Robust cyber defenses depend on enough qualified staff to execute them
Manufacturing continues to be among the most susceptible sectors of the U.S. economy to cyberattacks. According to research recently conducted by security force multiplier ReliaQuest, cyberattacks for the year ending on June 30 increased 53% at automobile and parts plants, 92% at chemical companies, and a whopping 195% at aerospace firms.
The reasons manufacturing companies continue to be prime targets for hackers and other cybercriminals run the gamut, from their high dependence on technology and automation to the complex nature of the supply chain to the continued shortage of cybersecurity talent, all of which can impact productivity and result in tremendous financial and reputational losses.
See also: Clorox cyberattack to cost up to $593 million
And while most manufacturers have taken steps to secure their digital footprint, it’s the inability to expand their workforce and lay a solid foundation for the future growth of their cybersecurity teams that has continued to plague manufacturing as a whole.
The workforce problem is raising red flags all over IT. Technological research and consulting firm Gartner concluded in report this February that by 2025, nearly half of cybersecurity leaders will change jobs, 25% for different roles entirely due to multiple work-related stressors.
Coupled with a hot cybersecurity talent market, Gartner also concluded that insufficient attention to human factors poses a major threat to the ability of security teams to keep their organizations safe. The research suggests a number of factors are hampering organizations’ ability to prioritize security risk management and align it with ongoing business success. These factors include: compliance-centric security programs; low levels of support from C-level and executive leadership; and subpar industry-level maturity
“Cybersecurity professionals are facing unsustainable levels of stress,” said Deepti Gopal, director analyst at Gartner. “CISOs are on the defense, with the only possible outcomes that they don’t get hacked or they do. The psychological impact of this directly affects decision quality and the performance of cybersecurity leaders and their teams.”
Another study raises alarms about cybersecurity staff shortages and their impact on security.
Manufacturers need cyber hires ready to go on Day 1
What can manufacturers do to change the equation and begin to fill the thousands upon thousands of open cybersecurity positions that exist nationwide? Clearly, finding qualified cybersecurity employees has cyber teams stretched thin and, in many cases, unable to work effectively. While the usual solutions such as on-the-job training, recruitment benefits, and signing bonuses help, they do little to mitigate the bigger issue: Employers need qualified new cyber hires to be able to hit the ground running.
With that in mind, there are several steps manufacturing firms can take to increase the pool of cyber talent, starting with the job descriptions themselves. Rather than creating a job description that lists every conceivable task the cybersecurity professional may be required to handle at some point, manufacturers are recognizing that such an approach inevitably leads to prospective candidates excluding themselves because they lack one or two “required” skills (which, in truth, may never come into play). As a result, companies are becoming more realistic and generating job descriptions that focus only on the essential activities and skills the candidate will need to handle day-to-day work.
Moving away from a search for the ideal candidate has also led many manufacturers to focus more on the skills that job candidates possess and less on their degrees and credentials. This skills-based hiring approach opens the door for companies to consider candidates who have the street smarts to handle the work and a proven track record even though they may lack the degrees or industry certifications that such positions often require.
Beyond broadening the pool of potential candidates, this method of recruitment provides an opportunity to increase workforce diversity and introduce new, on-the-job skills into a company’s mix of cyber talent. It also enables manufacturers to recognize and take advantage of soft skills, such as collaboration, leadership, effective communication, and problem-solving, all of which support and enhance a productive work environment.
While finding the “right” person for the job (and not necessarily the person with the right degrees and certifications) can effectively expand the talent pool, manufacturers still must face the fact that at some point these cyber professionals may need more training or upskilling to keep up with both technology advancements and new cyber threats. Many manufacturers have found that accessible and affordable training opportunities offered by cybersecurity workforce development organizations, community colleges, and other expert providers can enable learners to acquire the skills needed to enter or advance in the cybersecurity field.
Most cybersecurity workforce development partners, for example, are well-equipped to provide specialized skill-based training programs covering a variety of topics, from network security and digital forensics to compliance and governance. They also offer programs to prepare students for certifications, such as CompTIA Security+, CompTIA Network+, and CompTIA A+ I. And of particular interest to professionals already in the workforce, flexible learning options, such as online courses, satellite locations, and evening classes, are often available to accommodate busy schedules.
See also: Cybersecurity: ‘Largest obstacle to adoption of smart manufacturing technologies’
Increasingly, manufacturers, government agencies, and cybersecurity companies are partnering directly with workforce development organizations to develop curriculum that incorporates the latest cyber trends, technologies, and best practices. Such organizations, in turn, are working with community colleges to capstone and supplement their students’ learning, providing firsthand training using advanced tools such as cyber ranges—a sophisticated system that simulates cyberattacks using real-world scenarios. This not only ensures students receive the relevant skills or certifications employers want, but also creates opportunities for internships, job placements, and career advancement.
Finally, it is important to recognize that most employers today are prioritizing diversity, equity, and inclusion initiatives. Manufacturing companies are no different, having made significant strides toward recruiting and hiring more women and minorities. Because such training programs tend to attract and serve a diverse student population, they are well-positioned to increase diversity and generate a more inclusive workforce for manufacturers.
Bottom line, manufacturing firms need to do something to counter the rise in cyberattacks that is undermining their productivity, hurting them financially, and damaging their reputations within the industry. To expand the pool of cybersecurity talent in an incredibly competitive field, manufacturers must take a different, more practical approach in their hiring practices while providing the training opportunities needed to usher in the next generation of cybersecurity professionals.