IT skills shortage yet to bottom out Managed security services and managed IT services come to enterprises’ rescue

06 Jan 2023

According to a new research report by human resources consulting firm Robert Half, 77% of CIOs in Hong Kong are finding it challenging to recruit IT professionals compared to five years ago, and the issue is likely to persist in the short term given the current market development.

According to a new research report by human resources consulting firm Robert Half, 77% of CIOs in Hong Kong are finding it challenging to recruit IT professionals compared to five years ago, and the issue is likely to persist in the short term given the current market development. The IT skills shortage will have a profound impact on companies seeking digital transformation and those trying to adjust the pace of their transformation. Industry experts warn that cybersecurity vulnerabilities emerging during the transformation could deal a fatal blow to companies! To nip any crisis in the bud, managed security services and managed IT services are the way to go.

Reasons for shortage of IT professionals

In its recent research report on cloud spending by enterprises, market researcher Gartner forecasts worldwide end-user spending on public cloud services to grow 20.7% to $590 billion in 2023 from 2022. KPMG’s global tech report, on the other hand, found that 90% of companies plan to upgrade their cloud systems in the coming year. Both reports indicate that enterprises are speeding up their pace of digital transformation and are therefore in need of IT professionals to support them. Therefore, the IT skills shortage will only get worse. Meanwhile, the fact that Hong Kong is an international financial hub, and that neighbouring countries are scrambling for talent by offering them different perks, have also exacerbated the problem.

Repercussions of IT skills shortage

The negative impact of current shortage of IT professionals can be principally divided into two parts: impact on businesses and impact on cybersecurity:

Impact on businesses
Slow down digital transformation	To achieve smooth digital transformation, companies should adopt plans devised by specialists well-versed in solutions and traditional IT architectures provided by different cloud service providers. Without professional help, it is difficult to put in place an efficient multi-cloud or hybrid cloud system. Worse still, a company may not be able to start its digital transformation journey and its competitiveness will thus be greatly hampered.
Hinder business development	Countries around the world have introduced regulations related to cybersecurity and data protection, such as the European Union’s General Data Protection Regulation (GDPR) and China’s Cybersecurity Law. There is also the Payment Card Industry Data Security Standard (PCI-DSS) for safeguarding security in financial and electronic transactions. Businesses whose operations involve the management of personal data must meet compliance requirements.

Impact on cybersecurity
Enormous damages	An IMB research report indicated that it took an average of 277 days for companies to contain a data breach, at a cost of about US$4.35 million. The longer it takes to handle a breach, the greater the damages. According to experts, shortening the time taken to contain a data breach to 200 days can save US$1.12 million for the affected company. Nonetheless, because cybersecurity personnel have to deal with a vast amount of security alerts, and because of staff shortage, important alerts can easily be overlooked.
Growing risk of cyberattacks	Shortage of manpower in the realm of cybersecurity makes it impossible for enterprises to get 24/7 protection for their IT architectures and to execute routine IT management tasks, such as system upgrades and detection of vulnerabilities. As a result, the enterprises face a higher risk of cyberattacks, and their employees will not be able to respond promptly when a security incident occurs.
Reduce data visibility	Many enterprises use a growing number of cloud applications, remote work tools and the Internet of Things (IoT). This tendency, together with the use of endpoint devices and the BYOD (bring your own device) trend, makes IT architectures more complex than ever. A lack of qualified personnel to manage IT architectures will greatly undermine data visibility and make it hard to detect security vulnerabilities. In addition, low data visibility hinders enterprises’ abilities to formulate a blueprint for their future and to collect enough data to boost their efficiency.

