Shortage of cybersecurity experts exposes organisations to huge losses

Prof Mike Johnstone (left) with an Edith Cowan University alumnus after giving his presentation on cybersecurity

Cybercrime is getting real and its impact even bigger. A Norton Cybercrime report by Symantec provides some startling statistics: There are1.5 million victims of cybercrime every day, which translates to 18 victims per second.

The current shortfall of cybersecurity talent has turned this into a global challenge for every industry, according to Mike Johnstone, a cybersecurity expert  at Edith Cowan University (ECU) in Australia. “The lack of trained personnel has exacerbated the already difficult task of managing cybersecurity risks,” says Prof Johnstone.

Many governments and organisations are living with the scary reality that there is a shortage of professionals to protect them against cybercriminals. A global study by Intel Security, in partnership with the Centre for Strategic and International Studies (CSIS), reveals a cyber security talent crisis in even developed economies like Australia, France, Germany, Israel, Japan, Mexico, US and the UK. 

The annual cost of cybercrime is a whopping $110 billion. Indeed, a 2017 IBM survey of 419 companies in 13 countries shows that the average total cost of a data breach is $3.62M and $141 as the average cost per lost or stolen record.

While the highest number of cybercrime victims are found in Russia at 92 per cent, followed by China at 84 per cent, and then South Africa at 80 per cent, the threats have recently been growing in Africa, and specifically Kenya, targeting individuals, corporates, financial institutions as well as the government.

For many businesses, cyber security has been elevated to a board-level agenda item. “The threat of cyber warfare conducted by various actors such as business rivals is real and businesses need to rise to the challenge or risk having their intellectual property compromised,” Prof Johnstone said during a seminar on cybersecurity for financial institutions sponsored by ECU in Nairobi.

In his presentation, Executive Education on Cyber Security for the Finance Sector, mapped out how governments and companies stand to lose to cybercriminals if they don’t increase their investments in cyber security training.

Prof Johnstone, an Associate Professor at the Edith Cowan University, says the global shortage is responsible for direct damage to organisations whose lack of talent makes them more desirable hacking targets.

ECU is reputed for its comprehensive cyber security teaching and research programme in Australia over the past two decades. It boasts Australia’s best cybersecurity research and education team and is ranked among the top 10 globally. Two of its academic staff are also members of Interpol’s Cyber Crime Experts Group.

The university runs academic programmes in cybersecurity ranging from degree to PhD level. “We have Kenyan students excelling in cybersecurity at ECU” he said.

In 2015, 209,000 cybersecurity jobs went unfilled in the United States alone, according to the Intel Security report. Despite one in four respondents confirming their organizations have lost proprietary data as a result of their cybersecurity skills gap, there are no signs of this workforce shortage abating in the near-term. Those surveyed estimate an average of 15% of cybersecurity positions in their company will go unfilled by 2020.

With the increase in cloud, mobile computing and the Internet of Things, as well as advanced targeted cyberattacks and cyberterrorism across the globe, the need for a stronger cybersecurity workforce is critical. “Many systems used in today’s industries are insecure because they are built to work and they are using technology that is 30 to 40 years old. This includes systems used to run dams, power stations and buildings says Prof Johnstone.

Since cybercrime has become a service for sale, companies need a pool of experts to counter the ever-sophisticated mechanics developed by the criminals who are now in big business. “Companies should be able to analyse threats and respond to them. By the time an alert is reported it has already happened and is often too late to do anything about. Companies need professionals who can respond quickly and who can ensure the systems in place detect and fix  the threats,” Prof Johnstone says.

This significant international skills shortage means that by 2020, 60% of digital businesses will suffer major service failures due to  the IT security teams’ inability to manage digital risk. He said cyberattacks are perpetrated by state actors organised groups, rival firms, criminals looking for financial gain, amateur computer criminals, angry employees and contractors.

Countries and companies can reverse this shortfall in critical cybersecurity skills by increasing expenditure on education, promoting gaming and technology exercises, and pushing for more cybersecurity programmes in higher education. “The Internet of Things, which is estimated to grow to 20 billion devices by 2020 presents an interesting business opportunity, but also makes the threat landscape much larger and more complex,” says Prof Johnstone.