The world of cybersecurity has certainly transformed in the past decade. Demand for cybersecurity professionals has skyrocketed as a result of the rising number of cyber threats and surge in hacker activity.
And with Web 2.0 and IoT (Internet of Things) now upon us, the term cybersecurity has expanded to an unprecedented level and scope. In tandem with this, the cybersecurity market has flourished. According to Gartner analysts, worldwide information security market growth will accelerate to 4.7% and reach US$76.9bil (RM334.7bil) in 2015.
Unfortunately, the global supply of cybersecurity professionals are unable to match the market's explosive growth. According to the latest survey released in April 2015 by leading firm Frost & Sullivan, there is a growing shortfall in the global information security workforce supply.
In the survey, 62% of respondents stated that their organisations have too few information security professionals. This compares to 56% of respondents in its previous survey in 2013. It is projected that the shortfall in the global information security workforce in the next five years will reach 1.5 million.
Clearly, the situation is the same in Malaysia where organisations are understaffed when it comes to cyber security. We currently face an acute shortage of cyber security professionals in both public and private sectors.
Some companies do not have sufficient manpower to continuously monitor extended networks and detect infiltrations in a timely and effective manner.
Up to October 2015, there are about 5,200 cyber security professionals in Malaysia with an estimated Internet user population base of about 20.56 million.
This is equivalent to a ratio of one cyber security professional for every 4,000 Internet users – a figure still way below our target.
With strategic human capital development plans in place, we aim to achieve at least 10,000 professionals by 2020.
This figure is still far below our need to serve the rapidly growing Internet population in Malaysia to leapfrog as a develop nation by the year 2020.
Let’s face it, security skills shortage is real, and it’s not going away anytime soon. Training and educating a new generation of cyber security workers can take years. But this impending shortage must be stemmed early as cyber security has become a critical function of any organisation. A steady supply of cyber security experts is crucial to the success of our Digital Malaysia development blueprint.
Cybersecurity Malaysia’s role
Workers with cybersecurity skills are critical to protecting our digital infrastructures.We need cybersecurity professionals who understand what works in theory and practice.
Industries as diverse as retail, healthcare, manufacturing and financial all depend on the security and reliability of cyberspace. With the nation facing new and dynamic risks, threats, and vulnerabilities, a highly skilled cyber security workforce capable of responding to these challenges is needed more than ever.
To increase the number of information security professionals in the country, CyberSecurity Malaysia, as the national cybersecurity specialist centre, has various information security competency and capability training courses and certifications as well as knowledge-sharing platform for ICT professionals, through our Cyber Security Professional Development Programme.
These initiatives include offering competency and professional training programmes; developing curriculum in cyber security for colleges, polytechnics and universities; and collaborating with institutes of higher learning (IHL) in various comprehensive cybersecurity modules to attract more Malaysians to join the ICT security sector.
As a body entrusted to ensure the security of Malaysia's cyberspace, CyberSecurity Malaysia provides training and consultancy in developing Computer Emergency Response Teams (CERTs), Information Security Management Systems (ISMS), Business Continuity Management (BCM), Wireless Technology, Penetration Testing, SCADA and Digital Forensics.
Cyber Security Professional Development, a department in CyberSecurity Malaysia is also helping to develop the information security workforce with the required knowledge and skills by providing information security competency and capability programs and international certifications such as from the Disaster Recovery Institute International (DRII)’s Business Continuity professional programme, BSI Services’ ISO/IEC27001 Lead Auditor training programme, International Information System Security Certification Consortium Inc ((ISC)2)’s Certified Information Systems Security Professional (CISSP) and EC-Council’s Certified Chief Information Security Officer (CCISO) programme.
Through CyberSecurity Malaysia’s Professional Training Services Programmes, we are definitely seeing an increase in the number of skilled workers in Malaysia. But industry professionals should also endeavour to upgrade their skills and knowledge while keeping abreast with the latest changes in the global information vectors.
Sowing the seeds
On a macro level, Malaysia needs to create an entire generation of responsible and knowledgeable ‘Digital Citizens’ through effective implementation of a comprehensive national cyber security education programme. We have to inculcate good cybersecurity habits and best practices at an early age to address the weakest link in cybersecurity, the human factor. As such, Malaysians must be taught the fundamentals of cyber security preparedness from young.
Realising the importance of educating the younger generation about cybersecurity, CyberSecurity Malaysia is reaching out to them through our CyberSAFE programme, which is short for Cyber Security Awareness For Everyone.
Various activities related to online safety awareness have been organised in schools nationwide. To date, more than 5,000 school teachers as well as 1,000 Bestari ICT teachers from over 1,000 schools nationwide have benefited from DiGi’s CyberSAFE programme, a smart partnership programme between CyberSecurity Malaysia and DiGi Telecommunications.
These teachers are now equipped with sufficient knowledge to help raise cybersecurity awareness in schools.
Higher learning and private sectors
Building a competent generation of cybersecurity professionals also requires effective collaboration with Malaysia’s institutions of higher learning as well as strategic public-private partnerships.
Cybersecurity competency can be enhanced by gathering academicians, government and relevant industries to discuss the issue and build a set of standards to certify cyber professionals at universities as well as professional bodies’ level.
In this regard, CyberSecurity Malaysia is constantly exploring strategic partnerships with higher learning institutions and private sectors to incorporate information security modules in the curriculum in order to broaden the reach of information security education and awareness.
At the same time, we must also ensure our IT graduates are well-equipped with both technical and ‘soft’ skills. Integrating degrees with work placement years may offer graduates real business experience in applying their trade in a commercial context and help to start to bridge this skills gap.
CyberSecurity Malaysia has formed a strategic partnership with Universiti Kebangsaan Malaysia’s (UKM) Faculty of Information Science & Technology to jointly conduct the Cyber Security Professional Development Series and Masters of Cyber Security post-graduate programme. Apart from UKM, we have also established key collaborations with other higher learning institutions in Malaysia such as Multimedia University (MMU), Universiti Teknikal Malaysia Melaka (UTeM), International Islamic University Malaysia (IIUM), International College of Yayasan Melaka (ICYM) and Putra Intelek International College (PIIC).
To date, CyberSecurity Malaysia and UKM have produced its pioneer batch of students who were awarded Masters of Cyber Security certificates. As many as 63 students have enrolled in this programme, of which 35 of them have passed all the modules and are currently completing their thesis.
We aim to attract more professional stakeholders from various industries and government agencies including police, arm forces, lawyers, and other information technology professionals to join the program.
The shortage of skilled cyber security professional cannot be solved overnight. It will take time to get the right people into this profession. To address the human capital gap requires a combination of strategic public-private collaboration and incentives from scholarship, mentorship, internship to guaranteed employment.
We need to start pushing the limits by taking on greater responsibilities in delivering highly qualified professionals with specialist skills who will contribute to our nation’s cyber safety. We need to create a knowledge generation capable of fending off the ever-evolving cybersecurity threats. Last but not least, we need to truly produce high-value and skilled digital citizens of the future that will keep Malaysia’s cyberspace safe as we head into a new digital economy order.
Dr. Amirudin Abdul Wahab is the chief executive officer of CyberSecurity Malaysia.