Over the past few years, the UAE has been placing a lot of importance on innovation and digitization. The business ecosystem has opened itself to increased e-commerce, cloud computing, internet of things (IoT) technology, robotics, artificial intelligence and machine learning. This rampant growth in technology coupled with a concentration of wealth in the region has made it a target for cybercrime. While technology, strategies and processes have been put in place to combat this threat, there still seems to be a weak link – a shortage of skilled cybersecurity professionals.
An initial glance at this weak link makes it seem like the talent pool is failing to meet the demand for skilled cybersecurity professionals. Yet, there's more to it than meets the eye. These roles require manually looking through millions of lines of code to find and rectify possible vulnerabilities. This requires high-levels of knowledge, experience and patience, which is then accompanied by a salary that a lot of small to mid-level firms find too costly for their budget. As a result, these firms sacrifice quality for a number of lesser experienced cyber professionals.
"We can expect a global shortfall of 3.5 million cybersecurity jobs by 2021 according to Cybersecurity Ventures. The obvious way to overcome this by fostering the cyber talent of tomorrow through initiatives such as 1 Million Arab Coders, and internship programs by both government and private sector organizations," said Nicolai Solling, CTO, Help AG.
"Lack of skilled talent tops the list of obstacles in all industries and across all regions," according to the CISCO 2018 Annual Cybersecurity report.
The threat remains real
2019 has already witnessed its first data breach with the Have I Been Pwned? website reporting 22 million passwords and 700 million email addresses compromised in a massive data breach called Collection #1. The memory of the WannaCry ransomware attacks and the espionage campaign reportedly undertaken by the group named MuddyWater have not yet faded. The latest study released by IBM Security and Ponemon Institute has the total cost of a data breach in the UAE and Saudi Arabia pegged at $5.31 million, which is a whopping 7.1 percent increase since 2017. The global study covered 477 organizations in 15 countries.
"Simply put, you cannot solve challenges you aren't aware of. With cybersecurity, I've noticed that too many Middle East organizations invest in the very best security solutions yet fall victim to attack as they often aren't aware of how to properly implement, configure and utilize these solutions," Nicolai Scolling said.
In the second week of January 2019, security consultancy HelpAG launched an ethical hacking training program to boost cybersecurity skills and uncover security vulnerabilities through simulated cyber attacks.
UAE's strong response to cyber skills shortage
A number of steps are being taken to overcome the skills deficit. On Sunday, the third edition of the "Emirati Programmer" program was launched featuring the additional subjects of the Internet of Things (IoT) and Cyber Security. The program aims to create Emirati national graduates equipped to lead the use of advanced technology.
U.S.-based SANS Institute also announced an immersion-style cybersecurity training program called SANS Dubai 2019 at the Hilton Dubai Jumeirah Beach from January 26 to January 30. It aims to help participants develop the skills required to defend against security breaches and future attacks.
“Organizations in the region continue to experience a shortage of cybersecurity professionals, which is creating overwhelming pressure on their inadequately staffed cybersecurity teams. The shortage of cybersecurity professionals around the globe has never been more acute. In fact, a recent Gartner survey reveals that only 65% of organizations globally have cybersecurity experts. It, thus, becomes even more important to invest in developing cyber security skills of the future, today,” said Ned Baltagi, Managing Director, Middle East & Africa at SANS Institute.
Abu-Dhabi based Dark Matter Group revealed its DigitalE1 initiative in Sept. 2018. It seeks to develop local and regional cybersecurity talent
Automation and the development of artificial intelligence have also been put forward as alternatives to skilled cyber professionals, however, it will fail to completely replace skilled algorithm architects and bridge the existing gap. The technology could help through basic threat analysis, testing and data deception tactics, but cyber experts will need to work hand-in-hand with it to keep malicious elements at bay.