The threat of cybersecurity breaches is a high priority for Canadian businesses and industries. Attacks are happening with greater frequency and impact as cybercriminals adopt new technologies and their supporting criminal networks mature.
Staying ahead of adversaries requires widespread awareness of their tactics and access to skilled cybersecurity experts. Yet, a global cybersecurity talent shortage exists, stretching Canadian organizations’ ability to defend against this rising tide of cybercrime.
Facing these workforce development challenges requires Canadian organizations focus on three priorities: upskilling existing employees, growing the talent pool, and normalizing cybersecurity practices. By focusing on these three priorities, organizations can help to close the cybersecurity skills gap.
Accessing skills training
The struggle to recruit and retain qualified security professionals has business leaders investing in upskilling the talent they already have. A recent survey of human resources managers found that 86 per cent believe ongoing training helps staff retention. Even more compelling, the Fortinet 2023 Cybersecurity Skills Gap report found that 90 per cent of respondents would pay for an employee to obtain a cybersecurity certification.
There are many high-quality cybersecurity training and certification programs available. The Fortinet Training Institute, for example, is focused on increasing access to cybersecurity training for learners of all skill levels, from new entrants to security professionals looking to keep up with the evolving threat landscape. Fortinet’s Security Expert (NSE) Certification program even offers role-based training opportunities so employers can target specific skill sets needed to fill gaps in their security team.
Upskilling through certification can give participants the knowledge they need to advance their careers and increase productivity. Employers may see improved morale and enhanced employee satisfaction, among other perks. Nearly all leaders surveyed (95 per cent) with certifications themselves or with a certified employee on their team experienced positive results, such as increased cybersecurity knowledge (72 per cent), better performance of duties (62 per cent), and even higher salaries (47 per cent).
Growing the talent pool
Globally, the cybersecurity workforce gap has topped three million people. At home, the Canadian Centre for Cyber Security reports that the number of jobs in the field continues to grow yearly. Among the challenging roles to fill are security operations center (SOC), cloud security specialists, network security architects, and penetration testers.
The impact of this shortage is tangible. According to the same Fortinet report, over 80 per cent of organizations suffered a security breach, with almost a third suffering five or more. And nearly 70 per cent of security leaders say their companies face additional risks because of the cybersecurity gap.
The talent shortage means recruiting qualified professionals requires more creative approaches. Employers and academia must reach into untapped talent pools to bolster the numbers entering the field. For example, women make up half the population but only 24 per cent of today’s cybersecurity workforce. Expanding the cyber security talent poll in Canada could include outreach to newcomers to Canada, women, and other under-represented communities.
Veterans are an example of a talent pool that was successfully targeted to address the skills gap. The Fortinet Veterans Program prepares veterans for jobs in cybersecurity by providing training and certification opportunities that take advantage of their many transferable skills. The program has impacted over 3,000 by providing skills training, mentoring, and networking to help connect participants with actively recruiting employers.
Build cybersecurity awareness
While building a robust cybersecurity workforce is essential, organizations must also manage risk. New technologies, hybrid work arrangements, and automation magnify the need for ongoing learning for all employees, not just those in the security operations centre.
Fortinet’s Security Awareness and Training Service helps security, IT, and compliance leaders build a cyber-aware culture where employees recognize, and avoid falling victim to, cyberattacks. Recently, Fortinet made an education-focused version of this training available at no cost to K-12 school boards and private schools across Canada. The move follows research that shows over 90 per cent of schools experienced one or more breaches during the last 12 months, and almost all (98 per cent) believe increased cybersecurity awareness for all education staff reduces cyberattacks.
Working together to close the cybersecurity skills gap
Like all nations, Canada is facing growing cyberattacks designed to create chaos, earn ransom, and even disrupt essential services. At the same time, competition for qualified professionals continues to heat up and open positions remain unfilled.
Organizations can combat the growing cyber skills gap by investing in upskilling existing employees and growing the talent pool. Certification programs can provide an accessible, impactful way to upskill staff while also acting as an entry point for new talent, including those from under-represented groups.
Organizations can also mitigate risk and support their resource-strapped security teams by ensuring all employees receive cybersecurity awareness training.
Addressing the skills gap has never been more critical. By balancing these workforce development priorities, organizations will be well-positioned to attract and retain the talent they need to meet the challenge of today’s cybercriminals.
Rob Rashotte is vice-president, Global Training & Technical Field Enablement at Fortinet