Cybersecurity is a highly-skilled field that heavily relies on human insight and can be extremely time intensive. It’s therefore safe to say a lack of cybersecurity talent combined with already overloaded IT teams is leaving organisations with low confidence in their abilities to protect themselves in today’s ever evolving increasing threat landscape.
Digital transformation can be easily stifled when an organisation doesn’t believe it has in-house capabilities to field the security risks that come with new technologies and digital-first initiatives. For example, remote working is taking off, with a study by the International Workplace Group (IWG) finding 71% of Australian businesses have a flexible workplace policy. But even something as routine as flexible working makes IT decision-makers (ITDMs) nervous, as Rackspace research found enabling staff and third parties to access data off-site is seen as the greatest threat to organisations from a cyber-security perspective.
Initiatives, like flexible working programs, that leverage technology to increase productivity and employee satisfaction, shouldn’t be something ITDM’s need to weigh up against cybersecurity risks. Yet a lot of this concern comes from the lack of security skills in an organisation.
Fully half of Australian ITDMs are not confident they have the staff with the right tools available when needed to manage cybersecurity risk. This lack of confidence in cybersecurity capabilities can directly influence an organisation’s appetite to incur risks as part of their digital transformation strategy.
So, it comes back to the chicken and the egg dilemma. How do you implement innovative technologies and process to reduce cybersecurity risk without the confidence to innovate in the first place?
A capability gap
Security tools, skilled staff, and visibility over data are the three most important factors for ITDMs when minimising cyber security risk. While the tools and technology to manage risk are available, the talent requirement is more problematic. Cyber security skills are in high demand and expensive, with AustCyber’s 2018 security sector competitiveness plan estimating a persistent cyber skills shortage equating to a shortfall of 2,300 workers.
Access to the right skills is vital to the success of cyber security programs. Organisations need to have a clear understanding of their digital ambitions, and what skills they are missing to fulfil this strategy. Often it takes some creative thinking as to how to best access the right talent. For example, don’t just look at applicants with traditional IT backgrounds. Military personnel, and even gamers, have been identified as possessing the right kinds of skills cybersecurity professional needs to help identify and resolve cyber threats.
In saying that, having in-house security talent isn’t the be-all-and end all. Security-as-a-service is a fast-growing field, and outsourcing security needs can help organisations understand their threat footprint, establish risk mitigation plans and ensure they are being protected by highly skilled experts that are constantly trained-up on the newest threats. Working with a partner can help mitigate the expertise risk for an organisation needing to fill its cybersecurity gaps without the huge headcount investment.
Solving the cybersecurity confidence issue
Greater confidence towards internal cybersecurity skills can encourage organisations to pursue more radical change that delivers increased business benefits. Conversely, uncertainty can shape the direction of digital transformation projects from the very beginning. This often limits their impact or impedes the progress of innovation.
At the same time, it’s important to note organisations should avoid deprioritising cybersecurity on projects due to fears digital transformation will be slowed. This approach is equally as damaging and doesn’t solve the core issue at hand.
Security too often remains an afterthought when it comes to new technologies. We only have to think about the cardiac pacemaker vulnerabilities discovered in 2017 to realise the importance of security being at the core of new technology development, rather than retrospectively fitting solutions when it’s too late.
Organisations need to find a balance between the risks and the opportunities that digital transformation will provide the business and its customers. If talent isn’t available in-house, finding a partner to plug this gap can provide the push needed to pursue digital transformation projects that may have fallen by the wayside without the expertise needed to navigate todays’ cyber threat landscape.