The Cybersecurity Skills Shortage: The Biggest Threat to SAP Cybersecurity
Sep 27, '18 by Joerg Schneider-Simon
The enemy is coming … and the white hats are outnumbered.
It’s predicted there will be a worldwide shortage of cybersecurity professionals—2 million of them, to be precise—by 2019. Should someone from your own cybersecurity team leave your company (for example, to take a better offer), experts suggest it could six months or more to find and hire a replacement.
If your organization uses SAP, the news is even worse.
Cybersecurity professionals are hard to find, but SAP cybersecurity professionals are incredibly rare.
First of all, it’s important to clarify the distinction: Because SAP has a very different risk profile and environment than other platforms, typical cybersecurity tools (and expertise) will not be as effective.
Traditional corporate anti-virus programs that protect via vulnerability shielding, on-access and scheduled scans, and memory/process protection are unable to operate with SAP. Why? Because of the way SAP processes and stores files. What’s more, standard anti-virus programs don’t even connect to or understand SAP’s virus scan interface.
For these reasons, it is vital that cybersecurity professionals in an SAP environment possess specialized skills and tools. Unfortunately, finding people with those skills is proving to be an enormous challenge.
Where Are the Cybersecurity Experts?
You would think people would be stampeding toward a career with almost-guaranteed job security. And yet, very few people are entering the cybersecurity field. Instead, the industry is dominated by middle-aged men, some of whom are starting to think about life after retirement. Because there are so few new entrants in their 20s and 30s and very few women, the field of candidates is much narrower. This allows the massive, household-name employers to scoop up all the talent, leaving smaller or less well-known companies empty-handed.
Why aren’t Millennials going into cybersecurity? One possible reason is that cybersecurity as an industry has dropped the ball on marketing itself to young people choosing a career path, leading many to view cybersecurity as being part and parcel of regular IT work. In addition, many cybersecurity job postings demand a bachelor’s degree. However, many Millennials are choosing to forgo typical college educations. Combine that with a tendency of companies to solely seek out experts rather than train promising (but uncredentialed) newcomers, and we find ourselves with a potential pool of talent that a) doesn’t have the cybersecurity industry on their radar and b) can’t gain experience because nobody will hire and develop them.
Many women have had excellent careers in cybersecurity. So why aren’t more of them around? Currently, women make up only about 10% of the cybersecurity workforce, which means that a lot of women are either staying away completely or joining but quickly leaving.
And for those bold women who do pursue a career in cybersecurity? Even these trailblazers tend to leave the industry. Some struggle with a punishing workload and schedule that leaves little time for family (despite strides in equality, women are still doing the lion’s share of child-rearing duties). Others leave due to a hostile work environment and lack of support from higher-ups.
Naturally, then, if young people and women aren’t going into or staying in cybersecurity, there are that many fewer people able to specialize in SAP cybersecurity.
This leaves us with a cybersecurity field that has an almost-empty talent pipeline.
Why the Cybersecurity Expert Shortage Matters
Cyberattacks on businesses are steadily increasing, and the number of data breach victims are rising sharply every year.
In an environment where the percentage of companies reporting a cybersecurity skills shortage has almost doubled in just four years, this does not bode well for companies with sensitive data to protect.
Clearly, something needs to change, and without a moment to waste. However, there is some good news: Companies can take steps today to safeguard their future.
Bridging the Cybersecurity Skills Gap
A good start is to invest in your people. You may have IT or analytical staff who would excel at cybersecurity, if simply provided with some in-depth training. By developing a robust cybersecurity skills training program, you can also widen your net when searching for new talent. A candidate may not have a degree, but they may have relevant talents and experience that, given the right training, would transform into formidable cybersecurity skills.
Considering that 33 percent of cybersecurity executives arrived in the industry via non-technical careers, it’s important for hiring managers to remember that technical expertise can be learned.
In addition, also cast an eye upon your company culture. Are your company’s female staff integrated and welcomed in all departments? Or is there a is there a culture of exclusivity in certain areas? What policies do you have in place to address issues of harassment, and do you support work-life balance – not just on paper, but in practice?
To support the staff you do have, today’s automation processes can help lean cybersecurity departments do more with less. There may be tasks that do not require expert analysis and that could easily be automated, freeing up staff time and resources for more critical tasks.
Another option to consider is using external tools and teams for certain aspects of your cybersecurity, especially in specialized areas like SAP cybersecurity. “In light of the cybersecurity skills shortage,” says Joerg Schneider-Simon, CTO and Co-founder of bowbridge, “companies will need to look at partnering with experts, so they can access tools and teams that will lighten their burden while effectively bolstering their cybersecurity.”
To stave off the rising tide of cyberattacks, companies should reconsider how they will hire, train, and retain cybersecurity professionals. The more unnecessary barriers that can be removed, the greater the breadth of expertise that can be gained. And when a smarter human resources strategy is combined with useful support tools such as automation, or with specialized external teams and software, companies will find themselves equipped with a stronger, more prepared team of cybersecurity professionals, ready to face the enemy.
Learn more about how cyberattackers use malicious inputs and attachments to compromise SAP cybersecurity in our webinar, Protecting Your SAP Applications From Content-Based Cyberthreats.