Follow GISEC

Gisec 2022 cyber security sector faces jobs gap of 2.5 million professionals Ransomware was the attack of choice in 2021 and Microsoft study found staff shortage adds to strain

THE NATIONAL, March 22, 2022

The global cyber security industry has a massive 2.5-million jobs gap it must fill to keep up with an evolving digital underworld, a Microsoft Gulf official said.

Companies face the challenge of scrutinising candidates for these jobs, who need to be equipped with forward thinking as well as the latest knowledge.

They should also be ready to undergo training on new methods cyber criminals may weaponise, said Mohammed Arif, director of modern workplace and security at Microsoft UAE.

“Globally, cyber security jobs are among the fastest-growing profiles; there is a shortage of 2.5 million. It is important that we educate people on the key new trends and skills they need to have to become a strong security professional,” Mr. Arif told The National in an interview during the Gulf Information Security Expo and Conference in Dubai on Monday.

He said cyber attacks have become increasingly complex and difficult to detect, morphing into indiscriminate and elaborate operations.

The most recent example was the attack on US IT management company SolarWinds, which compromised big companies, governments and countless individuals on several continents.

The debacle demonstrated the need for greater IT vigilance and more watchful eyes within corporate ranks, and this shortage of manpower is putting a strain on security teams and organisations, according to Microsoft research.

The number of job openings is expected to grow to 3.5 million by 2025, research firm Cybersecurity Ventures said in its latest study. It had also projected that cyber criminal activities inflicted damages worth about $6 trillion globally in 2021, which would grow to $10.5tn by 2025.

A career in the industry can also be rewarding: a cyber security architect, for example, can potentially earn anywhere from Dh41,000 ($11,164) to Dh52,000 per month in 2022 in the UAE, according to a recent study from recruitment agency Cooper Fitch.

Data breaches and major IT cuts worry companies the most, German financial services company Allianz said in January.

An arcade game installed to entertain visitors at the floor of Gisec Global 2022 at the Dubai World Trade Centre on Monday.

Ransomware was the attack of choice and caught people by surprise in 2021, and was only part of the rapid acceleration of cyber attacks that have become more complex, frequent and increasingly destructive, Mr. Arif said.

To minimise the already challenging nature of selecting the right people for the job, companies should cast a wider net and promote more inclusion in hiring. In particular, women – who represented only a quarter of cyber security jobs in 2021 – have a huge opportunity to contribute to the field, the Microsoft study showed.

“Gender-diverse” teams make better business decisions 73 per cent of the time, according to a report from data analytics firm Cloverpop. it said. To be defined as such, a team had to include at least one man and one woman, it said.

“We can vastly decrease the deficit by deliberately expanding our hiring and mentorship of underrepresented groups who can bring so much to the table.”

Individuals must always remain on the learning curve, voluntarily boosting their skills, Mr. Arif said. But there is also a responsibility from corporate leadership to ensure that their staff get the proper training or risk cyber crime seeping through cracks in their infrastructure.

“Increasingly, the responsibility of corporates is not just securing their infrastructure and users but also making it easier for their employees to secure it,” he said.

Microsoft, the world's largest software company, will continue to increase its investments and forge partnerships in the UAE's cyber security field, Mr. Arif said.

On Monday, it said it has partnered with e& – the UAE's biggest telecom operator, formerly known as Etisalat Group – to boost innovation and offer more tech-driven products to customers.