How employers and talent can stay ahead of the changing threat landscape
“Strategic employers will act now, while hiring costs are cheaper. Reactive organisation will suffer in three to five years when we have more legislative requirements across Australian companies, and are really feeling a talent shortage we haven’t seen before.”
Australia’s cyber market is growing at over 8% a year, with a recent report predicting it will grow to US$5.8 billion by 2024 and triple in size over the next decade.
In addition, the government has set an ambitious target for Australia to become the most cyber secure country by 2030.
Despite this, employers and talent are increasingly challenged in the fast-changing cyber space. With the emergence of AI, the ongoing talent shortage and competition from the world’s top cybersecurity players, how can Australia safeguard against this ever-evolving landscape?
We caught up with Mohamed Omran, Information Security Manager at Coates, to get his take on how employers and talent can adapt and thrive. Mohamed has amassed an impressive career in cyber strategy and risk analysis, including a stint in Digital Forensics and Incident Response.
Here’s what he had to say.
What are the biggest challenges to managing today’s threat landscape?
The risk landscape is ever evolving. As soon as the industry covers off one vulnerability, hackers will find the next exploitable soft spot. It's a constant game of cat and mouse, strengthening each weakest link as an organisation and an industry. The current landscape includes:
1. Advanced AI weaponisation
Right now, we’re dealing with advanced AI risks - from far more sophisticated phishing emails that can be tailored to employees using their LinkedIn profile, to machine learning tech that understands where your infrastructure weaknesses are and automatically chains several exploits together to get in. We’re looking at advanced and persistent weaponisation, now being democratised and simplified for every hacker. Things that used to require a knowledgeable hacking team to understand how to attack each entry point, are now understood and exploited instantly by a machine.
2. Hybrid work impact
We have a new challenge in technology that’s amplifying the talent shortage: A failure to manage hybrid and remote work.
While I’m impartial to hybrid and remote work approaches, I found - in my consulting days – that many companies never learnt how to manage remote talent. They didn’t buy the tools, and didn’t teach effective team communication, or productivity metrics. So they threw up the white flag with a return-to-work order. This alone won’t resolve these core issues, making life tougher for emerging talent.
How can we safeguard against the current cyber threat landscape?
Cybersecurity is a reactive game, and governance serves as the only timeless safeguard to respond to threats. Employers and talent can take specific action to stay ahead:
What employers can do:
1. Prioritise innovation
Every business that takes innovation seriously, who knows how to manage talent and security, and embraces new concepts, technologies and ways of working, will come out on top.
We can't just focus on today's cybersecurity threats or wait for risks to be fully quantified; we have to anticipate what's coming next. Smart businesses understand this and are already investing in new talent entering the cyber field. This does more than address talent shortages; it prepares the organisation to deal with emerging risks, keeping them a step ahead in a constantly evolving landscape.
2. Invest in young talent
The other thing is to invest in internships and work placements. While there are challenges to this, like extra headcount insurance, lack of space etc, this is the only way to safeguard and future-proof talent for the next five years.
It shouldn’t start with how we can squeeze the most value out of an intern. Start with tempered expectations, and give them something they can taste (even if it’s a pre-prepared program for 3-6 months) to understand what the current tech landscape is. If they excel, look at ways you can transition them into a part or full-time role.
Strategic employers will act now, while hiring costs are cheaper. Reactive organisations will suffer in three to five years when we have more legislative requirements across Australian companies, and are really feeling a talent shortage we haven’t seen before.
What cyber talent can do:
1. Upskill and future-proof your career
Constantly upskilling is key. Make sure that you have a defined development plan to stay relevant – not just for the company, but for yourself. Time-block your week to prioritise your development, and be prepared for technological shifts as the threat landscape changes. Building the right networks, engaging with groups, and seeking mentors will help you progress.
2. Stay on top of AI
Identify which of your current skills will be enhanced by AI; and which skills might become less relevant. Knowing this can guide you on what to learn next, ensuring that you're not just upskilling, but 'right-skilling' to meet the future demands of the cyber industry.
3. Give back to the community
Follow the lead of developers by contributing to community and open-source projects. Such contributions highlight your expertise and put you on the map, attracting recognition from industry players and making you a sought-after candidate. While junior entrants may rely on your contributions to further their careers.
What the cyber community can do
1. Protect the little guy
We should always work with the little guy in mind. The small mum-and-dad shop, that can't afford data breaches, fraudulent transactions or identity theft. We’ve got a bit of work to do to ensure there's a culture where everyone takes ownership of data security. I think any good business, if it truly understood the impacts, would do the right thing.
2. Look out for each other
The other part of culture is about nurturing growing talent. Making sure you're always contributing, always looking out for each other, networking and creating opportunities. Be a mentor that juniors can rely on, and take on your own mentors to give you a heads up on new strategies, whether it's dealing with people management, managing risk, setting KPIs, or having people to support you on your professional journey.
Cybersecurity and the talent shortage is an ongoing challenge for every organisation. As our lives become more interconnected, our attack surfaces will become more vulnerable.
Investing in young talent and technology, upskilling, and fostering a supportive culture will help us become cyber resilient as individuals, organisations and a country. If we invest in these things now, we can look forward to a more secure future.