cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Severe cyber security skills shortage in Australia puts strain on stretched security professionals

Opinion: With Australian industries facing a cyber security skills shortage, businesses must turn to upskilling their current workforce to ensure safe cyber practices, writes Geoff Schomburgk, vice president for Asia-Pacific at Yubico.

user iconGeoff Schomburgk
Wed, 17 Aug 2022
Severe cyber security skills shortage in Australia puts strain on stretched security professionals
expand image

It was recognised by the former Australian government that there was a skills gap in cyber security and therefore a key element of its 2020 Cyber Security Strategy was to foster greater collaboration to build Australia’s cyber skills pipeline.

Recent data from AustCyber highlighted that Australia’s IT sector is still facing a severe skills shortage and now needs an additional 7,000 skilled cyber security specialists over the next two years. Globally, there is a shortage of 1.5 million cyber professionals, with this figure growing by approximately 250,000 per year.

This shortage of job-ready cyber security professionals is a key challenge for all organisations today and the issue will only get worse. It is estimated that Australia may need around 16,600 additional cyber security workers by 2026.


Educating our future cyber security professionals

Recognising the need, the Australian education system has started to react to the skills gap, with a large number of universities and TAFEs launching new cyber security degrees and courses. It will take time before this cohort of graduates is ready to enter the sector, but it’s a step in the right direction, however, they still may face challenges since some practical experience will be required before they are up to speed.

The IT industry has also responded. Microsoft recently partnered with AustCyber to launch a new Cyber Security Traineeship Program, which will support approximately 200 participants in a cyber career from 2021 to 2024. The partnership has already successfully secured additional funding from the Commonwealth government's Cyber Security Skills Partnership Innovation Fund (CSSPIF), which will help to increase the number of candidates entering the cyber security sector in Australia.

Upskilling existing workers

Meanwhile, all organisations in Australia, in cooperation with the cyber security industry, need to encourage employees with transferrable skills, including general IT professionals, to upskill by offering them cyber security training. Some companies here are already in the process of developing specialist cyber skills training to accelerate the transition of talent from outside the cyber security sector into these specialist roles.

Our team of experts provides guidance and best practices in training workshops designed to help facilitate security key integration and deployment for in-house IT teams. Most cyber security vendors offer training on how to use their cyber solutions.

Regular user training

While prevention is always better than cure, it is not an easy task when you’re managing a large number of employees that have limited awareness of cyber security risks. Regular user training is essential to reduce the instances of cyber incidents caused by human error.

One way of reducing the risk of human error is to create cyber security processes that are simple and do not burden employees with numerous options when logging into company systems. This could include adopting “modern authentication” methods and then training them regularly on how to use these secure login methods.

Simplifying the authentication options and setting clear expectations is not only beneficial but also less complicated for employees. If all organisations could implement modern authentication, such as multi-factor-authentication (MFA), they could reduce the number of incidents that their overstretched security teams have to deal with.

Passwords are a drain on productivity

According to the recent global survey we conducted together with Ping, Our Passwordless Future Survey – many IT leaders cited gains in productivity as a key driver to adopting more secure and convenient methods of passwordless authentication to log in:

  • Seventy-one per cent of Australian IT leaders are concerned with the helpdesk costs associated with passwords.
  • Thirty-seven per cent of helpdesk tickets in Australia are related to passwords.
  • In the past year, Australian IT leaders have seen a 33 per cent increase in password-related incidents.
  • Australian IT leaders estimate employees must enter passwords an average of 15 times a day.

Google and Microsoft’s experience

There are hard and soft costs associated with password problems in all organisations. The hard cost is the password reset and the IT overhead required to deal with it and the soft cost is the loss of productivity when a person can’t log in to their system.

By going passwordless, Microsoft has seen an 87 per cent reduction in both its hard and soft costs. While Google saw a 92 per cent reduction in helpdesk enquiries after introducing MFA.

The government recommends MFA

The Australian Cyber Security Centre has recommended all organisations implement an effective cyber security strategy in line with The Essential Eight. They encourage them to adopt MFA to ensure that remote access is highly secure for all users when they perform a privileged action or access an important data repository.

While most MFA solutions significantly address a lot of security concerns, all MFA solutions may not be the right fit for every organisation. An important consideration for MFA solutions is the user experience and also what cyber skills employees will require. Ease of use, uniformity, speed, portability and availability are some important aspects to consider to ensure the user experience is positive and improves productivity.

Being proactive with cyber security

Due to the huge volume of password-related problems, already over-stretched and under-resourced IT teams are inundated with requests to respond to from employees. This burdens them to prioritise these requests over the security alerts they are receiving about real threats that can potentially be damaging to their IT environment. It wastes their valuable time and can expose their organisation to unnecessary risk.

Implementing modern MFA that is simple and easy to use improves overall security. The added bonus is that it will reduce the amount of password-related helpdesk requests needing to be addressed. This enables security and IT teams to be more efficient and effective with their precious time. They are freed up to become more innovative allowing them to focus on developing and maintaining the entire IT environment and being proactive about security rather than reactive.

Geoff Schomburgk is the vice president for Asia-Pacific at Yubico.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.