The cybersecurity skills gap contributed to 72% of system and data breaches in Asia, according to the 2022 Cybersecurity Skills Gap report by cybersecurity firm Fortinet. As cyberattacks increase in volume and sophistication, organisations are offering attractive job packages to fill cybersecurity roles in demand.
However, Jess Ng, Fortinet’s country head of Singapore and Brunei, notes that there is still a major gap in the workforce. She shares with DigitalEdge what needs to be done to close the cybersecurity talent gap in Asia Pacific (APAC).
What are the top challenges organisations in APAC face when it comes to attracting and retaining cybersecurity professionals?
A key challenge for recruitment is that organisations need to hire people for a broad range of security and IT network-related roles and specialisations. Organisations are not just looking to ramp up hires arbitrarily.
The role can be manually intensive and time-consuming. Thus, the main challenge is recruiting the right talent, while human resources departments need to develop employee retention strategies to incentivise cyber specialists. Competitive remunerations, paths for career growth and acknowledging their contributions are some initiatives that can further efforts to retain top talent.
Fortinet is a strong advocate of professional development for cybersecurity talent, and we hope to see organisations across the region do the same. Our people appreciate the time and investment we put in them, and we want them to gain as many certifications as possible to continue to grow as cybersecurity professionals.
Thus, organisations should improve their ability to retain people by making it possible for employees to improve their skills, get certified, and continue their professional development.
Since the cyber threat landscape is constantly changing, how can the industry ensure that cybersecurity professionals are equipped with the right skills?
With the ever-changing threat landscape, the cybersecurity industry must update its courses to reflect developments across the threat landscape.
It is also crucial for the private and public sectors to commit to continuous training and re-training, to develop a diverse group of cybersecurity professionals who can help safeguard organisations against sophisticated and destructive attacks.
This is why Fortinet is fostering partnerships with local industry associations, tertiary organisations and even primary schools. For instance, we’ve collaborated with the Association of Information Security Professionals and the Cyber Security Agency of Singapore (CSA) to distribute over 200 Fortinet books to local primary schools. Titled Cyber Safe: A Dog’s Guide to Internet Security, the book aims to raise cyber awareness amongst children and takes readers on a journey to learn how to stay secure online.
We’re also an advocate partner of the CSA SG Cybersafe Partnership Programme. As such, we are developing training content, products and services for community outreach programmes to raise awareness and encourage the adoption of good cybersecurity practices by enterprises and the public.
Besides that, we’ve pledged to train one million people globally over the next five years to close the cybersecurity skills gap. We are offering Network Security Expert training and certifications of up to eight levels. Cybersecurity resources for professionals are available online for free as well. We have been doing so through our Training Advancement Agenda initiatives and Fortinet Training Institute programmes.
What are the (evergreen) skills necessary for cybersecurity professionals?
It is a myth that one would need very technical skillsets in areas like coding to have a career in cybersecurity. That’s a misconception that many still believe in.
While cybersecurity can be a highly technical field, it also requires non-technical skills such as strong analytical capabilities, out-of-the-box thinking, communication skills and problem-solving. These skills are necessary, especially for risk management and security compliance roles as well as mid-management leadership roles.
To stay ahead of the latest tech trends, click here for DigitalEdge Section
That being said, some basic technical skills that are fundamental include network engineering knowledge and constant threat intelligence updating. Another important skill to learn and maintain is incident response and forensics. With cyberattacks increasing in frequency, scale, and sophistication, having the skills to respond to a threat plays an increasingly important role in organisations’ information security defence.
However, as with any endeavour, curiosity and inquisitiveness are difference-makers that can see individuals thrive in cybersecurity. Learning about what goes on beneath the surface of computer systems and seeking ways to secure and maintain data movement in a volatile digital world, for example, serve as great motivators to anyone with the ambition to grow in this field.
With artificial intelligence (AI) being increasingly used in cybersecurity solutions, what’s the role of human cyber defenders?
We believe in a multi-layered approach to cybersecurity and with increasingly complex IT systems, we need to develop a pool of cybersecurity talent that can analyse and think of out-of-the-box solutions. While AI is a powerful enabler, we see it working together with human intelligence to contextualise new threats and make decisions effectively.
We must keep in mind that a strong security posture is just as dependent on an organisation’s least capable user. Therefore, it is impossible to overstate the need for people to carry out cybersecurity solutions beyond threat detection, such as training employees on best cybersecurity practices.
With social engineering forming a key element of today’s cyberattacks, it is vital that people remain at the centre of organisations’ overarching cybersecurity strategy.
Apart from equipping employees with cybersecurity skills, how should organisations better protect themselves from cyber threats?
Organisations need to adopt holistic technology solutions that are tailored to their needs and effectively shield their digital architecture from threats.
A cybersecurity mesh is crucial to integrating disparate technologies and ensuring organisations are equipped with a seamless and formidable security roster. To work in modern distributed network environments, an effective security platform must be built around three concepts.
Firstly, their security solutions must be deployable from anywhere. To be effective, a unified cybersecurity platform needs to work in traditional networks, run natively in every cloud environment, exist in every possible form factor, and be deployable consistently and easily at every edge.
This includes supporting traditional or highly distributed data centres, public cloud environments, branch offices, retail locations, home offices, and off-network mobile users. This enables a consistent level of protection, regardless of the environment or geographical region.
Secondly, cybersecurity tools must be fully integrated. Security solutions that are part of the same platform should either run on a common operating system, leverage open application programming interfaces (APIs) or be built using common standards. If done right, tools from different vendors can be utilised while maintaining interoperability.
Lastly, organisations must support automation. Automation that leverages AI and machine learning is required to detect, investigate, and respond to the sophistication and speed of today’s attacks. Such automation is only possible when security tools function as a unified solution.
Advanced management systems are all enhanced when the devices being monitored and managed are designed to work together. These include extended detection and response (XDR), security information and event management (SIEM), and security orchestration, automation and response (SOAR) systems for network operations centres and security operations centres.