Cisco Security believes there is a talent shortage in cyber security but there are opportunities in SA to rectify this by training young people in these roles.
"There are just not enough people to support the tools and systems available, so there is a real talent deficit," according to Adam Philpott, director of EMEAR Security Sales at Cisco.
Philpott says there is a deficit of one million practitioners globally and SA faces the same talent shortages.
He says there are great initiatives at schools and universities globally to teach coding and attract more young people to study science, technology, engineering and maths. He sees an opportunity for similar initiatives in the cyber security domain.
"Cisco works with many governments, private organisations and universities globally. I think there is a public/private partnership opportunity that we are certainly exploring with the South African government to look at what role we can play here and how can we help.
"We are in pilot phase. We are doing smaller things with universities and schools to see what works."
Cisco has had an interest in education in IT for a long time and though its Networking Academy programme has helped over 5.5 million people prepare for the IT workforce since 1997.
"When we started the Networking Academy it was to face a similar challenge 20 years ago, which was everybody wanted to connect to the Internet but there weren't enough skills to help them do so. So we set up the academy and seeded a huge amount of skills into the marketplace."
Over a million students now enrol each year, with over 20 000 instructors guiding students at around 9 000 academies offering courses.
Philpott says what makes the talent shortage worse is that the way organisations have defended themselves up to this point is buying different products to solve their problems.
"You just end up with all of this stuff and it just becomes extremely complicated to operate, and the skills they need become very broad in a market where there are already very few skills at a high cost."
He says the different tools also don't always integrate together because they are from different vendors. Moving towards automation is a key way to solve skills problems but most companies have too many different security products that work well on their own, but together make a very complicated system that is difficult to manage.
"Trying to get meaning from that and being able to automate rather than rely on people becomes very difficult, if not impossible," says Philpott.
"While we can automate, we still don't have enough people. This is not a short-term issue, it's a long-term issue."
Adapt or die
"The threat landscape is very sophisticated, therefore the way we secure ourselves today needs to be different to how we secured ourselves yesterday," according to Philpott.
He says the rising number of devices on networks pose security challenges, and businesses and individuals need to realise because of threat sophistication: "it's no longer if you are going to be attacked, but when".
Companies can no longer only mitigate against attacks, they need to have capabilities to quickly recognise an attack has taken place, know what has been breached, and react to remediate.
"In the past, it used to be: let's keep the bad stuff out, put a firewall in and we are all comfortable. That ship has sailed. Now there is no boundary really; I'm on a mobile device, or I'm accessing a cloud application, or I'm working from home or remotely, or I'm in the office on a device I own so there is no boundary anymore."
Managing risk
The rise of digitisation has brought extensive innovation but has also enabled the rise of cyber attacks.
"We are seeing in the press every single day exposures, vulnerabilities, breaches, and so I think it is top of mind for a lot of board members. We certainly consider it to be well out of IT and well into the boardroom in terms of its visibility because we are seeing executives leave companies as a result of breaches. So it's a real issue not just for corporations but also for the individuals responsible for them."
However, he says sometimes executives' memories are short.
"We have seen some bit retail breaches globally in the last 18 months and it makes those industries sit up and listen. But talking to executives we find that very few maintain that level of attention on a reporting perspective; some will be very interested and then their interest will dissipate as they focus on their core business, which is understandable.
"So finding a sustainable governance model where IT can be relevant to the board and help them accelerate their digital strategy, help them understand their security posture with clear metrics but not be demanding all of their time, is the balance we need to find."
He notes SA like everywhere else is facing a lot of online security breaches.
"These threats are universal they are not in one domain or another; they may hail from different domains but they attack everybody. These are global trends but they are extremely relevant here."
Africa is key
"We continue to invest in Africa; we are seeing very strong growth in Africa. We have made a lot of investments here, not only in the securities team but broadly in Cisco and we will continue to do that."
Philpott says Africa remains an important future market because of the sheer volume of people on the continent, high birth rates and opportunities for a young population. He says it is important to not only see inbound innovation into Africa but outbound innovation that can be exported elsewhere as well.
"There is a lot of local innovation. In the rest of Africa, outside of SA, there are some fundamental constraints in terms of connectivity, so that is an impediment to digitisation but the interesting thing is it means we cannot solve problems in a consistent way; we need to solve them in different ways. So that necessitates innovation and we see some really interesting things coming out of Africa."
Philpott says Cisco plans more engagement in public/private partnerships for talent development in South Africans going forward.
"We've got huge plans for South Africa, We continue to invest in SA; we are driving great growth here, and I think we will see a great focus on cyber security."
Philpott says Cisco's cyber security business is worth $2.5 billion and makes up around 6% of Cisco's total business. The company has invested $5 billion over the past three years into security and sees it as a growing business.
Share