Ways to ease IT skills shortage

To help enterprises tackle the problem of IT skills shortage, some human resources consulting firms have the following suggestions:

Attract and retain talent

When posting job ads, not only should employers indicate that they offer reasonable remuneration, but they should also provide details of employee benefits and perks, such as flexible working hours and remote work arrangements. If applicable, the ad should mention the availability of on-the-job training, too. Human resources should try to simplify the recruitment process to minimise the chance of suitable candidates being lured away by rival companies. Companies should also make an effort to understand the long-term goals of existing employees and help them draw up career development plans that fit their needs.

Boost employees’ skills

As old-school IT personnel may not be well-versed in cloud and related technologies, their companies can provide them training to improve their skills so that they can transition to a new IT architecture setting without issues.

When posting job ads, not only should employers indicate that they offer reasonable remuneration, but they should also provide details of employee benefits and perks, such as flexible working hours and remote work arrangements. If applicable, the ad should mention the availability of on-the-job training, too.

The above solutions, however, may not be able to resolve the problems associated with manpower shortage in the short term. Besides, companies in general have a plethora of cybersecurity issues to deal with. The e-book The Seven Habits of Cyber Security for SMEs, published by the Hong Kong Productivity Council, looks at the issues facing enterprises, which are divided into seven categories: security policy and security management, endpoint security, network security, system security, security monitoring, security incident handling and user awareness. Doing a good job in these areas is no straightforward matter, whether for small and medium-sized enterprises (SMEs) or big corporations, given that they must first acquire cybersecurity tools, hire cybersecurity specialists, and invest resources in training their staff. Alternatively, companies can consider using managed security services provided by external suppliers. Such services encompass managed detection and response (MDR), secure access service edge (SASE) and managed IT services, and they can help companies resolve cybersecurity issues as soon as possible.

Advantages of managed security services and managed IT services

Low-cost access to advanced technologies	When equipped with advanced technologies such as next-generation firewall, DDoS protection, anti-malware and domain name system (DNS), and supported by next-generation security operations centre (NGSOC), companies can invest a minimum amount of initial capital to enjoy faster, more comprehensive services, professional managed services and scalability while reducing the total cost of ownership (TCO).
Proactive defence: threat intelligence	While many companies now use a variety of cybersecurity protection tools, they are incapable of defending themselves from the latest kinds of cyberattacks, such as attacks that use fileless malware. This is because they lack the latest threat intelligence. MDR suppliers have advanced technologies such as artificial intelligence and machine learning technology. They can also use data from local and global indicators of compromise (IoC) to accurately predict cyberattack trends, thereby identifying suspicious activities and reducing the chances of false alerts.
Meet regulatory requirements	MDR suppliers have sufficient manpower on their cybersecurity specialist teams. The team members hold international certifications such as CISSP, GCFE and GCTI. They are familiar with cybersecurity frameworks and how they operate, so that they can help customers meet the security-related regulatory requirements of various industries.
24x7 protections and system maintenance	Managed security services and managed IT services include 24x7 protection and professional suggestions in response to incidents. Conventional networks today have developed into networks with various edges (邊緣), one major reason being that many enterprises adopt cloud services and remote work arrangements. That effectively makes these enterprises more susceptible to cyberattacks. SASE technology provided by suppliers enables enterprises to safely and remotely access local, cloud and edge devices. On the other hand, managed IT services support includes monitoring system updates of endpoint devices, reducing vulnerabilities, and submitting security reports regularly. Such support enables enterprises to focus on their operations while reducing the workload of their IT personnel.

Companies can invest a minimum amount of initial capital to enjoy faster, more comprehensive services, professional managed services and scalability while reducing the total cost of ownership (TCO).

There is no shortage of suppliers of managed security services and managed IT services selling similar services. When choosing a supplier, however, enterprises should pay attention to certain aspects. For example, is the procedure of deploying the security services complicated or is a simple agentless procedure available? Do the services really come with 24x7 protection and technical support? What are the metrics for evaluating the service level agreement (SLA)? How transparent are the fees? If one does not know much about these concepts, it is best to seek help from a credible service provider.

Contact Ricoh’s Cybersecurity Team