Sunil Sharma, Managing Director – Sales, India & SAARC, Sophos, is the writer of this article
The year 2020 has seen an unprecedented increase in cyberattacks all around the world, highlighting the crucial need to increase cybersecurity awareness among both businesses and people. While IT security has become a vital aspect of an enterprise framework, businesses are today facing a lack of skilled cybersecurity professionals in India.
According to a recent survey done by Sophos, more than one third (35%) of ransomware victims said that recruiting and retaining skilled IT security professionals was their single biggest challenge when it comes to cybersecurity, compared with just 19% of those who hadn’t been hit.
While a number of Sri Lankan IT students enter the industry as software engineers or quality assurance (QA) analysts, there is no surprise that the local cybersecurity industry faces a significant talent gap. Highly skilled people are required for managing next-gen cybersecurity solutions and carrying out 24×7 threat hunting, detection and response to combat next-gen cyber threats, which are advancing as we speak. Hence, it is imperative for youth to hone key cybersecurity skills to catch up with the ongoing technology disruption.
Some of these include:
- Intrusion detection/Firewall /IPS/IDS skills
Backdoor codes and powerful Trojans will always be looking to steal confidential data by breaching authentication layers. In this case, having not only a strong intrusion detection software but also a technologically savvy resource can potentially save a company millions.
A next-generation firewall is a must security solution to have. However, one also needs skills that help to leverage a firewall to prevent unauthorized access to the network and filter its traffic. A strong knowledge of Intrusion Prevention Systems (IPS), and Intrusion Detection Systems (IDS), and its co-relation with firewalls, will also a long way in helping to stop an attack before it can happen.
Additionally, being certified in all these technologies can fetch one a high paying job, in addition to becoming a valuable resource to the cybersecurity universe at large.
- Critical thinking
While seemingly obvious, it is important to note that the key to being a cybersecurity practitioner is having a critical thought process. Foresight, analytical thinking, and a strong understanding of how hackers exploit a system is a must-have skill, to thrive in the industry. And while it can take years to hone, even a little intuition on the part of the resource can go a long way.
- Application security development
As cyberattacks become more brazen, there’s never been a better time to build on application security development skills. One must be able to enhance the security of any given application by identifying, fixing, and preventing its vulnerabilities from being exposed. Additionally, as an expert in this space, testing, and validation of software during its development lifecycle is crucial to be completed before an application can be deployed.
- Black hat thinking
They say if you want to make a home or office burglar-proof, hire the best-known thief. Similarly, when working in the cybersecurity space, it is important to think like a hacker. With the number of cyberattacks increasing day by day, being able to anticipate an attack is often more useful than working on damage control afterward. Penetration thinking is a great skill to master, towards taking a proactive approach in the cybersecurity space.
With cyber threats coming from supply chain attacks, phishing emails, software exploits, vulnerabilities, insecure wireless networks, and much more, it has caught the attention of the Government of Sri Lanka. In the 2020 Budget, the Government allocated Rs. 8 billion to establish new laws and organizational structures in relation to data security and cybersecurity. The aim of this is to convert Sri Lanka’s economy as a technology-based entrepreneurial economy by expanding entrepreneurial development, technological infrastructure and related services.
Furthermore, the country has initiated several discussions around bridiging the skills gap in in the cybersecurity sector where both public and private institutions are taking steps to expand their exisiting ICT curriculums by including cybersecurity-related subjects. Will these initiatives, along with heightened awareness, and potential of cybersecurity as a career bridge this gap? Only time will tell, but Sri Lanka is gradually making progress.