Addressing the Cybersecurity Talent Shortage in Government

The role of culture, workforce development strategy, and AI in maturing security programs within federal government departments and agencies.

Analyst Perspective

Governments are increasingly at risk from cyberattacks as they become more digital, requiring them to take proactive measures to enhance their cyber resilience. A common challenge is getting the entire organization on board with cybersecurity measures. This can result in insufficient understanding of strategies and technology, as well as difficulty in maintaining a skilled and engaged workforce.

To address this challenge, Info-Tech suggests a three-pronged approach. First, governments should foster a culture of accountability and collaboration throughout the organization to create a shared responsibility for cybersecurity. Second, governments should implement a comprehensive cyber workforce strategy that includes acquiring individuals with the necessary skills and expertise and investing in innovative training programs and educational partnerships. Third, governments must invest in advanced technologies such as AI and machine learning, to detect threats more quickly and accurately.

Paul Chernousov
Research Director, Industry
Info-Tech Research Group

Executive Summary

Info-Tech Insight
A comprehensive cybersecurity workforce development strategy addresses the inability to hire staff with the desired skills. Define the skills gap in your cyber workforce and build a development plan that includes strategies that fully empower skilled employees to resist cyberthreats.

We are in an increasingly vulnerable digital world

Digital transformation often introduces new digital risks for an organization to manage.

95% Percentage of cybersecurity issues that can be traced to human error.

43% Percentage of cybersecurity breaches or infractions represented by insider threats, either intentional or accidental.

Source: GlobeNewsWire, 2021; World Economic Forum, 2022.

Potential workforce risks enabled by digital transformation:

• New digital identity governance and threat-monitoring challenges
• Cultural and behavioral changes
• Lack of skills availability
• More sophisticated threat actors

Info-Tech Insight
Digital transformation presents new workforce risks, such as cyberthreats and challenges associated with distributed workforce. Organizations need to proactively address these risks to ensure a successful digital transformation at all levels.

Digital transformation enables improved outcomes

Digital technologies are integrated into all aspects of public sector operations, fundamentally changing the way services are delivered and how value is provided to citizens. This transformation also involves a cultural shift, as government departments and agencies need to continually challenge traditional processes, experiment, and adapt to new ways of working.

Digital citizen experience
Enhancing citizen interactions and satisfaction by leveraging digital technologies to provide seamless, personalized, and data-driven experiences in accessing government services.
Examples: Online portals for tax filing, mobile applications for reporting civic issues, and chatbots for addressing public queries.

Operational efficiency
Streamlining and automating government processes to improve productivity, reduce costs, and optimize resource use.
Examples: Implementing cloud-based systems for interagency collaboration and using predictive analytics to optimize public service delivery.

Policy and service innovation
<>Adapting or creating new policies and services that leverage digital technologies to deliver value in new ways or to better address citizen needs.
Examples: Implementing digital identity solutions, using open data platforms to improve transparency, and leveraging data-driven insights to inform policy decisions.

Workforce enablement
Empowering public sector employees with the right digital tools, skills, and mindset to adapt to the evolving work environment and contribute effectively to the government's digital transformation journey.
Examples: Providing digital skills training, implementing collaboration tools (e.g. Slack, Microsoft Teams), and promoting a culture of continuous learning and innovation.

Data and analytics
Leveraging data-driven insights to inform decision-making, optimize processes, and drive innovation across government organizations.
Examples: Applying machine learning algorithms to predict citizen behavior, using big data analytics to identify social trends, and employing real-time data monitoring to optimize resource allocation.

Digital security
Implementing robust cybersecurity measures to protect government digital assets, citizen data, and overall digital infrastructure.
Examples: Deploying AI-based threat detection systems, establishing secure data storage and encryption protocols, and conducting regular security audits and training.

Digital transformation is also creating new attack surfaces

Digital transformation is introducing new technologies, systems, and processes to government departments and agencies, leading to the following obstacles:

01
Expanded digital landscape and cyberthreats
Digital transformation in government involves the integration of new technologies, systems, and processes that lead to an increased exposure to cyberthreats. These include malware, ransomware, and other forms of cybercrime.

02
Cultivating a cybersecurity-aware culture
New challenges make it essential for governmental departments and agencies to foster a culture of cybersecurity awareness within their workforce. This includes providing regular training and promoting a shared responsibility to maintain digital security.

03
Addressing the cybersecurity talent gap
The growing complexity of cyberthreats necessitates a skilled cybersecurity workforce in government. However, a shortage of cybersecurity talent makes it challenging to effectively combat these threats and safeguard digital infrastructure.

04
Enhancing cyber resilience and security
To mitigate the risks of cyberthreats, government departments and agencies must prioritize the creation of robust cybersecurity strategies, invest in employee training, and collaborate with external parties to enhance their cyber defense capabilities.

Digital threats are coming from various actors

Threats to cybersecurity can come from a multitude of sources. One common source is email phishing scams, where attackers send fraudulent emails designed to trick recipients into revealing sensitive information or downloading malicious software.

Other sources of digital threats include unsecured networks and devices, malicious software downloads, and social engineering attacks. It is important for individuals and organizations to stay vigilant and educated about these threats to protect their sensitive information and assets.

The nature of cybersecurity risks is changing

Remote/Hybrid workers

Traditional security models rely on perimeter-based defenses that assume everything within the network is trustworthy. This can be an issue since threats can originate from within that network.

Traditional security measures such as firewalls, antivirus, and intrusion detection systems may not be sufficient against increasingly sophisticated cyberthreats.

The attack surface is becoming more complex

The adoption of new and emerging technologies, such as automation and digital transformation concepts, introduces additional vulnerability at all organizational levels.

The complexity of the attack surface can make it difficult for organizations to identify and mitigate all potential vulnerabilities, increasing the risk of successful cyberattacks.

Automation brings additional cybersecurity risks

Automation has led to several types of cybersecurity attack