- | 9:00 am
Is the cybersecurity skills gap putting enterprises at risk in the Middle East?
Data breaches are costly and damaging. But there aren’t enough people to fill cybersecurity positions. What can we do?
Cybercrime damages cost the world $8 trillion a year. $667 billion a month. $154 billion a week. The cost dings both the bottom line and organizational reputation. This catastrophe will probably worsen before it improves. As connected technology spreads in the digital era, the security infrastructure must come with it.
In the Middle East, as cyberattacks skyrocket, organizations realize they must do everything possible to secure their networks and corporate data. Consequently, the demand for IT security skills is also increasing.
Unfortunately, there are too few people with the expertise to build it – or, for that matter, to meet the widening range of cybersecurity challenges impacting everything from banking to retail.
“The IT skill gap is a looming concern for enterprises in our region,” says Rashed Al-Momani, General Manager, Middle East, Egypt, Rwanda, and Pakistan at Kaspersky.
The emergence of innovative technologies and tools, such as Gen AI, also presents new challenges in cybersecurity. A recent study by cybersecurity firm Trellix found that 66% of IT managers across the UAE and Saudi Arabia believe their organizations lack “the right people and processes to be cyber resilient.”
“The rapid pace of digital transformation is driving the demand for skilled digital professionals in the region,” says Ashraf Koheil, Regional Sales Director META for Group-IB.
“Businesses are recruiting new IT talent and upskilling through training and development programs,” he adds.
But will it be enough?
Experts say businesses should “redouble” efforts to educate their employees on cyber hygiene practices. “Everyone has a role to play as the human factor remains at the heart of many cybersecurity incidents,” says Koheil.
THREATS PERVASIVE AND SOPHISTICATED
Since cybersecurity is a relatively new field, professionals pick up expertise on the job. Only recently have universities started seriously ramping up programs in the region.
“Cybersecurity professionals need a wide range of skills, which are often obtained through work experience, which takes time. Communication, data analytics, compliance, organizational psychology, and expertise in information technology are critical to push the influence of cybersecurity within organizations,” says Al-Momani.
Cyber threats, now pervasive and sophisticated, target individuals, businesses, and governments alike. From data breaches to ransomware attacks, the consequences of such incidents can be devastating, leading to data loss, financial harm, reputational damage, and even endangering vital infrastructure.
The recent surge in phishing attacks underscores the need to be vigilant. A recent Acronis report found a 464% increase in phishing attacks in just the first half of 2023.
In the meantime, the skills gap is widening, and the reason is relentless demand, given the pace of technological development in the region.
According to Al-Momani, the factors contributing to the widening skills gap start at the grassroots level. “Universities just started to identify the importance of introducing cybersecurity as a field of study. This knowledge gap also extends to industries beyond the IT sector, where businesses often fail to recognize the gravity of cyber risks.”
“The lack of awareness regarding potential threats poses a substantial difficulty,” he adds.
TRAINING AND AWARENESS
While there is a growing trend of general cybersecurity training for employees, some companies remain hesitant to view cybersecurity investment as indispensable. However, governments in the region are introducing cybersecurity guidelines across industries, especially within financial and critical infrastructure sectors.
“Cybersecurity is at the top of board agendas as companies steadily realize the importance of adapting preventative measures,” says Al-Momani.
In the region, there are thousands of unfilled cyber positions, and there aren’t enough schools to produce the people for these positions, although, in the last two years, there has been a growth in colleges and universities offering classes and degrees in cybersecurity.
“Educational initiatives by governments around the region are taking shape as students look at lucrative career prospects in the cybersecurity sector,” says Al-Momani.
Cyber threats are also becoming more advanced and complex, meaning that specialists in this core industry must stay up to date with the latest tactics, techniques, and procedures leveraged by cybercriminals, adds Koheil.
Experts say enterprises should invest in the youth through internships or partnerships between companies and educational institutes. This allows students to synthesize theoretical knowledge with practical experience in combating the latest tactics and techniques of cybercriminals.
“One of the ways organizations can reduce the skills gap and increase overall digital safety standards is to introduce cybersecurity as a KPI, so employees are aware of the dangers of cybersecurity and the detrimental impacts,” says Koheil.
In the end, to effectively address the widening IT skill gap, a heightened level of collaboration between governments and corporate entities, establish a mandatory practice of ongoing cybersecurity training, varying in complexity to cater to diverse team member roles and IT professionals engaging in continuous learning to stay abreast of emerging technologies.
Meanwhile, as experts are sounding a similar alarm for cybersecurity experts, companies are filling the talent gaps through technology and outsourcing certain security functions, such as risk assessment and mitigation, network monitoring and access management, and compromised system repair.
“There is a huge scarcity of human resources in this field, but that doesn’t mean we cannot protect or take action. This is why we leverage AI and automation,” says Dr. Mohamed Hamad Al Kuwaiti, Head of Cybersecurity, UAE.
While automation will never fully replace human judgment, it does create efficiencies that allow cybersecurity professionals to focus their time and talent on the more advanced threats that require human intervention.