Three colleagues of modern work co-working with laptop computer showing need for cybersecurity skills

Cybersecurity – Addressing a Current Issue by Planning for the Future

The talk around the digital skills gap is one that is becoming increasingly prominent across the world. Many of the nations often considered amongst the world’s most advanced, including the US, Japan and others, are struggling with adapting to a world where new technologies play an increasingly important role across the economy and society.

However, the UK is an example of where these concerns seem to be gaining the most amount of traction. As technology continues to rapidly and fundamentally change the way most people do their jobs, disrupting the nature of work and increasing the demand for new kinds of digital skills, there are fears that the country is finding itself increasingly behind the curve. Despite being the fifth most digitally advanced nation in Europe, according to the European Union’s Annual Report on Digital Societies, and being home to a large number of big tech businesses and tech “unicorns”, the country is heading towards a “catastrophic digital skills shortage disaster”.

Though some of this concern originates from a recognized lack of digital skills within the existing workforce, the more pressing long term concern is the ongoing trend of young people rejecting IT or failing to complete courses in ICT skills. The Learning and Work Institute found that students taking IT subjects at GCSE has fallen by 40% since 2015, whilst the number of GCSE entries in computing or ICT fell from 147,000 in 2015 to 88,000 in 2020. In that period, computer science entries more than doubled, but it’s still led to an overall decline of pupils taking ICT. Perhaps even more worrying, nearly half (48%) of UK employers believe young people are leaving school with insufficient advanced digital skills.

Cybersecurity is the key concern

Perhaps the most critical of these much-needed skills is cyber security. As more of our personal lives and business activities move to digital platforms, cybersecurity is quickly becoming one of the key issues of our time. What’s more, the future of cybersecurity is hard to predict because the industry is constantly evolving in response to the shifting behaviors of cybercriminals and the new attacks they develop.

Trends indicate that cyber will become more and more important as time passes. Cyberattacks on healthcare facilities in the U.S. last year alone affected 17.3 million people in 436 breaches tracked by the U.S. Department of Health and Human Services (HHS) Breach Portal; a sharp increase from 31 breaches affecting 419,000 people in January alone of the same year. A Clark School study at the University of Maryland estimated that there is a hacker attack on an Internet-enabled computer every 39 seconds on average. To make matters worse, nearly 80% of senior IT and IT security leaders believe their organizations lack sufficient protection against cyberattacks despite increased IT security investments made in 2020 to deal with distributed IT and work-from-home challenges.

Indeed, estimates put the worth of last year’s global cybersecurity market at around $42 billion alone. However, despite the increase in spending, the ultimate problem remains – a shortage of future workers with the necessary skills; a gap of around two million by 2022 according to Global Information Security Workforce. This is further evidence that young people remain our best hope for tackling the global cyber skills gap.

Improving the appeal

To do this, cyber security must not only be presented to them as a viable career option, but  educators must look at how they teach it. As stated earlier, not only is the uptake of courses in decline, but the numbers of those completing the courses as well. Educators and teachers must take a step back and cast a critical eye over their content and their methods. Traditionally, those teaching the topic are often more concerned with providing a theoretical understanding of cyber security; focusing on what the motives behind attacks might be, the means they use to carry out attacks, and the potential losses involved. While this provides a great theoretical backing to cyber-training and may encourage vigilance, it is not always helpful in practical terms.

Instead, the focus should be on learning by doing or experiential learning. Many teachers focus on imparting knowledge to students; they imagine themselves as “putting information into students’ minds.” But, the science of learning shows that students need to construct knowledge for themselves, and in many cases, effective learning would be better described as a process of “pulling information out of students’ minds. Experiential learning provides an opportunity for continuous learning and improvement, giving the student instant feedback and the ability to reflect on what to keep doing, what to tweak and repeat, or what to change altogether,

The role of innovation

However, perhaps even more importantly, students must also be supported by having access to the best resources in the field. This is the only way to ensure they will play an active part in closing the skills gap, as the standardisation of cyber training practices for teens right through to experienced consultants will empower workers of all calibre to take an active role in reformulating their own organisations’ training strategy, strengthening it and enabling seamless integration between teams.

One of the most innovative resources to enter this sector is cyber range technology. Cyber ranges enable users – be they a university, business, or government – to generate a realistic, capable and credible virtual environment which requires trainees to respond to cyber-attack simulations in real-time. Within the simulated network, users learn to cope under high levels of stress, locating and exploiting vulnerabilities on various network systems. This helps them develop the skills to identify, monitor and resist cyber attacks. Cyber ranges can mimic your IT systems, and provide sophisticated training in the form of task-driven Capture-The-Flag (CTFs), live-fire exercises, or a combination of both (threat hunting). They are available in open-source, and can be deployed quickly through the cloud, making roll-out to anywhere in the world a smooth process.

Cyber ranges are part of a wider trend of cybersecurity specialists focused on using creative methods to attack the very systems they are aiming to protect, in order to discover vulnerabilities that could be exploited by hackers. Today, there are more and more so-called bug bounty programs in which skilled white-hat hackers work to disrupt the illegal and destructive efforts of their black-hat counterparts by finding and fixing weak spots in cybersecurity defense systems. For example, management and IT consulting firm Booz Allen Hamilton configure fake computers in a phony, intentionally vulnerable network that functions as “a virtual mousetrap” to lure cyber adversaries, who take the bait and reveal valuable information about their identities, tactics and intentions.

Training the existing workforce solves part of the #cybersecurity workforce problem, but long term, the solution lies with the younger generation. #respectdata Click to Tweet

Conclusion

In 2021 cybersecurity is among the top priorities for any company, as organizational executives recognise it is critical for business operations and processes. However, there is still a gap between the need and resources available to solve the problem. Training the existing workforce solves part of the problem, but long term, the solution lies with the younger generation. It is vitally important to all of us to ensure we are creating the opportunities and engagement to address the issue – which means a rethink of how we present, teach and promote cybersecurity to them.

 

Chief Operating Officer at CybExer Technologies