Intelligent CIO APAC Issue 23 - Page 84

Daniel Chu , Vice
President of Systems Engineering for Asia Pacific and
Japan at ExtraHop safeguard their organization amid increased attacks and long hours . The shortage of talent has only exacerbated this issue .
Has the proliferation of tertiary education courses in cyber skills managed to improve the skills shortage at all ? attacks in 2020 and more than 880,000 attacks on Vietnam . However , in spite of registering the least number of phishing attacks in the region , Singapore ’ s cases had actually increased by 60.5 %.
According to the International Information System Security Certification Consortium ( ISC )², the cybersecurity workforce gap across the world has narrowed from 3.1 million in 2020 to 2.7 million in 2021 . It was estimated that around 700,000 cybersecurity professionals had joined the cybersecurity workforce within a year , which reflects a sustained progression towards addressing the shortage in cyber talent .
It is important to note , however , that the alarming rise in reported cyberattacks in these countries is due to the surge in cybercrime , instead of the shortage in cyber talent . It is the evolution of cyberthreats , such as Ransomware-as-a-Service and Crimeware-asa-Service , that makes cybercrime available to those without technical knowledge , which has led to an increased need for cyber talent in the region .
Is the shortage in cybersecurity skills a problem specific to the APAC region ?
The shortage in cyber talent is a global issue , with a deeper severity in the APAC region . The current gap in cyber talent stands at 2.7 million on a global scale . However , 1.42 million out of the total is in APAC . The ( ISC )² also reported that cybersecurity hiring trends in APAC small and medium enterprises ( SMEs ) and mid-market businesses fall short of their global counterparts in terms of hiring intent . Larger enterprises , on the other hand , remain steadily hiring , with a higher rate of onboarding compared to prepandemic levels .
Why is there such a high burnout rate in the cybersecurity industry ?
Security operations teams today are experiencing alert fatigue as cyberthreats increasingly become more sophisticated . A typical security investigation workflow today involves dozens of tools that fire numerous alerts with a high percentage of false positives . Without an automated security process , analysts manually gather the data to identify which alerts to prioritize and follow up on . This is an especially impossible task for organizations receiving more than 5,000 alerts daily . When alerts become overloaded , there is a greater potential for threats to slip through the cracks . There also is mounting pressure on these individuals to
We can also see the expansion of training programs to address the skill gap in cyber talent . A recent example can be seen in GSX joining the ( ISC )² official training partner program to deliver cybersecurity education and professional development .
How far is the ever-changing threat landscape part of the problem ? Does this put people off entering the sector ?
The evolution and surge of cyberattacks has heavily contributed to the shortage of cyber talent . We like to think we already know how ransomware works but threat actors continually add new acts or improve the tactics in their playbooks .
Cybercriminals have now expanded their blast radius through the use of advanced land-and-pivotstyle tactics . This ensures a handsome payout from companies struggling to regain operations without significant data leakage or reputational damage .
Fortunately , this issue does not put people off from entering the sector as there are technologies that can aid them in combating these attacks and a mission that focuses on protecting people and data .
The use of technology , such as Machine Learning and automation , simplifies the security operations process . It enables IT teams to gather , correlate and analyze large amounts of data faster and with minimal effort , allowing for a more productive and efficient security team . Automation , for instance , can help detect threats that can be missed by a manual incident response process . By automating their security processes , organizations can provide unprecedented visibility , definitive insights and immediate answers without burning out their security teams . p
84 INTELLIGENTCIO APAC www . intelligentcio . com