This week in Cape Town the PCI Security Standards Council, the leading global authority on payment security, is hosting a Town Hall Meeting that will bring together some of the world's foremost experts on payment card cybersecurity. This event, the first of its kind in South Africa, will be a gathering place for cybersecurity experts to share ideas, promote best practices, and discuss potential future threats from cybercriminals around the globe. The goal of this gathering is through greater collaboration, to help businesses prevent, detect and respond to cyberattacks that can lead to payment data breaches.
Make no mistake about it, cybercrime is an increasing threat to South Africa and needs to be an urgent priority. A global study conducted by security experts at Rapid7 in 2016 listed South Africa as one of the Top 10 countries that are most vulnerable to cyberattacks based upon the number of insecure internet channels and networks. The vulnerabilities included unsecured server ports and out-of-date email encryption. This alarming ranking should be a wake-up call for all South Africans who are concerned about cyberattacks and the future of cyber security. For those who care about their cost of doing business and protecting their consumers' payment data, the time to act is now.
As if the growing global cyber threats were not enough, a recent global skills study by Intel Security and the Center for Strategic and International Studies (CSIS) found that a stunning 82 percent of IT professionals believe there is a shortage in the cybersecurity workforce. In fact, between now and 2019, there will be an estimated two million person shortage of cybersecurity professionals globally. This means quite simply, when it comes to the cybersecurity skills gap, there are too many threats, and too few professionals to stop them.
The cybersecurity skills gap is especially challenging here in South Africa where a recent survey of businesses found that 32 percent of organisations have been the victims of cybercrime and 57 percent believe they will be affected in the next two years. The intense international competition for cyber security professionals too often leads to an exodus of skills leaving some communities more vulnerable to more attacks. The answer to this challenge is to create training programs and educational opportunities to increase the number of cybersecurity professionals. Cybersecurity professional jobs pay good salaries, are in demand, and represent a skill set that will continue to be needed well into the future.
The PCI Security Standards Council will announce at the Cape Town meeting plans to evolve the PCI Qualified Security Assessor (QSA) program to attract new cyber talent globally and ensure its sustainability and quality in an ever-changing payment environment. A QSA Company, of which there are several here in South Africa, is a data security firm certified to perform on-site assessments of a company's PCI Data Security Standard (DSS) compliance.
The changes to the QSA program announced this week will focus on supporting future security standards and technologies while attracting new cyber talent that will make up the next generation of QSA's. This new initiative has the potential to create new jobs and career paths here in South Africa and throughout the region. By creating opportunities for bringing new talent into the industry, this program aims to shrink the cyber skills gap at a critical juncture in the world of cybersecurity.
As we gather together this week in Cape Town, let us commit to doing all we can to address the many challenges we face in the cybersecurity global community. Cyber threats are not going away, but organisations can fight back by prioritising data protection. Establishing good data security takes time and effort, and requires ongoing education vigilance and collaboration.