A recent report on NPR said that cyberattacks originating in China are continuing to increase, even as the number of indictments and charges against hackers has increased as well. The proliferation of online transactions, and the so-called Internet of Things — devices that allow us to connect remotely — has raised the risk of hacking across a wide spectrum of our lives.
But while indictments and arrests are happening, the problem is outpacing the efforts of people who do cybersecurity work — in part, because there are not enough of them.
"They predict by 2021, there will be 3.5 million unfilled jobs in cybersecurity. And I think really, that comes from the fact that cyberattacks are increasing," says Jen Rathburn, partner with the law firm of Foley and Lardner LLP, specializing in data protection and security.
"The cost of cyberattacks are now over $1.1 million on average, that's new stats coming out in January. On average, it takes 201 days to even find a cyberattacker," she adds.
With information systems becoming more complex, the rise of data companies, and the low funding for cybersecurity, more sophisticated systems are becoming harder to protect.
"You can hire every single person that's going to be coming out of a program in the near term and you still won't fill the labor shortage," says Tina Chang, CEO of Wisconsin-based SysLogic, which works in the cybersecurity field.
Chang notes that there are dozens of cybersecurity jobs and skillsets — from governance and compliance to operations and technical.
"It is stretching technology people to be strategists — to not just do but to think," Chang explains. "The best types of cyber professionals tend to be very collaborative, they are committed to being intellectually curious and curious about what's happening and how others think so that they could understand and predict what doesn't even exist today."
Cybersecurity is still a relatively new field that has now developed into a risk management and strategy issue according to Chang. In order to better fill this need, she recommends activating people from the private sector into universities and even high schools to "start planting seeds of how to think about cyber."
Rathburn says that in today's world it's no longer about training people how to prevent cyberattacks, "it's really to prepare for a cyberattack." And that can't be done without enough cybersecurity workers.