CyberSeek, an initiative funded by the National Initiative for Cybersecurity Education (NICE), reported that as of January 2019, the United States faced a shortfall of almost 314,000 cybersecurity professionals. To put this in context, the country’s total employed cybersecurity workforce is 716,000. In Kenya, such professionals are short of 2000!
The shortage of cybersecurity experts, once termed as a global phenomena by Ron Green- Executive Vice President of MasterCard and the Chief Security Officer Globally, only proves only one fact: organisations are not keen in training cybersecurity professionals. They are even lesser focused on employing them prolly due to the shortage.
“Kenya has about 1600 trained cybersecurity experts against a potential 51.1 M users of the net,” reads a report by the Communications Authority of Kenya on cyber security gap.
During a recent cybersecurity forum at the Serena Hotel, Nairobi, hosted by TechMax and Tenable to discuss cyber security vulnerability, prediction and management, vendors of cyber security were challenged to offer it as a service (CSaaS).
“Welcome to the forum that will help individuals and organisations manage vulnerability,” said Patrick Kimiti, CEO TechMax adding,” The forum seeks to explore vulnerability, management and predictive prioritization.”
Alluding to a study that reported about 10,000 qualified cyber security (CS), Cecile Boyer, the Channel Manager at Tenable, who spoke about Prioritization and Compliance declared cyber insecurity a global disaster noting that personal data is being compromised even without owners of it getting to know.
“In Africa, there are less than 10,000 certified cyber security professionals to protect a population of over 1.3 billion people across the continent,” she quoted the report. She added that 60% face talent shortage of cyber security professionals.
In 2017, as noted at the forum by David Menza the Head of IT Security at Housing Finance Bank, Kenya Revenue Authority system was allegedly attacked resulting to a huge loss of about Sh21.1 billion according to Kenya Cybersecurity Report.
David further noted that consequently, the Central Bank of Kenya (CBK), following this and other rampant cyber-attacks on financial institutions, released a guideline, aiming to create a safer cyberspace that underpins information system security priorities for institutions. However, even with these appropriate measures put in place, systems continue being infiltrated and compromised every day in the financial sector, continually causing great financial losses.
In his challenge to cyber security vendors, he says; “Cyber Security is not a core business for any organisation, what is required therefore is Cyber Security as a Service.”
The law of vulnerability as says Praven Pillay, the Lead of Cyber Exposure at TechMax in South Africa states that the longer the vulnerability, the easier it is for attackers to exploit; Ease of Exploit.
He avers that security revolves around People, Products and Technology (PPT) and that the C-suite do not care so much about the process of installing cyber security measures as they do about the result. His solid advice is that cyber security professionals should levere on the PPT to start from discovering all the assets on a network then proceed to protect them.
“Cyber exposure enables organisations to manage and measure the modern attack surface and to accurately understand and reduce cyber risk,” says Praven who concludes by accepting the challenge to tailor-make CSaaS to different organizations depending on what customisations suites them.
Write to us firstname.lastname@example.org