The COVID-19 pandemic has exacerbated an already constrained cyber security workforce supply and increased exposure to cyber attacks. With cyber criminals exploiting the escalating uncertainty and sudden switch to work from home platforms, the need for skilled cyber security professionals is more crucial than ever.
Cybersecurity Ventures predicts that there will be 3.5 million unfilled cyber security jobs globally by 2021, a 350% increase over 8 year period. The 2019 (ISC)² Cybersecurity Workforce Study pointed to a severe shortage of cybersecurity professionals to the tune of 4.07 million among 11 major economies including the United States, United Kingdom, Canada, Germany, France, Australia, Singapore, Brazil, Mexico, Japan and South Korea. Of the total shortfall, Asia Pacific has the lion’s share of 2.15 million or 64%.
In line with regional scenario, shortage in cyber security professionals in Malaysia is also acute. As of September 2020, Malaysia has 11,498 cyber security knowledge workers which is still inadequate considering the total Internet user base. The ratio of cyber security worker to Internet users stands at 1 to 2,600. In reality, Malaysia needs 40% more cyber security professionals.
Apart from headcount, skills gap remains a growing challenge. A study by the Enterprise Strategy Group and Information Systems Security Association (ISSA) revealed that operations of over 70% of organisations are at risk due to the cyber security skills gap. The study also found that the cyber security skills gap could be attributed to the need for hands-on experience for professionals to join the cyber security industry. However, gaining this experience would require the workers to have cyber security jobs in the first place, thus perpetuating a Catch-22 situation.
Once viewed as a constraint on agility and an ancillary element of business operations, cyber security is now pivotal for survival. Every moment of weakness can have drastic consequences. Even if all cyber security measures are set up correctly, companies must ensure regular and proper maintenance, which needs to be accounted for during the transition process from office to home. This requires additional attention. Cyber threats of today require a new way of thinking about cyber defence by combining Artificial Intelligence (AI) and machine learning, threat intelligence and technology. The integrated platforms could leverage the power and resources of AI-driven threat intelligence to enable protection and visibility. However, technology deployment itself could not be the silver bullet. What is missing from tech-based strategies is the human element.
Shared Resources & collaboration
We must go beyond technology and mobilize an entire organisation and human resources to fully counter the threats. A holistic cyber security strategy must encompass all three key elements of People, Process & Technology. All organisations in Malaysia must inculcate a cyber security mindset in every employee so that each has a role to play in keeping our digital data and resources safe and protected.
In the face of mounting cybercriminal activity and increasingly sophisticated forms of attack, companies that collaborate will present a more robust defence against cyber threats. In this regard, cyber security education resources should be shared. While training can be customized, the underlying principles of cyber security awareness must run as a common thread throughout every program.
Global ACE Education Scheme
CyberSecurity Malaysia has been emphasizing the need for developing human capital and aims to equip cyber security professionals with the right knowledge, skills, attitude (KSA) and experience. It is essential to establish a single converging platform enabling cybersecurity workers, professionals and experts to share knowledge, expertise and skillsets. Towards this end, CyberSecurity Malaysia has rolled out Global Accredited Cybersecurity Education (ACE) Certification since 2018, a holistic framework of cyber security professional certification in collaboration with government agencies, industry partners and academia.
The establishment of Global ACE scheme is in tandem with international standards including ISO/IEC 9000 on processes, ISO/IEC 17024 on certification of persons and ISO/IEC 27001 on information security management. This certification supports the continuous development of individuals in mitigating cyber-related threats and builds effective cyber defenders within their social-economic sphere. To date, Global ACE has trained 578 professionals in Malaysia with various training programs including Advanced Diploma in Cyber Security Penetration Testing & Assessment developed based on the Global ACE Certification syllabus to produce personnel with multiple cybersecurity skillsets.
Enhancing Cyber Security Profession
To address the talent gap immediately, more outreach needs to be done to recruit younger workers and add more diversity to the cyber security profession. While millennials and Gen-Zs in Malaysia have grown up using technology and are eager to try new experiences, their interest in cybersecurity as a career still leaves much to be desired. We need to cultivate awareness of cyber security as a future career path at high schools levels as this is when students begin to decide on their college paths and future careers.
CyberSecurity Malaysia has been organizing an annual National ICT Security Discourse (NICTsED) to encourage open and constructive conversation on cyber safety and security issues, also the development of a fresh perspective on key issues in the area of cyber safety and security.
Building the Future Cyber Workforce
To prepare for tomorrow’s complex cyber threat landscape, we need to be creative in training our workforce. We need to look beyond technical skills and consider hiring security professionals that possess the character traits that would make them successful in that position. Attributes for successful cyber security personnel can also be found outside of the IT department in areas such as human resources and finance. Research revealed that assessing behavioural skills could be the key to helping HR and security teams join forces to find the right talent for critical roles within an organization.
Organisations in Malaysia need also be open-minded about cyber security positions. We need to look to alternative avenues such as “new collar” workers. A new-collar worker is an individual who develops the technical and soft skills required to work in technology-related jobs through non-traditional education paths. They typically do not hold an IT degree but instead, are trained through community colleges, vocational schools, software boot camps, technical certification programs, and on-the job apprentices and internships.
The success of Malaysia’s digital economy hinges on its cyber resilience. Cyber security, like any business activity, relies on team effort. It takes the cooperation of every digital citizen to minimize infiltration, data loss and spread of malware.
Dato’ TS Dr. Haji Amirudin Bin Abdul Wahab is Chief Executive Officer of CyberSecurity Malaysia.