The shortfall in specialised IT security skills is increasing the risk profile of South African organisations. Addressing this shortfall demands an increased focus on developing a skills pipeline within public-private sector partnerships, says Fortinet South Africa.
Ron Harris, Major Account Manager: public sector at Fortinet South Africa, says the IT security skills shortfall is a global problem. “In South Africa, we see cyber risk exposure increasing due to the skills shortfall, as well as due to ageing security infrastructure that is inadequate for mitigating increasingly sophisticated attacks.” This is a problem particularly apparent in the public sector, he says.
However, South Africa is not alone in this. Global studies indicate a drastic need for more cyber security experts in public sector, with a 451 Research study of more than 1,000 IT professionals finding security managers reporting significant obstacles in implementing desired security projects due to lack of staff expertise (34.5 percent) and inadequate staffing (26.4 percent). As recently as July 12, 2016, the US Office of Management and Budget issued a Memorandum entitled “Federal Cybersecurity Workforce Strategy” discussing how the Federal government was attempting to address recruitment challenges for the Federal cybersecurity workforce. On a broader industry scale, current estimates show up to one million cyber security job openings with demand expected to rise to 6 million globally by 2019.
Harris believes that in South Africa, the public sector is well aware of the risks of cyber attack, non-compliance, reputational damage and service delivery impact. “We see many public sector organisations moving to improve their levels of IT security. However, many others are challenged by budget constraints and skills shortages, resulting in their running ageing and varied point solutions, and requiring outside assistance for patching and maintenance.”
These, he notes, are expensive and risky approaches to securing systems and information. “Often, there is also a disconnect between network performance and security, with organisations focusing their energies on improving network performance at the cost of security,” he says.
Two immediate solutions to these challenges include integrating and updating enterprise security, and building a skills pipeline, says Harris.
“By updating ageing solutions and integrating them into a single stack, organisations gain easier management, a single view of the environment, and require fewer skilled resources to manage IT security. By aligning network performance and security performance and the associated IP, the organisation stands to gain both optimal security and network performance,” he says.
Skills development is a longer-term, but crucial investment, he notes. “A number of South African IT stakeholders, and many local organisations, are investing in IT security skills development. However, these programmes need to be beefed up if we are to achieve the level of IT security skills we need in the country.” Public and private sector need to embark on focused cyber security training and certification programmes that deliver both theoretical and practical training, in order to support government’s strategic objectives to reduce unemployment, develop the economy and enhance service delivery, Harris says.
Aiming to contribute to a local IT security skills pipeline, Fortinet South Africa is in talks with local tertiary institutions to bring the Fortinet Network Security Academy (FNSA) to South Africa. The FNSA is a global initiative introduced earlier this year to develop and train action-oriented cyber security experts to manage new and advanced threats on the horizon. Through tertiary institutions, the Academy provides theoretical and practical Fortinet training and certification to students around the world.
The programme has already been rolled out in the U.S. at institutions such as Cape Coral Technical College in Florida, Per Scholas in Atlanta, New York, Columbus and Cincinnati, the Institute for Veterans and Military Families at Syracuse University in New York; at Dalhousie University in Nova Scotia, Canada; Willis College in Ottawa, Canada; and HTL Rennweg in Austria. Twenty additional organisations are expected to become Academy sites soon.
Harris says: “Fortinet has recently started talks with South African IT-focused education facilities on bringing the FNSA programme to South Africa. Our contribution to this training would include the necessary technologies, network security expert level four training and the exam, fully integrated into the related faculty degree or diploma course. This programme would make students more marketable on graduation and would also serve to take much-needed advanced cyber security skills into the workplace.”
In addition to promoting the FNSA, Fortinet is also actively up skilling its partner ecosystem through partner and end-user technical break-away sessions lead by both local and international systems engineering teams, where IT professionals participate in in-depth workshops to update their skills on the latest technologies.
“We, and other industry players, need to work with public and private sector organisations to focus on training more learners to prevent cybercrime, and continue to expose more IT professionals to the latest security technologies and trends,” says Harris.