Columnists

Where to get cybersecurity experts

cyber

Cybersecurity professionals are in high demand. file photo | nmg

The greatest paradox in Africa is the continued loss of jobs while many new ones are created but not filled due to skill gaps.

For instance, cybersecurity professionals are in high demand. Yet there is a severe shortage of skills in this sector.

The shortage is caused by the lack of qualified candidates with the necessary hands-on skills and product experience.

Even those trained quickly become redundant as their skills become obsolete in a fast-changing industry that demands lifelong learning to remain relevant.

There’s a need to keep up with evolving technologies and the threat landscape. According to the Africa Cyber Security Report 2016, African countries lost at least $2 billion in cyber-attacks.

In East Africa for example, Kenya recorded the highest losses — Sh17.8 billion ($171 million) — to cyber criminals. Tanzania lost Sh8.8 billion ($85 million) while Ugandan companies lost Sh3.6 billion ($35 million).

Additionally, the Kenya Cybersecurity Report 2016, reported that 96 per cent of organisations spent less than $5,000 annually or none at all on cyber security related products.

Kenya lost Sh17.8 billion to cyber-crime in 2016 according to a Deloitte report on technology, media and telecommunications.

Kenya has been ranked 69th most vulnerable country in the Global Threat Index out of 127.

Further, banks have become the leading target of cybercrime as people increasingly adopt the use of financial technology. It is perhaps for this reason that Cabinet approved the Computer and Cybercrime Bill.

In brief, the Bill is set to monitor, control and get rid of cybercrimes, which have been on the rise, with up to 3,000 monthly incidents according to the Information Technology, Security, and Assurance (ISACA-an international professional association focused on IT governance). So far, the Bill has gone through the Cabinet.

The cybersecurity talent issue isn’t limited to a few sectors. It is widespread.

The difficulties don’t end at raw numbers. Even though government, industry and education are attempting to address the problem, the entire supply chain of talent is stretched. There is also a shortage of qualified teachers and professors at both university and tertiary college levels, as many are wooed to industry by rising salaries.

Academic institutions want to meet industry needs, but they are struggling to keep abreast of an evolving curriculum that keeps pace with industry shifts and technological advances.

Business consulting firm, Frost & Sullivan, predicts that the growing gap between available qualified cybersecurity professionals and unfulfilled positions will reach 1.8 million by 2022.

Organisations are pursuing many ways to close the talent gap in both the short- and long-term, including new university programmes, technical and vocational, apprenticeships, certifications, early education and government programmes.

IBM believes that many cybersecurity jobs can be filled through a “new collar” approach that involves engaging with candidates who may not have a traditional college degree but do have the needed technical skills and aptitude.

For these reasons, IBM Security has announced an initiative to help address the projected 1.8 million-person cybersecurity worker shortage through programmes and partnerships that promote a “new collar” cybersecurity workforce strategy.

Those companies that want to change how they address the cybersecurity skills gap should start building a new collar approach.

A recent study by IBM’s Institute for Business Value, Addressing the Cybersecurity Skills Gap with a New Collar Approach, established five things to consider: recruiting based on competence instead of solely focusing on degrees; improve engagement and outreach to attract candidates; build a local cybersecurity ecosystem; provide a robust support programme for new hires; and focus on continuous learning.

In addition to working with new employees, the organisation should support efforts by employees in other departments who want to move into the cybersecurity field.
Boxing champion, Mike Tyson, once said, “Everyone thinks they have a plan until they get punched in the face.”