The cybersecurity skills shortage is one of the most pressing issues confronting businesses today. To address both current and future needs, businesses must establish and invest in a solid cybersecurity talent pipeline.
The cybersecurity sector is facing a significant challenge with the gap in jobs in general, with estimates ranging from 2.72 million to 3.5 million job openings in 2021, according to ISC2 Cybersecurity Workforce Study, 2021. However, because IT has a decades-long head start in acquiring expertise and, as a result, a larger talent pool, the highly specialized Operational Technology (OT) cybersecurity gap is even worse.
The shortage of people with the skills and knowledge of OT cyber security is a huge challenge for the cyber security industry. Under pressure to meet security standards, many organizations are hyper-focused on filling job gaps, but this will not suffice.
There are no simple answers to the OT cybersecurity talent shortage, but here are a few suggestions to get started:
-
Cross-train the IT security staff:
For any company that is having trouble filling OT cybersecurity roles, the best way forward is to hold a training session for some IT employees so that they may learn skills by shadowing OT engineers and operators. Although OT systems offer a wide range of requirements, most are outdated due to their long lifecycles. As a result, many underlying technologies should come as a pleasant surprise to experienced IT personnel.
Following that, IT employees will need to understand the various requirements of those systems and networks, which can only be accomplished by experience. When a company has difficulty recruiting, this may be a more time and cost-effective method to get the OT security program off the ground. It also has the benefit of bridging the gap between the IT and OT teams, which will pay off in the long run.
-
Engage with educational institutions:
Organizations should investigate the various educational institutions’ new OT cybersecurity programs. There aren’t enough programs yet, but several are being developed at colleges and institutions across the country. Some engineering colleges offer individual OT security courses as part of cybersecurity degrees and individual OT security courses. Contributing to the curriculum, creating a scholarship program, and providing internships are excellent strategies to generate talent.
Also Read: Leveraging Automation to Address the Cybersecurity Skills Gap
-
Consider the role of government initiatives:
The rising interconnectedness between IT and OT systems is driving greater demand for job opportunities requiring IT and OT competencies, necessitating more advanced technical training for OT engineers.
With the Cybersecurity and Infrastructure Security Agency (CISA) focusing its attention on OT systems and their importance in the face of geopolitical tensions, a comparable endeavor from the US federal government would help accelerate this relatively nascent domain. A more broad-based approach that encourages public-private partnership would stimulate demand and supply by providing educators and trainers with much-needed best practices and requirements for full-rounded OT cybersecurity education programs.
-
Lean into technology to help:
Assets in industrial contexts are challenging to discover, manage, and secure—especially as our universe of linked equipment and devices grows. The Extended Internet of Things (XIoT), which covers the OT environment, Industrial IoT devices (IIoT), Internet of Medical Things (IoMT), and enterprise IoT, is making significant progress in understanding the obscurity of OT networks.
Agentless asset visibility solutions help discover vulnerabilities and suspicious activity throughout the XIoT and lay the groundwork for continuous threat monitoring to detect and track attacks that cross the IT/OT divide. Such technologies are simple to adopt, interface seamlessly with OT and IT systems and workflows, and allow IT and OT teams to collaborate on OT environments. These teams may take precise steps to begin decreasing risk and increasing security in weeks, not months, by working from the same data set.
Businesses must address the cybersecurity gap on several fronts, including academics, government, and within their enterprises. Firms can expedite progress in protecting critical OT environments that threat actors are targeting while also establishing a more robust cybersecurity workforce by combining skills and institutional knowledge with technological improvements.
For more such updates follow us on Google News ITsecuritywire News