Todd Moore is Vice President of Data Security Products at Thales Cloud Protection & Licensing.
The cyber industry has been struggling with a skills gap resulting from a talent shortage for years. However, the actual gap isn't from a lack of talent—it's from a lack of existing skill sets keeping up with the rapidly changing cyber landscape. Despite security threats increasing in volume and severity, a 2024 World Economic Forum report found that only 15% of organizations expect cyber skills and education to significantly ramp up by 2026.
The attack landscape is constantly evolving, and the rise in more accessible AI tools has allowed cybercriminals to further expedite the rate at which threats are transforming. Now more than ever, security professionals need to ensure they're keeping pace with the growing number of threats and have the right set of skills to defend against them. This has become imperative, as a 2024 ISC2 survey found that nearly two-thirds of cybersecurity professionals say the skills gap is a greater challenge to their organizations' defense than staffing levels.
To best address rising threats while also helping to tackle the deepening skills gap, the cyber industry must prioritize introducing ongoing professional development as a formal obligation to ensure cyber professionals are developing the necessary skills to handle modern threats.
Cyber Skills Need To Match Modern Threats
To keep pace with threats, cyber professionals must have a strong grasp on the tactics of today's bad actors and the proper measures to defend against them. For example, ransomware once focused on holding companies for ransom by locking them out of their systems. Now, cybercriminals' priorities have evolved to focus on targeting and selling businesses' most valuable asset—their data. An outdated cyber professional's focus might only be on maintaining backups; a modern one would also focus on overall data security.
Bad actors' newfound accessibility to AI allows them to increase not only the number of attacks they're creating but also the sophistication of these attacks. Social engineering attacks like phishing are a longtime leading cause of security incidents. AI has enabled hackers to advance phishing attacks and create more legitimate-looking messages that are becoming increasingly difficult to identify—meaning a modern cybersecurity leader should put extra effort toward managing insider threats.
The attack landscape for most organizations also looks completely different than it did a decade ago. Organizations have become reliant on the cloud, and many are leveraging multi-cloud environments. While the cloud offers organizations the ability to scale, it also increases security risks. We found that more than half (55%) of organizations believe managing security in the cloud is more complex than on-premises. A multi-cloud approach creates challenges around visibility as teams must oversee and secure various environments simultaneously.
As the security landscape—from threat tactics to widening attack surfaces—continues to transform, cyber professionals must undergo their own evolution to remain agile against these emerging risks.
Viewing AI As A Solution, Not The Enemy
While AI enables cybercriminals to power the scale and sophistication of their attacks, cyber professionals should also view AI as a resource that can help them strengthen their capabilities. However, proper use of these tools requires continual learning.
AI offers security teams the ability to rapidly enhance their defenses, and cyber professionals should be continuously learning about this technology as it becomes more readily available. The use of AI in areas like anomaly detection has been a critical capability in allowing security and IT teams to further their threat intelligence by easily identifying abnormal data patterns happening within their organization.
Recently, the rise of generative AI (GenAI) has also started making its way into cyber professionals' toolkits, with many implementing the tech as a copilot in detection and response. Powered by GenAI, security teams can receive real-time insights into issues they're facing along with guidance on how to fix these issues. While GenAI is a powerful tool, many cyber professionals are still getting familiar with it.
Part of the training for these AI tools will require the industry to establish responsible AI ethics and governance. Despite AI's ability to efficiently automate tasks like anomaly detection and incident response, human oversight remains integral—especially when security is involved.
Security professionals should view AI as a guide for addressing situations and must double-check whether a recommended action is accurate or requires intervention. The industry must adopt regular trainings for cyber professionals to ensure they're properly using AI to their advantage without opening themselves to any further risks.
Encouraging An Education-First Approach To Security
While the cyber industry should continue to encourage new entrants into the workforce, especially with the global cyber workforce seeing a stall in growth, there's an even more pressing need for the industry to focus on upskilling. This can be accomplished with more emphasis on upholding cyber professionals to regular professional development trainings to advance their expertise.
In industries like legal and healthcare, continuous education is an expectation—not a suggestion. This is accomplished through mandatory license renewals every few years, including industry requirements to achieve certain educational credits. This approach is one the broader cyber industry needs to implement.
While security leaders will be crucial in helping to move the needle on cyber trainings as a formal obligation, it also falls on the industry to place more emphasis on professional development. This can be done by increasing funding for cyber education for the existing workforce and developing educational standards for cyber professionals to abide by.
Paving The Path Forward
Security professionals play an essential role in protecting not just their organizations and their customers' data but the broader landscape as well. With threats advancing at an unprecedented rate, the need for the right skills and regular trainings to be in place to address these threats and new risks as they arise is mounting.
Creating an education-first approach to security allows cyber professionals to best secure their organizations and their sensitive data against modern threats. Introducing cyber trainings as a formal obligation won't only help to further security professionals' skills, but it will also help to enhance the security landscape of the nation as a whole.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

1 year ago
44













English (US)