Scourge of Ransomware Underscores the Cybersecurity Skills Gap

Ransomware is on a near-meteoric rise. According to the 2021 Verizon Data Breach Investigation Report, it appeared in 10 percent of breaches, more than double the frequency of the prior year. And Fortinet’s most recent Global Threat Landscape Report revealed that there were as many as 17,200 devices reporting ransomware each day by the end of 2020. 

The rise of ransomware underscores one of the biggest issues facing the cybersecurity field: the skills gap. While the shortage has decreased slightly, there remains an estimated lack of 3.12 million professionals, according to (ISC)2’s 2020 Cybersecurity Workforce Study. At the same time, there are a huge number of job seekers in the U.S. and globally, many of whom are looking for something new. So, how do we connect these dots?

Growth of Ransomware Underscores the Need for More Awareness

To help create a strong foundation of digital awareness across society, increasing public awareness through targeted education about cybersecurity continues to be important. Cyber literacy is a necessary ingredient in the building of cyber resilience and offers a timely opportunity for greater engagement and partnership between the public and private sectors. Neither can solve the problem alone, and both private and public entities are directly affected if malicious cyber activity continues unabated. This means they mutually benefit by collaborating.

The American Cyber Security Literacy Act is a great step by the federal government and other organizations to work together to improve security on all levels. A bipartisan group of legislators introduced this bill, whose goal is to establish a cybersecurity literacy campaign focused on cybersecurity risks and staying ahead of the cybercriminals who continue to target and disrupt the lives of individuals, businesses, government and other organizations. This kind of collaboration can go a long way toward creating a culture of security awareness throughout the nation.

Bridging the Gaps Between Employers and Employees

Cyber literacy and awareness are certainly of great importance in the continued struggle against bad actors and ransomware—but what about the next layer? Finding the security professionals to tackle these roles is essential, but given the way ransomware has flourished, it’s clear that this needs be made a bigger priority. 

The U.S. unemployment rate recently reached a new low of 5.4 percent, but the numbers only tell part of the story—there are many more people still looking for jobs who aren’t counted in this number. Many of these job seekers—and others—don’t necessarily have computer science backgrounds or otherwise fit the “traditional” mold of a cybersecurity professional. And in the past, they may have been immediately disregarded by recruiters and hiring managers. 

Considering how quickly the field is changing, this can no longer be the case. By widening their searches, organizations can expand their talent pools and play an active role in bridging the skills gap. To help individuals realize their potential, organizations need to provide appropriate resources—and candidates must be willing to take advantage of those resources. 

Going Beyond Literacy to Provide Training Opportunities

Public and private organizations can and should be working together to help combat ransomware. Part of that work should include collaborating to build the pipeline of talent. Private organizations can work with educational institutions to build and develop their cybersecurity curriculums, for instance. In addition, there are several community organizations that recognize the value of diversity in the industry and provide access to content and programs designed to address the talent shortage. 

For instance, organizations like ICMCP and WiCyS partner with private entities to create access to training and mentorship programs for women and minorities looking to transition or grow within the field of cybersecurity. The overall goal for these community organizations is to not only help individuals kickstart their careers but also advance into leadership roles. Through this prioritization of public and private partnerships, community organizations can help drive representation of women and minorities within cybersecurity. 

Working Together to Remove Barriers

The cybersecurity skills gap may be shrinking, but it is not expected to go away anytime soon, and ransomware continues to be a major problem that also shows no signs of slowing down. To fully meet this challenge, the industry must work to reach communities that exist beyond the typical stereotype of a cybersecurity professional, including women and minorities. Organizations and partnership groups also need to find and attract the many job seekers across this nation looking for a new opportunity.  

The groups begin the process by partnering with community organizations that create access to resources that support diverse candidates who are entering the field of cybersecurity. From there, organizations must continue promoting opportunities for growth through training and certification programs that help their employees not only get up to speed, but also evolve in their roles. Rampant ransomware is a current reminder of the cybersecurity skills gap, but there will always be another threat to content with. Organizations must take new actions to get the different result that will fill the talent pipelines and strengthen corporate security postures.

Sandra Wheatley is the senior vice president, marketing, threat intelligence and influencer communications at Fortinet.