September 23, 2021

Wanted: Millions of cybersecurity pros. Salary: Whatever you want –

A series of major digital security breaches over the past year are serving as a wake-up call to Corporate America about the need to invest in cybersecurity.

Friday brought yet another reminder of the risk of cyberattacks, when Microsoft (MSFT) said the hackers behind the 2020 Solar Winds breach launched a new attack on more than 150 government agencies, think tanks and other organizations globally. But perhaps the most striking recent example is the Colonial Pipeline ransomware attack, which forced the company to shut down the pipeline temporarily — resulting in gas shortages and price spikes in multiple states over several days. The debacle cost Colonial at least $4.4 million, the amount its CEO admitted to paying the hackers.

In the weeks before the attack, the company had posted a job listing for a cybersecurity manager. “As far as I know, this is the first cybersecurity incident that has led to a measurable economic impact on the American population,” said Jonathan Reiber, senior director for cybersecurity and policy at AttackIQ and the chief strategy officer for cyber policy under the Obama administration’s secretary of defense. “It should be something that triggers people,” he said. The takeaway from such security breaches, according to experts, is that it’s high time for companies to start investing in robust controls and, in particular, adding cybersecurity professionals to their teams. The only hitch: There’s a massive, longstanding labor shortage in the cybersecurity industry. “It’s a talent war,” said Bryan Orme, principal at GuidePoint Security. “There’s a shortage of supply and increased demand.”

Experts have been tracking the cybersecurity labor shortage for at least a decade — and now, a new surge in companies looking to hire following recent attacks could exacerbate the problem. The stakes are only growing, as technology evolves and bad actors become more advanced. In the United States, there are around 879,000 cybersecurity professionals in the workforce and an unfilled need for another 359,000 workers, according to a 2020 survey by (ISC)2, an international nonprofit that offers cybersecurity training and certification programs.