MANILA, Philippines – For several years now, cybersecurity teams for firms have had a key problem: there’s just not enough qualified professionals.

In the Philippines, just this September before a spate of serious attacks that began with the PhilHealth incident, the National Association of Data Protection Officers of the Philippines said the country needs about 180,000 cybersecurity professionals.

In June, the United States Agency for International Development noted that there are only about 200 such experts in the Philippines, a staggeringly low number. Cybersecurity vendors such as Trend Micro have also sounded the alarm on the continuing trend. 

An annual 2021 survey of cybersecurity professionals showed a “downward, multi-year trend of bad to worse,” leading to increased workload for cybersecurity teams, burnout, and unfilled job positions. 

A more recent one, Fortinet’s 2023 Global Cybersecurity Skills Gap report, which includes the Philippines, found that 86% of those in a decision-making capacity with regard to cybersecurity agreed that the manpower problem creates more cyber risks for companies, and 50% have said that it’s a struggle to retain qualified professionals on the team.

And it’s a problem that won’t be going away soon, said Alan Reyes, Fortinet’s Philippines country manager. “The cybersecurity skills gap remains a formidable challenge, and it’s a challenge that is likely to persist in the foreseeable future,” Reyes said.

Globally, there is a shortage of 3.4 million cybersecurity experts, highlighting the urgent need for talent in this field, Reyes said.

While organizations are “actively implementing initiatives to attract a broader range of candidates,” he said “the pace of progress in this regard doesn’t align with the urgency of the need.” 

As companies struggle to fill up positions, 84% of enterprises surveyed in the report have experienced one or more breaches in the past 12 months, while companies that report five or more breaches in a year have jumped by 53% between 2021 and 2022.

Creating a bigger talent pool

What can be done? Reyes believes education has to be ramped up, and partnerships with educational institutions must be initiated to build comprehensive training and certification programs.

“We believe in equipping students with the knowledge and skills they need even before entering the workforce,” he said.

Upskilling for current employees is necessary too to keep up with rapidly changing challenges in the field. 

Some certification programs include the Fortinet Training Institute’s Network Security Expert program, Google and the Department of Information and Communications Technology’s cybersecurity scholarship program for 500 government employees, and training courses from vendors such as Sophos and Trend Micro.

Reyes also said that by providing access to training for “women, veterans, and students, and [providing] accessible cybersecurity training to those looking for a career change…Filipino organizations can broaden their candidate pool and help build a stronger defense against cyber threats.”

The cybersecurity industry has a gender diversity imbalance, with one report in 2022 showing that only 25% of cybersecurity professionals are women. Earlier this year, Microsoft announced new funding for training more women to become cybersecurity experts.

Enticing prospective professionals, Reyes said cybersecurity skills are in demand everywhere, not just the Philippines.

“What makes cybersecurity even more appealing is that it transcends geographical boundaries. In our increasingly digitized and interconnected world, the career opportunities in this domain are not confined to the Philippines alone. Cybersecurity professionals can work on a global scale, addressing cybersecurity challenges that transcend borders and industries.”

The top five most needed cybersecurity skills, according to the report, from highest to lowest, are cloud security for securing operations based on cloud services; cyberthreat intelligence for knowledge on potential threats; malware analysis; secure system operations for facilitating cyber-safe environments between IT cybersecurity and IT operations teams; and essential cybersecurity foundations.

Certification programs have become more crucial as well for those wanting to get hired, as 90% of leaders in the 2023 report look for tech-focused certifications, up from 81% last year.

While education takes time to build up a talent pool, what can help companies bolster cybersecurity is to ensure that employees are also trained to be cyber-aware. IBM in its Cost of a Data Breach Report 2023 found that employee training is the second most effective way of reducing the dollar cost of a breach for a company. 

Embracing automation and using AI-aided cybersecurity tools may be able to bolster security capacity for a smaller team as well. 

“In essence, while the cybersecurity skills gap may persist, our concerted efforts in hiring, awareness, education, and technology adoption offer a promising path toward bolstering our defenses in the face of an evolving threat landscape,” Reyes said. – Rappler.com