Since early 2021, 世界各地有大量员工辞职,转投其他澳门赌场官方下载,这被称为“大辞职”, 也被称为大洗牌.1 这种剧变被归咎于COVID-19大流行的影响. The worldwide pandemic has had a disproportionate impact on the economic activity of various industries and sectors, 劳动力需求的改变, 并改变了员工的观点和优先事项. 结果是估计的.2021年第二季度,全球总工作时间将减少4%.2 The dramatic rise in the number of people leaving their jobs across all industries is attributable to a variety of reasons, including wage stagnation, the rising cost of living, 员工倦怠和转行的需要.3 美国劳工部指出,4.2021年8月,300万美国工人辞职, 大多数辞职发生在零售和酒店行业.4 In Europe, data from the Organization for Economic Co-Operation and Development (OECD) show that 14 million people have exited the labor market, 低工资是主要因素.5
尽管自2022年初以来,人才的大规模外流有所缓解, 它对平均薪酬的影响, organizational culture, 员工的期望和安全感将在未来几年得到体现.
网络安全行业的影响
网络安全行业也不能幸免于这种人才外流, 在大流行开始之前,它就存在熟练工人短缺的问题. The gap has raised concerns about how business leaders view their cybersecurity posture and preparedness. According to one report, 98%的商业领袖, 网络安全领导者和网络安全从业者对网络安全人员目前的流动率感到担忧.6
据估计,全球网络安全技能工人的缺口约为2%.根据ISC最近的一项调查,美国有700万个职位空缺。2. Further, 60%的受访者表示,他们的澳门赌场官方下载面临网络安全专业人员的短缺,这构成了极端或中度风险.7 据美国商务部称,网络安全技能差距正在扩大. 大约有600人,到2021年12月,将有5000个职位空缺, up from 465,到2020年底,这一数字将增长29%.8
即使是支付高薪的雇主也发现,丰厚的薪酬不足以吸引和留住网络安全人才.
招聘和留住人才一直是网络安全行业关注的问题, 而且没有足够的熟练的防御者来抵消攻击者的数量. 由于雇员及其家属的工作量和压力增加,疫情加剧了长期存在的问题. 澳门赌场官方下载不仅难以聘请到足够多的网络安全专业人才, 但也增加了现有员工的压力. 网络安全预算现在成为人们关注的焦点, 由于大多数澳门赌场官方下载发现很难获得足够的资金来应对日益增多的网络攻击的风险和潜在影响.9
即使是支付高薪的雇主也发现,丰厚的薪酬不足以吸引和留住网络安全人才. 许多网络安全专业人士都被巨大的工作压力压垮了, because of the workforce shortage and the growing number and evolving complexity of cyberthreats, 他们的工作压力比以往任何时候都大.10 根据2021年的一项调查, 62%的现有网络安全人员正在经历工作量增加, 主要是因为他们的雇主雇不到足够的人才. Thirty-eight percent of respondents reported high burnout and attrition rates among cybersecurity employees.11
Rising Security Threats
大洗牌对网络安全产生了重大影响, 也就是说,包括内部威胁风险的增加, 来自澳门赌场官方下载内部的个人威胁,如现任或前任员工, contractors and partners. The cybersecurity workforce is on the front lines when it comes to confronting insider threats, which can result in loss of intellectual property and customer data such as personally identifiable information (PII), personal health information (PHI) and credit card numbers; hefty regulatory fines; and damage to the enterprise’s reputation. 对前雇主怀恨在心的员工可能会泄露或出售有价值的数据,或者向勒索软件黑客提供访问前雇主数字资产的权限,以换取一部分赎金.
根据最近一项关于内部威胁的研究, 在2020年至2021年期间,这些事件增加了72%. 42%的内部威胁涉及知识产权或数据的盗窃. 最常受到内部威胁影响的行业包括关键基础设施, 技术和政府机构.12 Another study found that the number of insider threat incidents increased 44 percent over the past two years, 其中一些相关因素是向远程工作的转变和大洗牌.13
The shortage of cybersecurity professionals comes at a time when many individuals are working remotely from home, 使用与其他家庭成员共享的网络. 由于员工和机密文件没有受到澳门赌场官方下载网络的保护,家庭网络和路由器基础设施容易受到勒索软件攻击和其他网络威胁. 没有适当的安全措施, 将关键文档复制到个人云帐户或将文件传输到可移动的通用串行总线(USB)存储设备很容易, 使文件不安全,更容易受到威胁.14
面对快速演变的威胁形势, 合格的网络安全专业人员的短缺意味着澳门赌场官方下载面临更大的风险. 因此,网络安全已成为风险管理功能的关键组成部分. The cybersecurity talent shortage is one of the major challenges in managing an enterprise’s cybersecurity posture. 澳门赌场官方下载应重新审视其管理网络安全人员的战略,并建立注重学习和发展的弹性环境.g.(提升技能、交叉技能)、轮岗、安全文化和人力投资.
安全团队应该寻找机会投资于自学平台和虚拟实验室,并与安全供应商合作进行现场演示和实践培训.
加强网络安全工作队伍
雇主应该重新评估他们的招聘和留住策略. For example, 他们应该努力雇佣更多的女性, more people of diverse ethnicities and those with niche skill sets who can excel in cybersecurity roles. 确定员工是否可以在网络安全领域进行交叉培训,或者某些员工是否有兴趣追求与当前职位不同的职业目标,这是很有价值的. 在招聘后留住人才, 组织应该提供明确的职业道路, 指导和培训计划. 实习机会可以引导年轻人进入网络安全领域. 组织应考虑做出关键改变以增强其网络安全,包括:
- 发展健康的安全文化The cybersecurity workforce can benefit from empathetic leadership in the work environment and a healthy security culture. 使工作实践适应不断变化的需求, 特别是那些与大流行有关的, enhances trust among employees and allows them to take personalized steps to improve their well-being, 生产力与工作满意度. 适用于跨越多个时区的全球澳门赌场官方下载, it is critical to respect and consider employees’ optimal work hours to maximize productivity while providing flexibility. Security leaders should encourage employees to participate in developing open cultures that will help them build trust, learn about their security responsibilities and provide and receive continual feedback on team performance.
- 为网络劳动力建立远景和成长心态-每个澳门赌场官方下载都有自己独特的文化, and it is necessary to attract and retain talent with values and attitudes that align with the enterprise’s vision and mission. 组织领导者必须在个人和团队中建立成长心态. 这对于鼓励创新观念和持续学习至关重要. 拥有成长型思维模式的员工认为,技能和能力可以随着时间的推移而发展. They not only want to learn and apply new skills, but also want to share their knowledge with others. 具有成长型思维的网络安全专业人员将挑战视为成长和学习的机会,并变得更有弹性和适应性. 当今流行的混合工作环境需要安全员工朝着与澳门赌场官方下载更大目标一致的共同目标努力. The significance of their roles and their effect on broader organizational goals and objectives must be recognized, 对员工努力的赞赏必须日复一日地传达. 安全负责人应该与他们的团队就安全功能的愿景和目的进行频繁而有效的沟通,因为它与更广泛的业务相关. They should underscore the value that security unlocks for enterprises to rapidly scale and expand.
- 不断提高员工的技能和技能Investment in skill enhancement and the development of new capabilities should be part of the employee retention strategy. Upskilling programs encourage critical thinking and help employees focus on strengthening their job-specific skills, which are keys to success. Developing and implementing a formal mentorship program guides security professionals on their career paths, 加强和扩展其专业网络的外部安全行业论坛也是如此. Connecting with like-minded security professionals provides perspective on needs and priorities. 包含阴影的结构化模型, internal job opportunities, 认证和培训确保网络安全员工为未来做好准备,并为跨行业的技术创新和采用做好准备. 安全团队应该寻找机会投资于自学平台和虚拟实验室,并与安全供应商合作进行现场演示和实践培训. 领导者还应该给员工必要的休假时间,让他们准备和获得安全认证,以此表明他们对网络安全培训的承诺.
- 澳门赌场官方下载混合工作模式澳门赌场官方下载需要重新调整其人力资源政策和工作模式,以创建能够管理员工工作经验的生态系统. Organizations can attract more cybersecurity talent by giving employees the flexibility to work securely from anywhere. 澳门赌场官方下载必须确定如何灵活地确定其网络安全优先级,同时遵循基于部门和行业的不同业务需求. 安全团队越来越多地为员工提供选择,根据他们的业务需求,每周有几天在办公室轮流工作. 安全领导者应该指导他们的经理在这种新的混合工作模式下领导和管理团队,并教育网络安全人员如何优化他们的工作场所体验. 大多数网络安全团队必须处理对安全投资的影响, 劳动力重组和工作积压以满足业务需求. 考虑到全球网络安全行业人才短缺, 在需要时,澳门赌场官方下载可以通过外部安全供应商和托管安全服务提供商(mssp)来增强内部能力,从而构建更强大的员工队伍. 托管服务可以采用外包或联合外包模型的形式, 哪些方法可以快速有效地克服这些挑战.
- 自动化网络安全功能和流程Enterprises have started to hire more cybersecurity professionals and increase their capacities to handle cyberthreats. 然而,由于全球人才短缺,职位空缺仍然存在. 没有适当的工具和系统, 员工将继续承担额外的安全责任, 导致人员流失增加. Enterprises should consider investing in emerging technologies such as artificial intelligence (AI), machine learning (ML), 分析和机器人流程自动化(RPA)来帮助弥合人才缺口, 授权团队并提高他们的日常效率和效能. For example, 安全团队可以利用RPA来自动化重复, 耗时的网络安全任务,如审查第三方安全合同和进行季度内部安全审计. In addition, 机器学习功能可以用来分析开源威胁数据库, 在现有知识的基础上,识别新的威胁,从而协助制定有效的事件响应流程.
能够成功转变当前网络安全职能并实施建议变更的安全领导者可以实现更高的员工投资回报.
Conclusion
网络安全行业正在努力应对人才短缺, 大洗牌的后果扩大了已经存在的技能差距. 随着澳门赌场官方下载应对高员工流动率, 他们应该积极寻求改变他们的网络安全招聘和保留策略,以防止有价值和熟练的员工离开. They should implement plans to minimize the effects of turnover and the threats posed by insiders to build a resilient workforce. 能够成功转变当前网络安全职能并实施建议变更的安全领导者可以实现更高的员工投资回报, 有效地改善他们的整体安全状况,并为他们的澳门赌场官方下载提供价值.
Authors’ Note
The authors would like to thank Abhinav Kumar for his contributions to the development of this article.
Endnotes
1 Meister, J.; “The Great Resignation Becomes the Great Reshuffle: What Employers Can Do to Retain Workers,” Forbes, 19 April 2022, http://www.forbes.com/sites/jeannemeister/2022/04/19/the-great-re-shuffle-of-talent-what-can-employers-do-to-retain-workers/?sh=7c0ab0ef4cf3
2 国际劳工组织(劳工组织) 《澳门赌场官方软件》, http://www.ilo.org/wcmsp5/groups/public/---dgreports/---dcomm/---publ/documents/publication/wcms_795453.pdf
3 Cook, I.; “Who Is Driving the Great Resignation?” Harvard Business Review, 15 September 2021, http://hbr.org/2021/09/who-is-driving-the-great-resignation
4 Cox, J.; “A Record 4.8月份有300万工人辞职, 以食品和零售行业为首,” CNBC, 12 October 2021, http://www.cnbc.com/2021/10/12/a-record-4point3-million-workers-quit-their-jobs-in-august-led-by-food-and-retail-industries.html
5 Taylor, P.; “The Good News About Labor Shortages,” Politico, 7 October 2021, http://www.politico.eu/article/good-news-labor-shortages-coronavirus-economic-recovery/
6 Code42, 年度数据暴露报告2022, 2022, http://www.code42.com/resources/reports/2022-data-exposure
7 (ISC)2,《澳门赌场官方软件》,2021年; http://www.isc2.org/Research/Workforce-Study
8 Hardcastle, J. L.; “Can Cybersecurity Offer Greener Pastures in the Great Resignation?SDX Central, 2022年2月23日, http://www.sdxcentral.com/articles/analysis/can-cybersecurity-offer-greener-pastures-in-the-great-resignation/2022/02/
9 Naden C.; “The Cybersecurity Skills Gap,国际标准化组织(ISO), 15 April 2021, http://www.iso.org/news/ref2655.html
10 Argov, S.; “Big Salaries Alone Are Not Enough to Hire Good Cybersecurity Talent: What Else Can Companies Do?” Help Net Security, 29 November 2021, http://www.helpnetsecurity.com/2021/11/29/hire-cybersecurity-talent/
11 资讯系统保安协会, “网络安全技能危机持续第五年, 由于缺乏商业投资而长期存在,” 28 July 2021, http://www.issa.org/cybersecurity-skills-crisis-continues-for-fifth-year-perpetuated-by-lack-of-business-investment/
12 DTEX, 2022内部风险报告:心理社会行为, 远程工作和超级恶意内部人员的崛起, USA, 2022, http://www2.dtexsystems.com/2022-insider-risk-report
13 Dice,“内部威胁:为什么这些网络安全事件持续增长”,2022年2月21日, http://insights.dice.com/2022/02/21/insider-threats-why-these-cybersecurity-incidents-continue-to-grow/
14 Sabau, C.; “Are Leavers a Threat to Your Data? 辞职对你的数据保护控制意味着什么,” Endpoint Protector, 27 January 2022, http://www.endpointprotector.com/blog/are-leavers-a-threat-to-your-data-what-the-great-resignation-means-for-your-data-protection-controls/
PRAKASH RENDUCHINTALA
是Optiv Security网络战略和转型团队的高级顾问. 他拥有超过8年的IT审计经验, third-party attestation, 控制差距评估和IT风险管理.
ROHITHA CHOWDHARY
是Optiv Security网络战略和转型团队的经理吗. She has extensive experience leading and delivering multidisciplinary cybersecurity projects for clients across various industries, including establishing enterprisewide cybersecurity capabilities through the security management and governance, 风险和遵从性领域.
PRADEEP SEKAR
是Optiv Security公司网络战略和转型团队的董事总经理兼负责人吗. 他是一位经验丰富的网络安全专业人士,曾与多位《澳门赌场官方软件》100强和500强的首席信息安全官(ciso)和首席信息官(cio)及其团队密切合作,共同开发和维持安全, 适应性强且稳健的网络安全计划.