Mind the gap…how can Australian enterprises stay safe at a time when skills shortages continue to bite?

by Joanne Wong, Senior Regional Marketing Director Asia Pacific & Japan at LogRhythm

Have a full complement of cyber-security staff dedicated to keeping your enterprise safe? Congratulations, you’re one of the lucky ones.

Historically, ICT has been an industry which suffers from cyclical skill shortages, as new technologies hit the market and are rapidly adopted en masse by enterprises around the globe.

For those right place, right time individuals who have the requisite expertise, or even a modicum of knowledge about the system or solution du jour, it’s time to hit pay dirt – at least until the next big thing comes along.

At the moment, cyber-security professionals are enjoying their time in the sun, courtesy of a global skills shortage which shows no sign of abating.

Estimates on the scale of the personnel deficit vary. A recent study by certification body ISC suggests the sector is just under three million bodies short globally, while non-profit ISACA puts the number at closer to two million.

Here in Australia, the Australian Cyber Security Growth Network (AustCyber) tells us we’re worse off than most.   

Its Sector Competitiveness Plan 2018, released in November last year, suggested the country would need an additional 18,000 cyber-security workers by 2026, in order to harness the full growth potential of the sector.

While the recent launch of a range of new degree, diploma and certificate courses is expected to funnel an additional 1500 cyber-graduates a year into the sector between now and then, that frantic flurry of educational activity won’t be sufficient to mitigate the shortage entirely.

It’s an issue which has already cost the country economically. The domestic cyber-security sector was thought to have forgone revenue of as much as $405 million in 2017, as a consequence of the scores of vacant posts which went unfilled.

Keeping the cyber-security pro satisfied

An abundance of jobs and not enough qualified folk to fill them – it’s the classic definition of a seller’s market. Enterprises will do well to remember that, for now and likely the next few years, their cyber-security crews will not be short of options. Keeping them onside and on staff should be considered a business imperative.

Efforts to do so should begin with paying the market rate for their services. According to salary comparison site PayScale, the average remuneration for a cyber-security analyst in Australia is $77,375; significantly higher than the going rate of $59,279 for an average IT support analyst.

But while money matters it’s not the only motivator for most employees. Being offered the opportunity to undertake challenging tasks and feeling supported in their role is as important to many cyber-security professionals as the figure on their payslip.

Investing in tools and technologies which eliminates a significant element of the ‘grunt work’ associated with securing the enterprise can assist with this end.

Courtesy of the afore-mentioned national and international skills shortage, many organisations are short staffed and their cyber-security professionals perpetually under the pump.

Planning and high-level analysis – two of the more interesting and rewarding aspects of cyber-security management – typically take a back seat to ‘firefighting’, as hard pressed security teams battle to secure rising volumes of data and stay a step ahead of hackers and cyber-criminals.

Deploying advanced network monitoring and user analytics tools can relieve some of the burden and free security staff up to develop their skills through taking on more challenging and higher value tasks.  Advanced analytics with risk-based scoring assures users they are allocating their time effectively and makes it easy  to objectively track baseline key metrics (Mean-Time-To-Detect a threat and Mean-Time-To-Respond to a threat)

In addition, security tools with automation capabilities saves users from performing repetitive, remedial tasks.  

A worker is only as good as their tools and investing in the latest technology sends the signal that the organisation is serious about cyber-security and willing to expend the resources necessary to ensure its high tech defence force is equipped to do its job properly.  They also reinforce the message that security really matters – not just to the ICT department but to senior executives across the enterprise.

Conversely, scrimping on security solutions and expecting staff to soldier on regardless can be counterproductive and demotivating. The last thing competent cyber-security professionals want is a major outage or data breach on their watch. Denying them the technology that could help them prevent an embarrassing and costly incident may see them think twice about sticking around to see the inevitable disaster unfold.

Staying safe in a seller’s market

Cyber-security is not a nice-to-have or luxury add-on for Australian businesses and organisations in 2019. At a time of rising threats, protecting the integrity of company and customer data and the corporate network has never been more important.

That starts with attracting cyber-security professionals with the appropriate complement of skills and continues with empowering them with tools and technologies that help them to use those skills as effectively and efficiently as possible to secure the enterprise.