Cross-Training and Zero Trust to mitigate the need for cybersecurity professionals

The demand for cybersecurity skills seems to grow exponentially during COVID-19, and it is evidenced in the latest IDC study. As per this study, HR departments will be hiring during the initial recovery from the COVID-19 pandemic primarily due to the pressure and recognition from the C-Suite and the board that cybersecurity professionals are hard to find.[1] Triggering the demand for cybersecurity skills is the widened threat surface. Remote working for a few became “work anywhere” for everyone during the pandemic, not only among businesses but also schools and institutions which are harnessing the benefit of online classes.

But not all is hunky dory in the online space. A flood of cyberattacks has been irking everyone. WHO has also observed a dramatic increase in the number of cyberattacks worldwide since the start of the pandemic.[2] Security outside of the company network has turned out to be a significant challenge for organizations. Many schools have recently played into the hands of threat actors quite easily as their skills and experience using cybersecurity tools were naïve. For instance, nearly 25,000 students in the Rialto Unified School District lost access to distance learning while the school administrators scrambled to fix the problems from a major cyberattack.[3]

The reality check on cybersecurity skills gap

Alarming rates of cyberattacks during COVID-19 come as a potent reminder that we seriously need to nurture cybersecurity talent. As of now, the chasm between the supply of cybersecurity professionals and the demand from cyberattacks is steadily widening. The proof lies in the 2019 ISC2 Cyber Security Workforce Study [4] that underlines that around 2.8 million professionals currently work in cybersecurity, whereas an additional 4 million trained workers are needed to close this gap. The need for cybersecurity professionals has become even more urgent during the pandemic. The growing threat surface in the backdrop of COVID-19 has caused attackers to shift their motives and modus operandi to exploit their targets beyond the company perimeter in remote environments. Organizations in many cases see this happen like mute spectators while at the same time scrambling for support from dexterous hands in the fight against cyber threats.

Focus on cross-training and incentivize cybersecurity skills

Since the existing educational and training ecosystem is unable to address the demand of cybersecurity experts, organizations should invest in cross-training of their employees and incentivize cybersecurity skills to make up for the gap. Organizations can encourage employees to take in as well as hone cyber skills. Organizations can run career enhancement programs in partnership with specialized entities like SANS, ISACA and others to upskill and cross-skill their professionals in cutting-edge cyber areas. Cross-training in cybersecurity should become an integral part of the corporate culture. This will limit organizations’ search during the pandemic time for cyber professionals outside of their firm and eventually help in the fight against malicious actors who have upped the ante with their COVID-19 phishing and malware attempts. The USA’s CISA and the UK’s Department of Homeland Security have already warned about COVID-19 exploitations by rough cyber actors.[5]

Using Zero Trust-based tools that demand fewer eyes to monitor threats

Addressing the skills gap looks unrealistic in the short term. So, in the age of digitalization and cloud where perimeters have become irrelevant and traditional approaches to security do not stack up against the sophistication of today’s threats, the adoption of solutions based on Zero Trust becomes the smart play. With Zero Trust assimilated right into your security stack, it protects your web activity and web browser, no actor will be able to harm your network. So, this holistic, strategic approach to cybersecurity ensures that every person or every device with access is who and what they claim they are. Built using the Zero Trust security model, browser isolation has lately emerged as one of the powerful options for businesses to isolate threats before they reach their web browser. It stops threats at the door by neutralizing the critical categories of web, email, and document-based threats. By filtering all incoming code and isolating it on a remote virtual browser and streaming only harmless pixels back to your screen, browser isolation fetches, executes and renders all content remotely.

To win in the short and long term, organizations should focus on cross-training their existing employees in cyber areas and embrace Zero Trust as part of their security strategy. Doing so can rid them from scrambling for the rare breed of cybersecurity professionals.

Onkar Sharma

Principal Specialist – Content Marketing, Cyberinc