Ancient Chinese military strategist Sun Tzu in his manuscript `The Art of War’ notably observed – “The supreme art of war is to subdue the enemy without fighting”. He could not have been more relevant in today’s cyberspace. The Digital India campaign has empowered the common man with better online access to government services via E-Governance and Aadhar card linkage and has enabled citizens to be electronically linked. But improved online infrastructure and increased internet connectivity have now opened up innumerable entry points to serious cyber threats which are becoming more targeted and sophisticated. It’s truly a war out there.
According to Symantec’s internet security threat report, India is ranked fourth among the countries most susceptible to cyber-attacks and this does not bode well for the nation. Cybersecurity has now become critical for national security and public safety. With a rise in cyber attacks, losing proprietary data and confidential client information has become commonplace over the past few years. Many industries and enterprises – small, medium and large have been crippled due to cyber attacks with disastrous consequences. In doing, so it has made them more vulnerable to cyber intrusions creating a dire need for early warning systems and pre-emptive measures. In spite of this, there is a scarcity of qualified cybersecurity professionals and the demand for talent is expected to be on the higher side.
It is now imperative for key sectors like BFSI, Telecom, Media & Entertainment, High Technology, Healthcare, Public service, Retail & CPG, Travel & Hospitality, Infrastructure, Manufacturing & Industrial Equipment, Energy & Utility, Automotive, and Education etc. to be quick, agile and prepared for such eventualities to avoid exposing sensitive personal and business information and disrupting critical operations. Demand for cybersecurity professionals is driven mostly by defence forces, consulting firms, banks, the government, Retail, BFSI companies and IT companies. In particular, financial services institutions including banks, payment gateways and ecommerce organisations are the biggest employers of cybersecurity professionals owing to the nature of their businesses. Many organisations, including government ones still remain very susceptible to cyber attacks since they do not follow stringent norms for data security.
Given this, based on industry estimates there will be a demand for more than 1 million cybersecurity professionals in India by 2020. Most organisations are willing to pay a premium to hire them, but still, there are thousands of vacant positions. The most in-demand cybersecurity job profiles include Network Security Engineers, Cybersecurity Analysts, Security Architects, Risk Auditors, Firewall and Security Device Development professionals, Forensic Computer expert, Penetration tester, Cloud Security experts, Cryptologists and Ethical Hackers. Another problem is the fact that cybersecurity is truly a multidimensional disciplinary field and requires expertise in multiple platforms & operating systems, system development, networking and remote infrastructure, intrusion detection, malware analysis and reversing, risk analysis and mitigation, cloud security, security analysis etc. In addition, cybersecurity experts also require soft skills of thinking like a strategist, strong analytical and diagnostic skills and thinking like a black hat.
We live in an era where attack technology is fast outpacing cybersecurity technology. Hence, the roles and skill sets required to mitigate these challenges are constantly evolving for incoming cybersecurity workforce. Employers expect workers to know and apply industry best practices and perspectives which are not always possible due to widening skill gaps and lesser trained experts. We need to introduce new digital technologies curriculum to the academia and prepare students for these new roles. Educating academic staff and graduating students on the employment demands and opportunities will go a long way in creating the supply chain for necessary manpower requirement. Training on required skills can be offered in MOOC model by universities and tech schools along with industry bodies like NASSCOM, Data Security Council of India, and Institute of Defence Studies & Analysis (IDSA) on the same front.
The technologies used in cyberspace are still very nascent and evolving rapidly. Hence investing in technological capabilities to keep track of global developments, developing countermeasures and staying ahead of the competition is extremely important. Both policymakers and the private sector should recognise these aspects and work together to prioritize cybersecurity and risk management in their planning. While doing so they should plan ahead to research new technology paradigms that might appear in the future and have a game-changing impact on cybersecurity. There is also a pressing need for stronger cyber laws and security systems.
Forward-thinking companies are making huge investments in cybersecurity and adopting cloud-enabled cybersecurity based on real-time analysis. Thinking ahead can help organisations mitigate operational, reputational, legal and financial ramifications and also retain the trust factor of their customers. In most cases the demand for cybersecurity professionals is also due to stringent data security demands from clients. Organizations are now recognizing the value of cybersecurity professionals. By doing so, the focus is now to build a future ready cybersecurity set up that has the right balance of technologies, processes and people skills. With these measures in place, organisations are likely to be better prepared for future threats. Thus, the demand for cybersecurity professionals will only grow exponentially in 2019 and beyond.