There is a major shortage of cybersecurity professionals, with the equivalent of a major city worth of workers missing from the workforce. (ISC)2, the world’s largest professional organization for cybersecurity workers, estimates in the paper linked above that the cybersecurity workforce will have to increase by 65% to meet demand.
Furthermore, we have seen increased cybersecurity threats and reduced employee training due to the COVID-19 pandemic, reducing the ability of professionals and new entrants into the field to train. Most worrying, new technology threatens to make existing cybersecurity skills obsolete and renders many of the forms of protection they rely on null.
A Lack of Cybersecurity Skills
Germany alone saw the cybersecurity industry grow by 165% in 2021, and cybersecurity professionals typically report very high job satisfaction. Although many come from IT backgrounds, it is becoming increasingly common to undertake dedicated training courses, switch fields or even self-train – 20% of cybersecurity professionals under the age of 39 explored security concepts independently. They are also very well compensated, with an average salary before taxes of $90,000 in 2021, up from $83,000 the previous year.
So why is there a shortage in this sector? Firstly it is difficult to keep up with the ever-evolving security ecosystem when cybersecurity teams face increasing workloads and burnout. Many companies don’t fully understand the skills necessary to work in cybersecurity, demanding an unrealistic level of experience and certification and ignoring the varied paths that people take into the profession. Compensation, therefore, needs to be set at a high level due to the level of experience and training required for the role.
Emerging Threats
Quantum computing security threats are emerging with developments advancing and new and more powerful prototypes being announced. By using the strange, counter-intuitive effects that emerge at very small scales, where an object can be in two places at once or can ‘entangle’ with another object so that they continue to affect each other across time and space, scientists have developed systems with capabilities that far outstrip conventional computers based on a binary logic in which everything is either a zero or a one.
This is a significant problem for the cybersecurity industry because breaking the encryption that secures valuable data would be so time-consuming that it could potentially take billions or even trillions of years to crack. Cracking an eight-character password that uses numbers and lowercase and uppercase letters could take up to 92 years with a traditional CPU.
Currently, as devices lock after a certain number of tries, guessing PIN numbers and passwords isn’t possible. It is relatively easy for bad actors to acquire large amounts of data, but it is nearly impossible for them to use it because it is secured, often with private key infrastructure. This could lead to bad actors storing data until they have access to quantum computers that can break its encryption. Although most of this data will be out of date before the time it is cracked, there may be enough to damage an organization’s finances or reputation.
Quantum-safe forms of encryption do currently exist, however, ensuring that every part of a company’s infrastructure is safe from the evolving threat will be a significant challenge.
Preparing for a Post-Quantum World
The US recently worked to ensure that all of its information classified as ‘top secret’ and above be encrypted with quantum-resistant security. Nonetheless, it must be noted that any company with a digital presence could be threatened, creating a major project for even a reasonably small company to adopt appropriate security measures.
Furthermore, existing cybersecurity professionals will need to continually undertake training as the threat actualizes, with drastic changes needed to be made to the training provided to new cybersecurity professionals. Of course, decision-makers at companies will need to keep up with what quantum computing means for them, and this can be difficult as getting buy-in, or even a basic understanding, for cybersecurity has always been a challenge.
It is apparent that the cybersecurity workforce will need to increase. Therefore, a large-scale realignment aimed at getting more qualified workers into the industry, helping decision-makers understand the issues and preparing the current and future workforce for a quantum computing age. This would undoubtedly involve professional bodies, the education sector, technology providers and quite likely governments who understand the potential harm to their economies from inaction. This will be a significant project for organizations. However, it is essential in preparing to be quantum secure future.