With our online vulnerability increasing, cyber crime is worth over $450 billion US a year. With the world being more connected than ever, we need to look at developing our cyber skills to stay ahead. Although technology has begun replacing people when it comes to security, people are key to protecting ourselves, businesses and national security.
Despite cyber crime statistics increasing year on year, the skilled workforce remains stunted, and it’s estimated that by 2021 there will be a shortage of 2 million skilled workers.
Most businesses and leaders don’t know about security dangers and risks until after a breach, the Australian Government reported the average cost of a cyber attack to a business was around $276,000 and that 85% of cyber attacks can be prevented by having the right cyber security individual in your organisation.
So what needs to be done to attract and keep the right talent, and ultimately ensure your business is no longer at risk?
Forearm to Forewarn
Leaders, executives and management should all be thinking about and educating themselves on cyber security regardless of their role, however, you can avoid the risk of being short staffed and vulnerable by understanding the capability your organisation requires to stay ahead, stay secure and future proof your business. This involves a realistic assessment of what skills you need now, what skills you need to recruit for the future and what skills can be developed within your current staff. Intrusion, attack migration, penetration testing, application testing, SOC analysts and forensic analysts are all skills that are commonly needed for cyber security. Think ahead and either hire for the future, ensuring you have time to train and integrate someone, or invest in and upskill a current employee.
How you go about hiring the skills you need will dictate whether or not you get them. Most individuals with cybersecurity skills are ‘hot property’ and from Gen Y which means it’s essential to cater your recruitment processes accordingly. Candidate priorities have begun to change, with a company’s values and mission becoming more important than a tick box exercise of ‘must have’s’ on a job description. The traditional career path is also a thing of the past, so it is best to ask for work samples or evaluate skills with an interview task rather than judging what they have done and for how long.
As a generation that is used to getting things at a click of the finger and great service, it’s crucial not to draw out hiring processes for too long or you’ll risk losing a candidate to a company that can make faster decisions. A great recruitment process should include realistic salary expectation, excellent interviewing skills and timely and clear communication with a candidate.
Train, Train and Train
Maintaining and developing the skills of current employees is often easier than ad hoc hiring from a shallow talent pool.
The internal training programs of the average business have a hard time keeping up with (and ahead of) cyber crime tactics and technology advances. On the other hand, top Australian universities are investing more than $8 million into creating cyber security training and education hubs that partner with leading businesses to deliver education programs across cyber security skill sets. Ensure you are continually developing individuals with ongoing training by making use of this range of formal educations options.
Work Just as Hard to Keep Staff as You Do to Hire Them
With any industry skill shortage, the options for staff to move onwards and upwards become more enticing, so businesses need to put in place (and implement) a plan for retaining staff.
One of the best ways to do this within the cyber security industry is by using role models and mentors at every career stage; someone to impart knowledge from person to person and let individuals know what they are getting themselves into. Such relationship building is central to attraction and retention as it shows a clear career path.
By recruiting the right way, training for the future and creating a supportive culture across your information security team, you will not only attract the best security talent but also ensure they stay with your organisation and keep your business safe. In addition to all of the above, with the cyber domain changing daily it is important to be responsive to change.
If you have any questions or want some advice on how to build your cyber security defence, get in touch!