In a world of evolving cyber threats, where each day brings news of a new attack, the skills gap in cybersecurity poses increasingly serious problems. It’s a perfect storm according to Marcel Labelle, President and General Manager of Cybereco, a non-profit organization devoted to fostering collaborations that advance cybersecurity and accelerate the development of a world-class cybersecurity workforce.
Speaking at Security & AI, one of three sessions in ITWC’s MapleSec Satellite series, Labelle cited figures showing that more than 60 per cent of global critical infrastructures have not yet achieved a high level of cyber resilience. In stressing the need for a robust cybersecurity workforce, he referenced the economic impact of large scale cyber assaults, such as the SolarWinds attack.
“We are seeing an increase in threats that target every type of organization in each industry,” said Labelle. “We need to find ways to attract more talent.”
The Need to Do Something Different
Looking back 40 years, Labelle said cybersecurity was easy then because computers were connected to a terminal and punch cards offered the only potential for hacking. At present, things are moving much faster, yet many organizations are still living with legacy systems and technologies. Other risks come with mobile and cloud computing.
The implication for the cybersecurity workforce is that more people are required to maintain a secure environment, and these people need more expertise in order to deal with emerging technologies, many of which are extremely complex. “From a skills perspective, we need to do something different,” said Labelle, remarking on the increasing sophistication of cyber threats. “We need to avoid duplicating the same investments and doing the same things.”
Strength in Numbers
The answer, in his experience, is working cooperatively on cybersecurity initiatives. Not only does this allow organizations to leverage best practices, but it also helps them move faster and further. There is also a need, he said, to orchestrate the cybersecurity ecosystem, one of Cybereco’s chief goals. Rather than a number of organizations investing in the same areas, each one can tailor investments to specific needs and share the results.
According to Labelle, collaboration is also an important part of the equation when it comes to attracting cybersecurity talent. “Canada is a good place to be, so by working together we can have targeted initiatives to attract foreign workers,” he said. “On the other side of things, we need to promote cybersecurity careers at all levels. It’s important that people understand more about what they can do in the cybersecurity field.”
Promoting Careers in Cybersecurity
In terms of diversity, Labelle recommended initiatives to encourage women and those from under-represented groups, such as immigrants and visible minorities, to pursue careers in cybersecurity. He said drives to attract workers should include international students. “We also need to work with universities and colleges to develop new programs and adapt existing programs to the new reality,” he explained. “Technology is evolving fast. We need to have more cybersecurity education programs and make these programs more broadly available because everyone needs to better understand cybersecurity problems and be part of the solutions.”