As businesses eagerly adopt technologies like cloud computing and the Internet of Things, many find themselves vulnerable to cyber-attacks that are increasing in frequency, impact and sophistication. As more systems and platforms move online, cyber awareness is becoming a critical skill for the workforce of the future.
In 2016, the Australian government launched a $231 million Cyber Security Strategy detailing 33 initiatives to strengthen cyber defences and promote business growth through cybersecurity innovation. However, just last year the cybersecurity skills crisis in Australia is reported to have cost the industry $400 million in revenue – putting many enterprises under pressure to invest further in digital self-defence. Now is a more important time than ever for businesses to boost their level of protection amidst the ongoing cybersecurity skills crunch, focusing on four key areas:
Basic technical skills
If organisations can’t acquire the necessary skills elsewhere, why not develop them in-house? Almost half of all Australian universities now offer cybersecurity as a degree, and even TAFEs have partnered with AustCyber to offer national qualifications in cybersecurity. The most in-demand skills include intrusion detection, secure software development, risk mitigation, forensic analysis, cloud security and access management. Formal study, industry certifications and the requisite set of “hard” skills will vary according to specific roles and business needs. But in general, investing in an all-round cybersecurity course or basic training for at least some staff will more than pay for itself in the long run – especially as such skills can also pay dividends in other areas like compliance with data privacy regulations.
The right technology
Technology can, when used correctly, bolster the cybersecurity capabilities of even the smallest teams, with man and machine working together to track threats and respond to them as efficiently as possible. Native cloud security solutions that can be implemented directly into the DevOps process,for example, perform particularly well when tasked to the “manual work” of analysing and crunching Big Data. This will then leave info-security professionals – whether operating in-house or sourced from third-party providers – to focus on spotting challenges and opportunities, interpreting raw data into actionable points, and generally providing good oversight to see the bigger picture. By learning to deploy tools to triage the problem, experienced specialists can free up their headspace to deal with higher-level issues of response, mitigation, and counter-offensive strategy.
‘Evergreen’ soft skills
While technical skills are essential, it takes more to maintain a solid digital defence than formal qualifications or the ability to use the latest technology. Equally important are soft skills like effective communication, creative problem solving, knowledge of human behaviour, stakeholder management, and even a good grasp of legal and ethical frameworks. Interpersonal skills, for example, will prove valuable when it comes to articulating a security challenge to fellow teammates or C-level board members.
And without the ability to canvass consensus around not only the risks that the business faces, but also how to respond to emerging threats, cybersecurity leaders will find themselves in a tough situation: patently aware of the threats at their door, yet unable to take the action necessary to prevent them until it’s too late. Effective leadership and change management skills – the ability to influence corporate culture and implement new policies – will become increasingly important as businesses look to embed cybersecurity in the heart of their operations.
A holistic business perspective
Far from being just a technology issue, cybersecurity is now a business issue that potentially affects loss of revenue and reputation if a system or application is affected. Playing the role of business enabler instead of merely data gatekeeper, CIOs should view cybersecurity through a business-driven lens. That might mean ensuring that cybersecurity operations are aligned with the business’ processes right from the start, or keeping the cybersecurity team involved in strategic decisions that sets and reviews business objectives and priorities. It could even mean “baking in” cybersecurity as part of the enterprise’s innovation strategy, making it one of the key checkboxes or selling points of new products and services before they go to market.
Fundamentally, it takes both technical skills and a broader human-focused perspective to become adept in digital self-defence. A unified approach to digital risk management, one that employs a diverse skillset of both technical and non-technical skills, can help any business seize the opportunities of cloud, the Internet of things, and other disruptive technologies without overexposing themselves to digital danger.