The cyber security skills crisis and the burning platform for change

Andrew Johnson is the Chief Executive of ACS, the professional association for IT in Australia. He delivered the second part of the Oceania CACS opening plenary session, where he discussed cyber security skills crisis and the burning platform for change.

"We have some challenges as we digitise and we really need to beef up our security aspects", says Johnson.

The Australian digital economy will grow from $79B to $139B by the end of this decade with exponential growth in connectivity with 200B devices connected to the IoT by 2020 according to research from Intel. Just 1% of those IoT devices are already installed. People are being inundated with data, not keeping up and the uptake of new technology makes it hard to train staff and engage them in the use of new technology.

In Australia, says Johnson, there are some specific challenges. The pace of change is a challenge, the availability of skills, our relatively high pay rates and our position as a net importer of technology mean we need to think about how we solve security challenges.

"We really need to have an eye on the future," he says. "We can't do this with the rear-view mirror".

With the Australian economy driven by small businesses, there little uniformity in how things are done. "Over 80% of businesses have 20 or fewer staff and that means we all do things differently. We all create value in different forms," says Johnson.

And the rapid changes in technology such as the rapid uptake of smartphones, wireless communications and other technology mean the way things are done is further fragmenting.

"The big thing about digital disruption is that it's about adding value," says Johnson. "It's not a case of needing to take the next technology or next big thing".

The data Johnson used to highlight some of the challenges we face in Australia when it comes to skills. He notes we are very competitive when it comes to attracting talent but less competitive when to comes to retention and innovation. Women are underrepresented in the workforce and our spend on technology-based research and development is far lower than our international peers.

The expected increase in our economy over the next few years will be driven by technology, says Johnson. And while these aren't directly IT jobs, all businesses will become increasingly digital and, therefore, will require technical skills although they might be employed in non-traditional IT roles, particularly where automation is involved.

"Skill shortages are here, they're real and they're the new normal," says Johnson. "They're not going away".

According to data from Cisco, Johnson says we face around 18,000 security events per hour. And while the cost per incident is just $0.58, the volume of events makes this a significant financial burden. Breaches of around 100,000 records cost in excess of $50,000.

When looking at the skills needed by ICT security professionals, the ACS' research finds there are about 25 different specific skills companies are looking at rehanging from technical, risk management and compliance.

Johnson says this has lead to the "T shaped professionals". These have very strong disciplines in one area with supporting skills in other areas. It's these multi-skilled professionals, who understand the intersection between business skills and the use of technology to adapt to a changing world.

Join the CSO newsletter!

Error: Please check your email address.

Tags #CACShuman errorOceania CACScyber trainingCACS conferencecyber securityskills gap

More about ACSCiscoIntel

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts