With it being 2018 and the start of a new year, one would assume it would bring a fresh start, filled with new possibilities and opportunities for the cyber industry. In reality, the problems have remained the same. Nearly every year seems to sprout an attack that impacts organisations on a global scale – 2017 was the year of WannaCry and Mirai in 2016. But for security professionals, there is an even bigger issue that has preoccupied their attention, and it’s even bigger than suffering from a data breach or a cyber-attack.
The latest Ponemon Institute survey revealed that the ‘lack of competent in-house staff’ was the biggest cybersecurity worry for CISO’s. Staffing problems concerned CISO’s more than suffering a data breach (67%), a general cyber attack (59%) or even being affected by ransomware (48%). Some may be shocked to hear that considering the devastation of WannaCry and NotPetya last year.
Many in the industry have cried out for a resolution to plug this critical gap in the cyber market, and with the number of threats mounting, and new innovative technologies being developed, where are the reinforcements of security professionals to take to the online battlefields? This question continues to be left unanswered, but there are some theories as to why this has happened.
Martin Ewings, director of specialist markets at Experis says, “businesses are now challenged to both keep up with the wave of new technologies that are emerging all the time and prepare for ever more sophisticated cyber attack. Add the escalating digital skills crisis, and the extensive requirements of the upcoming European General Data Protection Regulation (GDPR) reform, and it’s hardly surprising that IT security now has a firm place at the top of the boardroom agenda.”
With GDPR coming into force in May of this year, organisations could face fines of up to 20 million if they fail to meet the required data security and compliance laws. This has only added to the demand for data protection personnel, a problem Dr. Andrew Rogoyski, vice president of cyber security services at CGI UK has alluded to. He said the “demand for cyber security talent is greater than it has ever been” with GDPR “pushing organisations to think about how they manage risk.”
Some have called for a complete overhaul of the education system, with action also needed from the Government to promote STEM (Science, Technology, Engineering, Mathematics) subjects at schools. Research by McAfee found that school education played a major role in the decision making for adults who left without adequate IT skills and no knowledge of cyber security. In fact, more than one in five (21%) British adults would have considered a career in cyber security if IT lessons had been more engaging at school, with 15% stating they would have considered a career in cyber security had the lessons been more interesting.
F5 Networks systems engineer David Maclean believes this that the lack of education offered has definitely aggravated the situation, saying “action from Government, educational institutions, and the wider tech industry must work together to help youngsters channel their talent into cybersecurity and pursue exciting and rewarding careers. Education must start early, and courses need to offer the right balance of knowledge and practical skills. This should include industry collaboration with schools and appropriate curriculum changes. Industry role models are also important in helping students understand the significance of cyber-security in a rapidly evolving digital world. Access to better security resources will significantly raise the profile and importance of cybersecurity in the academic curriculum. Done correctly, not only will this help students into new career paths, but it should also better prepare them to better manage their personal data on a daily basis.”
This opinion is echoed by Graeme Gordon, chief executive of IFB and chairman of ScotlandIS, who says that barriers within the industry need to be broken down to showcase the opportunities available to the next generation. He said, “the economy can guarantee jobs for the tech-savvy. Just look at how technology has changed our world; to remain game changers, there needs to be confident, skilled young people to become the new wave of innovators. Let’s build meaningful connections between business, education, and parents as by doing so we will work towards finding our next generation of bright talent.”