Cybersecurity Talent: If You Don’t Need It Now, You Will Soon
Cybersecurity has been a hot-button issue lately, and will only be more prevalent as the global cybersecurity market grows from 75-billion-dollars to being a 157 billion dollar industry by 2020. In the United States, the Federal Cybersecurity Market is projected to grow from 18 Billion in 2017 to 22 Billion in 2022, let alone the business sector.
Apart from being a high-growth industry in the coming years, cybersecurity is becoming more important for businesses of all types as well as governments. The alleged Russian hacking of the 2016 Presidential Election, Google’s cracking of the SHA-1 encryption standard and the massive DDOS attack on Internet Infrastructure companies in October 2016 have signaled a new era in which companies and governments will struggle to keep pace with advances made by hackers.
The prevalence of could-based products and the increasing value of data are making cybersecurity more of an essential for more and more companies. Companies that don’t prepare for the security needs of the future will be vulnerable to catastrophic hacks that affect both your company and your customers.
Here are some of the major trends that will be affecting the security of companies going forward and the forces that will impact their needs for cyber security talent.
Growing Cybersecurity Demands in the Future
This past week saw Yahoo’s top Lawyer resign in the wake of massively successful hacks against the company and its users in 2014 as well as outgoing CEO, Marissa Mayer, losing her 2016 bonus. Your company and users being hacked is bad enough, but telling your users that they may have been hacked 2 years after it happened, is what took this cyber-attack to scandalous proportions.
Yahoo and Marissa Mayers were not ready for the 2014 hack and they are now paying the price. The company took massive losses following the scandal and is preparing to change its name and/or be sold to Version. Though Yahoo has not been a contender in the way that Google or Amazon have been in recent years, the company still survived long after its hay-day. All of this dogged resilience, however, did not matter in the face of this massive security breach.
All companies should look to Yahoo’s story when considering the security measures that are appropriate for their needs. While there is no guarantee that your company will be hit with a cyber-attack this year, we will only see these incidents grow in frequency and sophistication as time goes on. You already pay other forms of insurance, on your office and/or the healthcare of your employees, and investing in cybersecurity is no different. The last thing you want is for all of your hard work to be compromised by a few, malicious actors halfway around the world.
New Products, New Risks, New Consumer Demands
The expansion of “The Internet of Things” has the potential to put greater security demands on a wide range of companies. The October 2016 DDOS attack was conducted by hacking devices with built-in internet connectivity or cloud features, like cameras that can upload your pictures to the internet and even crock pots that can be controlled via Wi-Fi. As of now, there are little to no security requirements placed on manufactures of “Internet of Things” products, but, as time goes on and DDOS attacks grow in strength, these regulations are inevitable.
Tech and “Internet of Things” companies will be under pressures from regulators to beef-up security, but they will also be under pressure from customers and consumers. For instance, if you were a Yahoo user who learned that your account may have been hacked several years ago, you may be experiencing some second thoughts about using the company’s services.
As the skills and tools of hackers grow in sophistication, so too will customer demands for security. Though saying “secure” somewhere on your product may be good enough today, there may be specific safety standards that every internet-integrated product has to meet in the future.
For example, an accountant services company that takes no steps to increase their security, may find themselves unable to find clients in the future, who all prefer a competitor who has recognized security measures in place to protect their sensitive financial data.
The pressure to increase cybersecurity will come from all sides, and companies who are early adopters will be more attractive to security-minded customers and client companies.
The Cybersecurity Talent Gap
So, companies of all kinds will have greater cybersecurity demands in the not-so-distant future. However, this does not mean that these companies are going to have an easy time hiring the cybersecurity talent they need to meet new security objectives and requirements.
Cisco estimates that there are over 1 million unfilled cybersecurity positions worldwide and projects this number to increase to 1.5 million by 2019. Besides this large talent gap, a survey from Semper Secure is showing that Cybersecurity professionals are highly selective about the companies that they work for and highly loyal to those companies.
The majority of cybersecurity pros are opposed to job hopping, with 65% cybersecurity pros saying that they “have worked at two or fewer organizations throughout their career.”
This is corroborated by Lee Vorthman, CTO of NetApp’s Federal Civilian Agencies unit:
“These people aren’t jumping from job to job looking for salary bumps and signing bonuses. Many of them want to work for federal agencies and most of them tend to stick with employers for the long term. For companies, that means they better get them early or risk not getting them at all.”
So, even though you may not technically need to increase your cybersecurity staff today, companies with impending cybersecurity needs should start building connections with cybersecurity talent. If you don’t, your company may be unprepared to secure the cybersecurity talent you need, when you really need it.