About 157,000 Canadian cybersecurity professionals are needed to fill skill gaps, says a new report after a recent survey found security breaches have been felt by nearly 90 per cent of Canadian organizations due to a lack of such skills.
Research by Fortinet, a California-based cybersecurity company with a research and development centre in Burnaby, found organizations face unprecedented cybersecurity challenges that are significantly impacting businesses largely due to skill shortages.
The findings were reported in Fortinet’s 2024 Global Cybersecurity Skills Gap Report.
Among key findings were that:
• organizations are increasingly attributing breaches to the cyber skill gap;
• breaches continue to have significant repercussions for businesses, and executive leaders are often penalized when they happen;
• certifications continue to be highly regarded by employers as a validator of current cybersecurity skills and knowledge; and,
• numerous opportunities remain for hiring from diverse talent pools to help address the skills shortage.
“This year’s report emphasizes that for organizations to ensure they’re protected from today’s complex threats they must have a combination of the right security technology, opportunities for current security professionals to upskill through training and certifications, and an overall cyber aware workforce,” said Fortinet chief marketing officer John Maddison.
Glacier Media asked Fortinet's chief security strategist, Derek Manky, how the situation can be alleviated.
“The issue has been getting bigger but it isn’t novel,” the B.C. Institute of Technology (BCIT) graduate said. “It’s a supply and demand issue.”
As with much of cybersecurity, he said, a lot comes down to education. As staff have needed to be educated to thwart incoming attacks, new staff members need to be educated in institutions to fill needed roles, he told Glacier Media.
Manky said attacks are coming from many different areas, including increasingly sophisticated organized crime groups as well as state-sponsored actors.
“We’re just seeing a barrage of attacks from all angles,” he said. “We need people to be able to detect and respond.”
What’s compounded the issue in recent years, he added, is that attacks with so-called ransomware, where systems have data stolen from them and held for ransom, has become something of a criminal business model.
So, said the BCIT advisory board member, there needs to be a connection between industry and educational institutions.
“We have the threat intelligence,” he said. “The whole idea is to take that into labs . . . for students before they graduate.”
The gaps report found 70 per cent of organizations worldwide reported the skills shortage creates additional risks for their organizations.
Other findings included fining or firing of executives, huge revenue losses and other expenses.
“As a result, executives and boards of directors are increasingly prioritizing cybersecurity, with 72 per cent of respondents saying their boards were more focused on security in 2023 than the year before,” the report said. “And 97 per cent of respondents say their board sees cybersecurity as a business priority.”
When it comes to hiring, what the report found is that cybersecurity job candidates with certifications stand out and that business leaders believe that certifications improve security posture.
However, the report also found finding candidates who hold certifications isn’t easy.
“More than 70 per cent of respondents indicated that it is difficult to find candidates with technology-focused certifications,” the report said.
