Australia continues to grapple with the ramifications of a massive cyber security skills shortage, underscored by another recent large-scale data breach. The big concern is whether the nation even has the resources to strengthen resilience.

Recently, the electronic prescription company MediSecure fell victim to a major ransomware attack. Together with other major incidents such as Optus, Latitude Finance and more in recent years, the event was a reminder of the ongoing and urgent need for skilled cyber security professionals.

This need for cyber security skills grows by an estimated 5,000 workers annually. Unfortunately, the domestic university system is only expected to be able to scale to produce around 2,000 workers with cyber security expertise per year by 2026. That shortfall means that more organisations are going to be put at risk, and undermines the entire Cyber Security Strategy 2023-2030 the Australian government had flagged as a core strategy.

In short, Australia can’t solve the shortage by maintaining the status quo. A multi-faceted cyber security strategy, supported by investments into scaling cyber capabilities, will help Australia address the root causes that explain why so many data breaches are being reported with such frequency. But it will require a combination of the industry, government, private sector and individuals to work collaboratively.

Seven possible solutions to this cyber security conundrum

Overcoming the growing gap between the demand for cyber security capabilities and the availability of them in the employment market requires a multi-faceted approach.

Encourage individuals to self-upskill

Making it easy for individuals who have existing skills to add cyber security to the mix is a straightforward way to bolster the overall depth of skills within Australia. The incentive is there, as there is an increased earning potential for having cyber security skills. It just requires better access to and availability of flexible training (such as online and evening courses), so people can study while also working.

Build capacity in the university sector

Cyber security is going to be a lucrative career opportunity, so combined with targeted programs, it should be possible to increase graduates with capabilities across sectors beyond the current projections.

Improve pathways for international talent

In the recent federal budget, the Australian government announced a plan to reduce the number of overall migrants into the country, but to make it easier for skilled migrants to obtain visas.

With most nations around the world experiencing cyber security skills shortages, the social, lifestyle and career benefits of living in Australia should help the country remain in-demand for skilled migrants.

SEE: Women in Cybersecurity: ISC2 Survey Shows Pay Gap and Benefits of Inclusive Teams

Work with the industry to develop solutions

Google recently announced plans to integrate AI into its cyber security products, and increasingly there are also tools available at the consumer level, like Bitdefender’s Scamio, which can assist individuals in managing their own security risk.

Increase cyber security investments

Teams within the most “at risk” sectors, such as banking and healthcare, can be expected to increase investment into cyber security, as protecting their customers is in their best interest. This may mean it will be even more difficult for organisations outside of those sectors to find talent, but it should mean that across the nation breaches have a lower impact.

Implement the Digital ID solution

The government is taking steps to protect the nation with a Digital ID solution that, while controversial, would mean that individuals don’t need to send private enterprises critical forms of identification to apply for loans, home rentals and so on. Because their data won’t be held across multiple private enterprises, individuals can have greater confidence that should any of them be breached, the cyber criminals still won’t be able to access their identifying information.

Invest in the education of the nation

Technology tools will help, but cyber security also needs to be treated like fire safety or first aid, with all Australians encouraged to develop a baseline understanding of security best practices and then continue to refresh that knowledge on a regular basis.

How cyber security leaders can help manage risk through the skills shortage

For cyber security leaders, it might sound counter-intuitive, but the goal needs to be to leverage technology and partnerships to reduce the workloads on their team. For the internal security teams to be effective, they need to transition their roles to become more strategic and focused on oversight, rather than being in the proverbial trenches.

To achieve this objective, cyber security leaders should:

• Partner with managed security service providers: Cyber security professionals should consider partnering with managed security service providers to extend their capabilities. MSSPs can offer a range of services, from 24/7 monitoring to advanced threat detection and response. This partnership allows in-house teams to benefit from the expertise and technology of MSSPs, and can fill the gaps in the internal team’s capabilities.
• Engage in public-private partnerships: Public-private partnerships can be a powerful tool in combating cyber threats. By working together, the public sector and private companies can combine their resources and expertise to develop stronger security frameworks. These partnerships can also facilitate the sharing of threat intelligence and best practices, enhancing the overall cyber resilience of the nation.
• Prioritise strategic risk management: It’s essential for cyber security professionals to prioritise strategic risk management. This involves identifying the most critical assets and vulnerabilities within an organisation and focusing efforts on protecting these areas. By adopting a risk-based approach, professionals can allocate their limited resources more effectively and ensure the most significant risks are mitigated.
• Focus on strengthening the role of the CISO within businesses: Currently, the CISO is seen as one of the relatively “minor” roles within the C-suite, and the CIO is still the one given oversight into the strategic direction of IT. Smaller enterprises often don’t have a CISO at all. This should be shifted in recognition that good cyber security is a strategic priority, because by de-risking IT, organisations can make better use of it. Across the organisation, there should be greater effort put into engaging the security teams with other IT operations.