Cyber security attacks today are becoming increasingly sophisticated – leading businesses to constantly ensure their systems, operations and data are protected from potential cyber threats. According to Dr Hugh Thompson, Chief Technology Officer at Symantec, cyber security is ever-evolving and what was effective five years ago is no longer viable today.
This echoes the words of Ned Baltagi, Managing Director in the Middle East, SANS Institute who said that:
“in the next few years, approximately 24 billion Internet-connected devices will be installed worldwide. This means that, with the gap for cyber security jobs set to run into several millions…we are putting ourselves at risk in new and unprecedented ways”.
What is driving the investment in cyber security?
The proliferation of digital technologies has been the main factor driving the cyber security market in the Middle East and African region. This is due to the increase in storage of confidential data in digital form which puts organisations at risk if no adequate cyber security safeguards are in place.
Between January and March 2019, the United Arab Emirates (UAE) alone have experienced 1.1 million instances of phishing and 23 million instances of malware. The Kaspersky Lab report has indicated that the region is facing 3.16 million attacks in crypto-mining malware and 5.83 million attacks in phishing. As a result, expenditure on cyber security technologies have increased significantly in the UAE and it is projected that the Middle East and Africa cyber security market would reach USD 66.5 billion by 2025.
More specifically, Saudi Arabia is aiming to reinforce its cyber security capabilities by legislating and enforcing cyberspace security through its government agencies. The country is also expected to receive substantial investments to strengthen its cyber security framework.
What is enabling cyber threats globally?
At the annual Cyber Security Weekend in Cape Town, South Africa, multinational cyber security provider Kaspersky Lab shared an overview of the digital threat landscape and how this has evolved with the emergence of technologies such as Internet of Things (IoT) and blockchain.
20% of organisations that use IoT devices globally have experienced at least one cyber-attack over the past few years. According to telecommunications company Ericsson, IoT devices such as smart coffee machines, washing machines and toasters which are interconnected through the internet, are expected to reach 18 billion in number by 2022. Having such a high number of IoT devices makes the user more vulnerable to cyber-attacks as hackers can weaponise the devices against them. Concerns are therefore heightened when such devices are either camera-enabled or microphone-enabled.
Martin Ewings, Director of Specialist Markets at Experis highlighted the need for cyber security specialists working in the IoT field. He noted that “the rise of IoT is transforming the world of cyber security and the focus is now being able to spot, isolate and deal with anomalies in data”. In response to the discrepancy between the strong demand for highly skilled cyber security specialists and the market struggling to supply them, Ewings added that businesses should tap into the contractor market to build a hybrid team of permanent and temporary workers. In doing so, they can have fast access to the skills they pressingly need. However, research has also shown that many businesses have been prioritising short-terms fixes at the expense of long-term solutions to the skills shortage.
What challenges have organisations faced in relation to cyber security?
On a global scale, the cyber security skills shortage has reached a third time high this year and has impacted 74% of organisations, as revealed in the third annual global study of cyber security professionals by the Information Systems Security Association (ISSA) and independent industry analyst firm Enterprise Strategy Group (ESG). According to Cyber security Ventures which monitors cyber job trends, 3.5 million cyber security jobs will be left unfulfilled by 2021 if the shortage is not resolved before then. We further note that the following challenges need to be addressed to mitigate the implications of this skills shortage:
- Many have reported an imbalance between job requirements and skills development. All cyber security specialists would agree that they need continuous training to keep up with ever-changing cyber trends – however this has proven to be difficult due to time and resources constraints.
- Cyber security specialists are more in reactive mode rather than proactive mode. 40% of respondents to the ISSA/ESG study claim that the skills shortage has resulted in limited time to work with the business to align cyber security with the business strategy.
- Existing employees run the risk of burnout as they take on an increased workload. This also leads to a higher risk of human error.
- 47% of respondents to the study have also reported the cyber security shortage has resulted in teams being stretched across various duties and are unable to fully utilise security technologies.
In addition to the above, business leaders have to recognise the pressing need for an appropriate cyber security measure. PwC’s 2018 ‘Strengthening digital society against cyber shocks’ report stated that on a global scale, only 44% of respondents confirmed that corporate boards actively participate in their company’s cyber security strategy. It will also be productive for Chief Information Security Officers to be able to attend board meetings and rectify any misalignments between business expectations and what can be feasibly achieved.
Skills in demand for a career in cyber security
Cyber security is still a relatively new field and therefore does not have the clear-cut foundation that other areas of technology such as software development would have for example. However, for a successful career in cyber security, media company Techgenix has set out the following key areas that one needs to be familiar with:
- Ability to detect powerful Trojan and backdoor codes
- Business continuity and disaster recovery planning
- Malware analysis and reversing
- Programming languages such as C, C++, PHP, Perl, java and Shell
- Penetration testing
- Risk analysis and mitigation
- Cloud security
A successful cyber security specialist also needs to build on their soft skills in addition to the aforementioned hard skills. We note a couple of soft skills below:
- Communication and collaboration skills to liaise between different teams and communicate the level of urgency pertaining to a cyber threat; and
- Analytical skills to identify potential threats within their network.
What are the skill shortages within cyber security?
Another key area that cyber security specialists can explore is the ability to think like a hacker. In fact, start-up company Synack has acted on this opportunity and hired freelance hackers to help companies find vulnerabilities in their cyber security framework. Co-founder Jay Kaplan has reported that this role pays really well due to the high demand. For example, one hacker just recently passed the $1 million mark in bounties.
Research on job titles in postings has also indicated that front line employees are the highest in demand within cyber security. Such roles include security engineers, consultants, architects and analysts with the focus to build programs and analyse data. Due to the high demand, such jobs have a higher remuneration than other IT jobs, with security and technical architects being amongst the higher-paying roles.
According to the ISSA and ESG study, the most acute skills shortages to-date are cloud security (33%), followed by application security (32%) and security analysis & investigations (30%).
In which industries are cyber security professionals needed most?
Key industries that need the expertise of cyber security specialists are those that have been increasingly targeted due to the nature of the confidential information associated with them. The healthcare sector for example, is an information-rich industry which stores thousands of electronic healthcare records holding personal and financial information.
The banking sector also faces almost three times more cyber-attacks than any other industry. The rise of the Middle East and Africa as a hub for finance and banking has made it a major target for cyber-criminals. This segment held the largest market share in 2017 and is predicted to dominate the market during the 2018-2023 period. Hackers are driven by money and as such financial institutions need to be more vigilant and confident that their cyber security strategies are infallible. In light of this, many countries have adopted penetration testing as part of their financial institution compliance to contain or decrease the number of cyber-attacks.
Last but not least, cyber security specialists are also highly needed to work in government departments such as the military to ensure there is no espionage or identity theft.
What is being done to bridge the skills gap?
46% of students surveyed in the UAE have never considered a career in cyber security – of which only 38% claimed that they have heard about cyber security from their teachers. In the hopes of bridging the demand and supply of cyber security specialists, firms have started hiring junior cyber security specialists and training them up. Some companies have also started partnering with local universities through internships, mentorships and training programs to secure future talent.
At Huxley, our recruitment team specialises in placing cyber security specialists with key industry players. If you are a candidate looking for your next career opportunity or a client looking for your next key hire, feel free to contact us for a confidential discussion.