Skills gap exacerbates cybersecurity problem as Middle East faces threats

The solution is in teaching appropriate digital skills in schools.
Sunday 23/09/2018
Participants receive intensive cybersecurity training at SANS Institute.  (SANS Institute)
Necessary skills. Participants receive intensive cybersecurity training at SANS Institute. (SANS Institute)

DUBAI - Driven by digital transformation projects begun by businesses and governments, the Middle East IT industry is seeing many transitions. With newer technologies, such as artificial intelligence, blockchain, big data and the internet of things (IoT), being introduced, the demand for skilled professionals, data scientists and cybersecurity experts is increasing.

Cybersecurity has become a top priority for companies and governments with cyber-attacks and breaches increasing. It has become vital to have skilled cybersecurity professionals to protect the region’s critical systems, enterprises and citizens.

However, several industry reports stated there is a large shortage in cybersecurity skills and the demand-supply gap is increasing.

Fady Younes, Cybersecurity Director – Middle East and Africa, Cisco, said demand for cybersecurity experts has grown three times faster than any other IT role, with more than 1 million cybersecurity positions available worldwide. The deficit is estimated to rise to 2 million next year.

Younes said the gap in the cybersecurity skills lies in the disconnection between perception and reality of security preparedness. “While many chief information security officers believe their security processes are optimised and their security tools are effective, we believe that their security readiness likely needs improvement,” he said.

“This disconnect, along with rapidly evolving regulatory requirements and networking technology, further widens the cybersecurity skills gap. Matters don’t get easier if you throw IoT into the mix.”

By 2030, it is projected that 500 billion devices will be connected to the internet. As the IoT gains traction, the lack of security standards in IoT devices will exacerbate the security skills gap.

“Cybersecurity would be a major concern in the Middle East for industries leading the way in terms of IoT investment such as manufacturing, transportation of oil and gas, utilities, education, banking and finance, health care and retail,” Younes said.

In a world where everything is connected, everything is vulnerable and the increasingly digital world is more exposed to cyber-attacks and cyberespionage.

“These attacks are dramatically impacting businesses, their bottom line, customers and often their most prized asset, trust and integrity. According to Cisco’s recently released ‘2018 Annual Cybersecurity Report,’ more than half of all attacks resulted in financial damages of more than $500,000. Defending against the bad guys has never been as challenging and as rewarding as it is now,” said Younes.

The Cisco “2018 Security Capabilities Benchmark Study” stated that a shortage of qualified candidates was one of the main obstacles to security with 27% of those asked citing a deficit of trained professionals (up from 25% in 2016 and 22% in 2015).

“As a technology company, we are committed to making our contribution to diminishing this cybersecurity skill gap. Through our Cisco Networking Academy, we offer free training at universities, schools, NGOs, government entities and vocational colleges across the region. We have trained over 390,300 students across 532 academies in 14 countries in the Middle East over the last 20 years,” Younes said.

James Lyne, head of research and development at the SANS Institute, said cybersecurity should be a key consideration for every organisation and this includes developing a pipeline of skilled industry professionals.

“The very digital nature of our lives today meant that our critical infrastructure, commercial systems, citizen data and sensitive IT were at greater risk of attack from cybercriminals than ever,” Lyne said.

He said this was demonstrated by Shamoon, the cyberattack against state-owned energy enterprises in Saudi Arabia, “as well as other attacks on public sector institutions like health care, which have raised the profile of cybersecurity among the wider population.”

“Industrial control systems have been widely adopted throughout the region and there is a great interest in automation projects like Smart Cities. These developments represent a great opportunity in the region, but they are also attractive targets for cybercriminals, as attacks like Triton/TriSYS demonstrate,” Lyne added.

While cybersecurity industry overall suffers a serious skills shortage, this is exacerbated in the Middle East, where organisations typically have smaller IT teams than Western counterparts and therefore struggle to keep on top of new threats and technologies.

The solution is in teaching appropriate digital skills in schools.

Lyne said there were steps organisations could take, including training IT staff, which can be the best way to quickly develop necessary technical skills. Second, people are among the weakest links in cybersecurity. If each employee understands his effect on organisational security, the company is more likely to avoid obvious pitfalls.

Outsourcing can work for smaller organisations that cannot afford dedicated cybersecurity professionals. “This allows IT to offload the responsibility of key security functions to trained experts,” Lyne said.