The pressure on organisations to digitally transform, coupled with the increase in personal and corporate cyber-risks driven by the rapid transition to remote working, means the skills required for effective cyber-security defence have taken a front seat as businesses increase their investments in data security tools and capabilities.
A recent international survey by Robert Half found that nearly half (44%) of CIOs and CTOs consider maintaining the IT security of systems and safeguarding company information to be their top strategic priority going into 2021 – over and above cost reduction, process automation and innovation. As a result, few are surprised that the cyber-security talent crunch that already existed pre-pandemic has only further intensified over recent months.
In the same survey, almost a third (32%) of CIOs and CTOs said IT security skills have become the hardest to find specialism since the COVID-19 pandemic began. And despite a decline in new job postings between February 1 and April 10 of 2020, a survey by Gartner saw a surge in demand for info security roles in the same period – consistent with earlier Gartner Talent NeuronTM data which forecasted a global shortage of two million cyber-security professionals by the end of this year.
The top cyber-security skills in demand
In a post-COVID-19 world, many organisations will become increasingly more reliant on mobile devices and offsite and cloud-based technologies, to run their teams and operations. This increase in virtual activities has made enterprise networks and popular websites prime targets for cyber-criminals, with a global survey from cloud security company VMWare finding that nearly all enterprises (91%) have faced increased cyber-attacks amidst the current pandemic.
The increase in security breaches has sparked growing demand for a range of cyber-security skills as organisations look to protect themselves against information fraud and provide more secure data handling connections for their remote employees.
So, what skills will your company need for an effective security strategy? The cyber-security skills we can expect to see in highest demand for going into 2021 include:
- Information security (InfoSec): Organisations will need the skills to protect their electronic data from unauthorised access. In-demand skills include authentication/authorisation (including single digital identity security across devices), malware analysis, incident response, risk management and data recovery.
- Network security: Organisations face increasing breaches and threats in their IT networks, including malware and hacker attacks. Skills required include wireless network security, firewalls and IDS/IPSes, VPNs and remote access, as well as endpoint security.
- Cloud security services: There will be growing demand for security skills applicable to public and hybrid cloud platforms such as Amazon Web Services (AWS) and Azure, as more organisations use them to support both at-office and home-based working environments. This includes implementation of policies, controls, procedures, and technologies that protect cloud-based systems, devices, and infrastructure.
- Web security: With the growth in employees accessing office applications from their home internet and mobile devices, enterprises will need to secure their websites and web applications from threats including viruses, ransomware, and distributed denial of service (DDoS). Relevant skillsets span network, application, and OS security.
- Security architecture: With many employees likely to continue working from home at least part-time for the foreseeable future, more organisations will be looking to build IT security into all aspects of their operations, including organisational structure, company policies, processes, and customer products. Relevant top-level skills in this area include knowledge of security hardware and software, analysis of organisational needs, and the ability to manage cyber-security risks in relation to organisational policies and industry standards.
Demand for security analysts and security architects is on the rise within businesses that either previously invested very little (or not all) in IT security or are shoring up their data security propensities in response to the shift to remote working over the course of the current pandemic. In addition, cyber-security has become an expected skillset for a growing range of tech professionals, with network engineers, for example. now expected to have high-level knowledge of firewalls and network security, on top of core skills in network routing and switching.
Gaining the skills required for future cyber-security needs
A June 2020 global survey of nearly 1,000 security professionals conducted by security vendor Netwrix found that 38% of CIOs and IT directors plan to invest in technology training for their IT staff – almost twice as many as before the pandemic (20%). Furthermore, with many organisations facing a skills gap due to reduced hiring budgets, combined with greater competition for IT security talent due to COVID-19, nearly a third (31%) are in favour of training their IT staff moving forward as a way to address the skills shortage.
To keep up with their customers’ shifting needs and new ways of doing business heading into 2021, organisations will need to prioritise upskilling their current workforce, along with building a recruitment program that attracts the right tech talent in order to meet their cyber-security needs.