The stories are all over international news. The rash of cyberattacks affecting public and private sector entities and individuals made hackers a whopping $6.9 billion in the year 2021. Ransomware gangs and state-sponsored Advanced Persistent Threat (APT) groups, that receive funding from governments internationally, have become a constant terror as security agencies globally scramble to deal with these ever-growing threats.
In South Africa, the Cybersecurity Hub is the South African National Computer Security Incident Response Team (CSIRT) and the counterpart to America’s Cybersecurity and Infrastructure Security Agency (CISA). The agency faces a difficult situation currently, as according to cybersecurity education firm KnowBe4, a massive skills shortage is currently afflicting the continent, with a constantly growing 100,000-person gap in certified cybersecurity professionals.
The lack of staffing is made particularly troubling by a report from anti-virus software (AV) giant Kaspersky, that shows that from January to April this year ransomware attacks in South Africa have doubled over the same period in 2021.
The severe shortages in qualified Cybersecurity personnel are not limited to South Africa however, as it is proving to be more and more of a global issue every day. For example, in the United States, the Biden administration has just announced a new multi-agency program that intends to create hundreds of new apprenticeship programs with private businesses in the hope that it can address the increasingly dangerous lack of cyber staffing in both the public and private sectors.
The cybersecurity gap problem in the US was particularly bad in 2021, as the year witnessed some of the most devastating cyber-attacks in American history. Specifically, there were the supply-chain halting hacks that victimized Colonial Pipeline and JBS Foods. The economic damages as a result of these crimes truly displayed the potential for disaster that lurks in the so-called “dark web.”
One sector of the South African economy that is particularly desperate for qualified IT professionals is the banking industry. In fact, in a digitally published parliamentary Q&A, the Department of Communications and Digital Technologies replied that a growing skills shortage for IT jobs has been identified by major entities operating within the banking sector.
To address this, a new partnership to develop a National Cybersecurity Skills Framework that would guide the training of cybersecurity professionals in the country has been formed between the Banking Sector Education and Training Authority (BankSETA) and the South African Banking Risk Information Centre (SABRIC).
According to the BankSETA 2022/23 Sector Skills Plan, South Africa needs to “put a greater focus on the new regulatory framework for prudential and conduct authorities, with cybersecurity a risk that all banks must address by ensuring they have the appropriate skills to manage it.”
“BankSETA has partnered with SABRIC to develop cybersecurity occupational qualifications in the sector. The information shared by SABRIC helps shape the skills landscape in the cybersecurity space. It also has a significant role to play in the achievement of all the National Skills Development Programme outcomes,” according to BankSETA.
The partnership between BankSETA and SABRIC has also identified the need to place a particular focus on developing an improved skillset for Chief cybersecurity officers, Compliance officers, Skills programmes for Basel IV (the informal name for a set of proposed banking reforms building on the international banking accords known as Basel I, Basel II, and Basel II), as well as a range of other occupations in cybersecurity. The plan will be partly executed via new technology and digital literacy programmes that are currently being developed.
The dangers that exist in the cybersphere will only continue to multiply exponentially. Every time we open our emails, threats ranging from social engineering attacks to phishing schemes threaten our personal security. With hacking for profit and cyberespionage becoming a recurring theme in news reports, it is good to see the South African government increasing its awareness of perhaps the more dire issue facing the world in our current technological age.