Skill sets, AI, co-operation, and climate have become the critical challenges for cybersecurity provision this year, according to Europe-based IT/OT security software provider Stormshield.
Victor Poitevin, writing for Stormshield, said that recruitment into the sector may need to tackle a possible 3.4 million vacancies in cybersecurity around the world, up 26.2% on the previous year as estimated by the (ISC)2 Cybersecurity Workforce Study 2022.
“Caught up in the waves of the post-lockdown Great Resignation, the cybersecurity sector is also experiencing soaring turnover,” Poitevin said.
Roughly one in five respondents revealed they had changed jobs in the last 12 months, for a reasons including salary, working conditions, and company mission.
“This shortage may even prompt us to ask a chilling question: could a cybersecurity company die from a shortage of human resources?” he said.
“Is the future one of under-resourced security operations centres (SOCs) unable to react quickly enough to a critical alert? Or companies without CISOs?”
No one knew whether new recruits could be retained over the long term, even if more was invested in developing that talent. At the same time, a redundancy wave across ‘big tech’ names from Microsoft to Meta added further uncertainty, he suggested.
Skills are increasingly needed to meet the challenge of AI as well. Although the approach is not new, the rise of applications including ChatGPT is potentially making it easier than ever to become a cyber criminal, noted Poitevin.
“Scripts can contain a number of errors, and therefore be relatively easily detected by protection solutions. But they still enable novice cybercriminals to become familiar with the subject, and save time on writing code snippets,” he pointed out.
“The ChatGPT module can also be used to write convincing text – and thus take phishing into a new era. The ability to take advantage of advances in deepfakes, video, audio and voice synthesis strengthens cybercriminals’ offensive capabilities.”
Partly as a result, providers relatively unused to working together at this level must rise to the above challenges, with greater provider co-operation needed to mitigate potential issues. This would require a degree of humility, he suggested.
“Growing sophistication of cyber attacks means that cyber-analysts can no longer rely solely on the data reported by the firewall at network level, or the protection agent at workstation level. They need an overview of what is happening on the information system,” said Poitevin.
“To help them gain such an overview, cybersecurity products must aggregate, correlate and classify the data they produce and receive. How do you rationalise? And which tools do you choose?”
Lastly, cybersecurity players can no longer afford to ignore the environmental challenge facing the planet. The IT sector is responsible for 2% of greenhouse gases in France alone, and has been estimated as accounting for 4% of emissions worldwide, Poitevin said.
That compares with an estimated 2.6% or so from civil aviation, he pointed out.
“Although the finger is regularly pointed at streaming platforms, they are not the only players with a role here,” Poitevin said.
“The cybersecurity community is not responsible for this entire 2% figure, but it certainly does form a part of the picture. As the number of cybersecurity products in companies increases, their carbon footprint automatically increases.”
The sector must therefore work harder to maintain similar efficiencies while streamlining cybersecurity products to reduce their footprint – including by reducing data volumes and hardware resource consumption, he said.