Cloud, WFH send demand for cybersecurity talent soaring

Cloud WFH send demand for cybersecurity talent soaring

Last month, fintech company MobiKwik is said to have suffered one of the worst data breaches in Indian corporate history when personal information of about 100 million users were hacked and made available in the dark web. Independent researchers said the hackers accessed MobiKwik’s data stores through its cloud infrastructure. Similar attacks were launched on Paytm, Big Basket and edtech firm Unacademy in the past 12 months.

As more companies go digital and operate through a cloud-based model – a need accentuated by the pandemic as people work remotely – the risks of cyberattacks have risen across the world. Configuring for the cloud and protecting data on the cloud are emerging areas. About 52% of Indian companies said they were victims of a successful cyberattack in the last 12 months, as per a survey by British security firm Sophos. The same survey also found that 60% of those surveyed struggle to recruit people with the right cybersecurity skills.

“The security market is growing faster than the skill sets available,” says Sudeep Das, security software technical sales leader in IBM technology sales for India.

Staffing firm Xpheno says about 7,600 active premium jobs are currently open. TeamLease Digital’s data shows that demand for cybersecurity skills has risen by 18-20% over the past six months.

“People tend to claim cyber awareness in their resume, but the challenge is not many of them are equipped,” says Tarun Bhatia, head of south Asia at cybersecurity firm Kroll.

Cyber security experts say attacks have become more sophisticated and are not just restricted to malware, phishing emails or ransomware. Hackers used to charge ransomware for returning stolen data, but now they are encrypting the data and asking companies to pay a ransom for decrypting it. Other new forms of threats include supply-chain attacks and cryptojacking – an unauthorised use of someone else’s computer to mine cryptocurrency.

Globally, India ranks third – after the US and Spain – in the number of threats detected, according to security software firm McAfee. Most of these threats were Trojan, a malware that allows cybercriminals to gain access to an individual’s or a company’s systems and devices.

“The data centre is no longer the perimeter,” says Huzefa Motiwala, director of systems engineering for India & Saarc at Palo Alto Networks. “As employees work remotely, they become individual endpoints which are targeted by hackers.”

Demand for cyber security skills in India has also soared because of the numerous digital back-offices and global inhouse centres (GICs) being set up in India by MNCs. The security needs of GICs span across all aspects of network, infrastructure, application, data, and information management.

The most in-demand critical skills among enterprises are around cloud security, threat intelligence, risk management, incident management & response, data security, access management, network security, application security, information security, and computer forensics.

Venkat Krishnapur, VP of engineering and MD of McAfee India, says there are lots of jobs in many of these areas. But the current cyber security courses in academia, he says, are part of a semester and not, as it should be, a full-blown degree. The mushrooming certification courses aren’t often good enough either. “Technology professionals are focused on certifications, but in many cases it is like you know the instrument rather than know how to play it,” he says.

Security solutions firm Kaspersky says the share of cybersecurity spending in the total IT budget for small and medium enterprises grew to 26% in 2020 from 23% in 2019. Spending by large enterprises grew to 29% from 26% during the same period. Infosys, TCS, Wipro have regularly said over the last one year that most of their new projects from clients are focused on cloud, data & analytics, and cybersecurity.

Among the big cybersecurity employers in India are Deloitte, PwC, EY, TCS, IBM, Infosys, Cognizant, Wipro, HCL, Accenture, and Honeywell. The likes of Google, Amazon, Citrix, VMWare, Oracle, SAP, McAfee and Autodesk also have sizable demand for niche cyber skills.


We do not have as many people as we need; attrition is also high as they move on with higher salaries. Recruitment is taking longer and tech teams are not getting trained properly.

We are focusing on building an open architecture, which means tools and controls need to be able to by default talk to each other, collaborate and share information when they are attacked.

CVs can be impeccable with degrees, but when candidates speak, they cannot explain their work experience. One can start by doing testing at home, it is fairly easy to set up a cyber laboratory in your house as lots of free open source tools are available.

What has added to the threat is the post pandemic situation where people are working from home, using their own devices or own connections. Ransomware is a threat that has gone up manifold.

Earlier the kick was to get an infrastructure down, get the data, move out and sell it. Now they are wondering, why can’t I just go in and lock the data?

The CISO needs to assure the leadership and board about what needs to be done, where to invest so as to safeguard future business, and have a good executive presence to shape thinking at the leadership level.


Source link

Leave a Reply

Your email address will not be published.

You may use these <abbr title="HyperText Markup Language">html</abbr> tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


%d bloggers like this: