While the Absa Group acknowledges the shortfall of skilled security personnel in Africa, executives from the company believe the 3.5 million potential jobs available in South Africa, for example, represents a solid opportunity for job creation, skills development and to bolster certification and training.

This emerged from an online discussion, hosted by Absa, with input from Absa Group Chief Security Officer, Sandro Bucchianeri, and Ina Steyn, Head of Resilience at Absa Group, during which the company explained the relevance of its cyber security academy.

The intention with the academy is to empower potential job-seekers with relevant cyber security certification, as well as equip them with the necessary ‘soft skills’ to enable them to add value to the market.

Currently the plan is to ensure 23 candidates per year are trained up to enter the cyber security market.

Absa executives explained that there is definitely a growing need for technically qualified practitioners in the cyber security market, and in addition, the situation is compounded by the fact that those who pursue a career in the field, are more than twice as likely to be male.

Steyn heads up the company’s cyber security education and awareness programme. Her team is focused on the business continuity management for the Group and continues to lead the company’s response to the pandemic.

Steyn acquired her security professional accreditation in March this year. She has been part of a team that developed a program called ‘Women in Engineering Services’ and said the reason the company’s cyber security education and awareness program is ‘not boring’ is because it is driven by female professionals.

According to Steyn, research on the size of the gender gap in cyber security puts Africa at 9%.

“We can look at that and admire the problem of the 9% or we can look at that and say ‘there is a huge opportunity there’. Sandro mentioned 3.5 million job shortages in the cyber security field … just imagine unlocking that vast opportunity across the African continent! I also don’t believe that there is only 9% of women across Africa that is competent and skilled in cyber security roles.”

Steyn said within the Absa group itself, there are women who have technical skills equal to their male counterparts. “But for some reason, women don’t take up those opportunities and there is something about legacy perceptions, and then also some things we can work on to really unlock that potential for women in cyber security.”

Steyn pointed out various factors that stop women from pursuing careers in cyber security, including historic perception that technology roles are over technical and that women are not competent enough for those roles.

“Also reflecting back on my own career, I think in general there were perceptions twenty years ago that men are more equipped for those roles, specifically senior roles in technology, and that women are simply not interested in those roles. I don’t necessarily think that is the truth. I think there are a lot of women who want to pursue those roles. I think there is an unconscious bias still.”

Steyn said organisations could do more to address the way roles are advertised and be more aware of bias that can- and still does impact recruitment.

COVID-like global cyber attack

Bucchianeri, who is responsible for the physical cyber security and resilience, outlined the cyber security challenge facing global economies.

“COVID-19 has shown us that the world is at great risk of disruption by pandemics. Cyber attacks all have been environmental tipping points … we should prepare for a COVID-like global cyber attack that will spreader faster and further than any biological virus, with an equal or greater economic impact.”

Bucchianeri said pandemics can teach us a lot about cybersecurity and offer insight to help businesses prepare for risks and certain impact on critical infrastructure.

He added that the reproductive rate or ‘R’ value of COVID-19 is somewhere between 2 or 3, with any kind of social distancing by contrast. “But by contrast, though, estimates of an R on cyber attacks are by a multiple of 27 and above. The fastest worms in history, that we’ve spoken about, like Slammer and Sapphire, doubled in size approximately every 8.5 seconds, with over seventy-five thousand devices infected in ten minutes, and 10.8 million devices in 24 hours.”

According to Bucchianeri one of the lessons already learnt from global-scale cyber attacks like Wannacry in 2017, that crippled older Windows systems (impacting over 200 000 computers in 150 countries), is attacks with these characteristics are able to manifest significantly faster than ever thought possible.

This wreaked havoc across worldwide shipping and manufacturing.

Amid ongoing widespread and systematic cyber attacks, Bucchianeri emphasised the need for effective coordinated collaboration and clear, consistent communication among cross-border stakeholders as part of efforts to build up resilience.

He also underlined the importance of leadership and as with efforts to combat COVID-19, cyber threats warrant early, decisive action.