Australia remains in the midst of a skills shortage, with slow hiring conditions occurring across the nation. Topping the most desired positions are cybersecurity professionals, according to recruiter Hays’ Salary Guide. With the increasing significance cybersecurity has within organisations this doesn’t come as a surprise, however business leaders should not accept gaps in security as they wait for hiring to advance. Organisations should be internally discussing and strategising how to upskill employees and introduce easy-to-use security solutions to improve their cybersecurity posture. Otherwise, they face the risk of being the next victim of a cyber attack.
The Skill Shortage Sweeping Across Australia
Organisations with a strong foundation of cybersecurity knowledge are vital to the protection of the Australian business landscape. ‘Cyber literacy’, or knowing how to effectively protect digital assets, is not only relevant for professionals working in the cybersecurity sector but should be seen as a must-have skill for every Australian regardless of their role. Because of this, cybersecurity employees are heavily in demand, with AustCyber estimating that Australia may need around 16,600 additional cybersecurity workers for technical as well as non-technical positions by 2026.
With such employee gaps growing in the Australian market, it leads to a ripple effect across the business. On the most consequential and devastating side, businesses are exposed to greater risk of cyberattacks, reflected in the number of data breaches Australia is currently experiencing, with 409 data breaches reported to OAIC in the first half of 2023.
Furthermore, understaffed organisations will only exacerbate the burden placed on current IT workers. When IT teams are understaffed, not all tasks can be actioned to the highest standard, leading to increased vulnerabilities, lengthened downtime and disruption, and a diminished customer and employee experience.
Therefore, given the potential escalating business impact associated with understaffing, it becomes imperative that being short on skilled professionals does not lead to being short on security.
Harnessing Iternal Skills
When unable to hire externally, organisations can look to place focus on how internal operations can be enhanced. Large companies can draw heavily on employees with transferrable skills from other departments, such as the broader IT team. Businesses can do this by providing pathways to accelerate the transition of workers from outside the sector into cybersecurity roles.
For smaller organisations where cybersecurity responsibilities fall directly under IT teams, focus should be placed on alleviating day-to-day pressures so IT workers can dedicate as much time as possible to cybersecurity. Leveraging Artificial Intelligence (AI), IT workers without the skills to write complex or specific scripts can generate the commands by using AI, effectively teaching themselves and gaining valuable new skills in the process. This allows IT teams to grow internally, while senior technicians can focus on cybersecurity practices.
However, the greatest improvement on strengthening cybersecurity posture, especially while constrained with hiring, comes from a collective responsibility from every employee within the organisation. James Turner, Founder of CISO Lens, quipped at the recent AFR Cyber Summit; “We hear the statistics that 17,000 more security experts are needed in the next five nanoseconds, or something, but I don’t think it’s a useful stat. What would be much more interesting would be 100,000 people who actually cared about security.”
Cybersecurity should be a focus of for everyone within the organisation, and business leaders need to foster a culture of cybersecurity-awareness. Employees who can uphold basic cyber hygiene, such as recognising phishing emails, implementing strong password policies, and utilising multi-factor authentication can greatly reduce the risk of account breaches, and in turn the workload of IT teams.
Taking Advantage of IT Leader Expertise
When planning to fill cybersecurity gaps, it is pivotal to lean on the expertise organisations already have with their IT leaders and teams. Beyond becoming dedicated cybersecurity professionals, especially when responsibilities require a wider scope such as in small and medium sized businesses, IT teams can become leaders in cybersecurity investment.
GoTo’s 2023 IT Priorities Report found that when it comes to deciding on new digital tools, 39 per cent of Australian business leaders took their IT team’s recommendation. Moving forward, organisations should lean into IT teams’ preference on what security tools would serve the most purpose, such as mobile device management if remote and mobile working is prevalent, zero trust security, or anti-virus management software. And with restricted budgets, a solution that is fit for purpose and addresses the security aspect, will only save costs while increasing efficiency and minimising risk.
The cybersecurity skills shortage is yet to show signs of abating, and threats will only become more potent and prevalent. While being understaffed, it is important that organisations evaluate what can be addressed internally surrounding upskilling, investment, and most importantly, instilling a culture of security-awareness. Short on skills should not lead to a lacklustre cybersecurity strategy.