only last month, its anti-encryption laws faced a barrage of criticism from experts at the RSA security conference. This is coupled with a concern, more prominent in the government sector, that legacy technology is still being used and those equipped to use it are hitting retirement age.

So, how do we stop Australia from becoming a testing ground for hackers?  

Hiring, educating and training talent

There is a huge education piece that’s beginning to take place. With universities now offering courses in cybersecurity, the future workforce will have more opportunities to influence this sector from the start of their careers. But this does little to remedy the issues now. As well as hiring new talent (which is hugely in demand at present), businesses looking for ways to plug their immediate shortage must upskill their existing workforces and understand that this isn’t necessarily just a focus on their IT and technical talent. Specialists argue that all discipline areas will benefit from being upskilled as cybersecurity threats don’t discriminate: they can attack all areas of a business. Supporting business wide talent to develop some self-sufficiency when it comes to these threats can yield strong benefits.

This highlights that the education piece doesn’t begin with universities. Employers must appreciate that different skillsets, not just coders, are needed to manage the cybersecurity workforce; supporting the need for wider education around what cybersecurity is, and dispelling the immediate assumption that cybersecurity is just an IT issue. A combination of technical and soft skills are required to create the balanced workforce that is desperately needed. The more diverse this workforce is, the better it is likely to perform, bringing together a hybrid of skills needed to meet the increasing demand.

AustCyber argues that in the short-medium term, there will be a dependence on the transitioning of workers from other sectors to help manage the demand for cybersecurity talent. In the long run, this will facilitate the strengthening of this workforce by having a pool of available talent to fill both technical and non-technical requirements – both of which are vital for achieving success.

The future roadmap

We’ve still got a long way to go as a country to create the robust workforce that is needed to annihilate future cybersecurity threats. As companies continue to rely heavily on technology, it is paramount that they invest in the safety of that technology. To position ourselves as a beacon of best practice, it is more important now than ever to build the backbone of our nation’s security structure through investing in education, policies, training and workforce diversity, and through understanding that technological considerations must sit hand in hand with cybersecurity ones; you can’t develop one without the other.

As a recruiter specialising in this this sector, I am currently working with a number of talented professionals who are keen to develop their careers and work with companies who are diversifying their workforce to include cybersecurity specialisms. If you are interested in discussing this topic and how your company can benefit from our services, including hiring exceptional cybersecurity talent into your business, please get in touch on +61 (0)2 8651 8218 or Ryan.Goodricke@csgtalent.com.au

Sources

https://www.mcafee.com/enterprise/en-us/assets/reports/rp-hacking-skills-shortage.pdf

https://www.computerworld.com.au/article/650122/400-million-cost-australia-cyber-security-skills-shortage/

https://itbrief.com.au/story/how-businesses-should-handle-cybersecurity-skill-shortage-sungard-as

https://www.smh.com.au/politics/federal/australia-an-easy-testing-ground-for-hackers-cyber-industry-chief-20190308-p512v0.html

https://www.itnews.com.au/news/australias-anti-encryption-laws-ridiculed-on-world-stage-520197

https://australiancybersecuritymagazine.com.au/government-cybersecurity-is-heading-for-2023-age-cliff/