Opinion: As Australian industries face a cybersecurity skills shortage, companies must look to upskilling their current workforce to ensure safe cybersecurity practices, writes Geoff Schomburgk, vice president for the Asia-Pacific at Yubico.
Australia’s former government recognized that there was a cybersecurity skills gap and therefore a key part of its 2020 Cybersecurity Strategy was to foster greater collaboration to create Australia’s cybersecurity skills pipeline. ‘Australia.
Recent data from AustCyber highlighted that the Australian IT sector still faces a severe skills shortage and now needs 7,000 additional qualified cybersecurity specialists over the next two years. Globally, there is a shortage of 1.5 million cyber professionals, with this figure increasing by approximately 250,000 per year.
This shortage of ready-to-use cybersecurity professionals is a major challenge for all organizations today and the problem is only going to get worse. It is estimated that Australia could need around 16,600 additional cybersecurity workers by 2026.
Train our future cybersecurity professionals
Recognizing the need, Australia’s education system has begun to respond to the skills gap, with many universities and TAFEs launching new cybersecurity degrees and courses. It will take time before this cohort of graduates is ready to enter the sector but it is a step in the right direction, however, they may still face challenges as some practical experience will be required before they are not aware.
The computer industry has also reacted. Microsoft recently partnered with AustCyber to launch a new cybersecurity internship program, which will support approximately 200 participants in a career in cybersecurity from 2021 to 2024. The partnership has already been successful in securing additional funding from the Innovation Fund of the Commonwealth Government’s Cybersecurity Skills Partnership (CSSPIF). , which will help increase the number of candidates entering the cybersecurity sector in Australia.
Development of existing workers
Meanwhile, all organizations in Australia, in cooperation with the cybersecurity industry, should encourage employees with transferable skills, including general IT professionals, to upgrade themselves by providing them with cybersecurity training. Some companies here are already developing specialized cyber skills training to accelerate the transition of talent from outside the cybersecurity industry into these specialized roles.
Our team of experts provides guidance and best practices in training workshops designed to make onboarding and deploying security keys easier for internal IT teams. Most cybersecurity vendors offer training on the use of their cyber solutions.
Regular user training
Although prevention is always better than cure, it is not an easy task when you manage a large number of employees who have limited knowledge of cybersecurity risks. Regular user training is essential to reduce instances of cyber incidents caused by human error.
One way to reduce the risk of human error is to create cybersecurity processes that are simple and don’t impose many options on employees when logging into company systems. This could include adopting “modern authentication” methods and then regularly training on using these secure login methods.
Simplifying authentication options and setting clear expectations is not only beneficial but also less hassle for employees. If all organizations could implement modern authentication, such as multi-factor authentication (MFA), they could reduce the number of incidents their overworked security teams have to deal with.
Passwords weigh on productivity
According to the recent global survey we conducted with Ping, Our Passwordless Future Survey – many IT managers cited productivity gains as a key factor in adopting more secure and convenient passwordless authentication methods for logging in :
- Seventy-one percent of Australian IT managers are concerned about help desk costs associated with passwords.
- Thirty-seven percent of support tickets in Australia are related to passwords.
- Over the past year, Australian IT managers have seen a 33% increase in password-related incidents.
- Australian IT managers estimate that employees need to enter passwords an average of 15 times a day.
The experience of Google and Microsoft
There are fixed and indirect costs associated with password issues in all organizations. The hard cost is the password reset and the IT costs needed to deal with it and the soft cost is lost productivity when someone can’t log into their system.
By going passwordless, Microsoft saw an 87% reduction in hardware and ancillary costs. While Google saw a 92% reduction in support requests after the introduction of MFA.
The government recommends the AMF
The Australian Cyber Security Center has recommended that all organizations implement an effective cybersecurity strategy in accordance with The Essential Eight. They encourage them to adopt MFA to ensure that remote access is highly secure for all users when performing a privileged action or accessing an important data repository.
Although most MFA solutions significantly address many security issues, all MFA solutions may not be suitable for all organizations. An important consideration for MFA solutions is the user experience as well as the cyber skills that employees will need. Ease of use, consistency, speed, portability, and availability are important aspects to consider to ensure that the user experience is positive and improves productivity.
Be proactive with cybersecurity
Due to the sheer volume of password issues, already overstretched and underfunded IT teams are inundated with demands that employees must respond to. This forces them to prioritize these requests against the security alerts they receive about real threats that could harm their IT environment. This wastes valuable time and can expose their organization to unnecessary risk.
Implementing modern MFA that is simple and easy to use improves overall security. The added benefit is that it will reduce the number of password-related support requests that need to be handled. This allows security and IT teams to be more effective and efficient with their valuable time. They are freed up to become more innovative, allowing them to focus on developing and maintaining the entire IT environment and being proactive about security rather than reactive.
Geoff Schomburgk is vice president for Asia-Pacific at Yubico.