From education to employment

It’s Time to Go Back to Basics to Address Cybersecurity Skills Shortages

James Lyne, Head of Research and Development, SANS Institute

Uber, Equifax, Yahoo: big-name data breaches have become so commonplace over the past year or two that the average consumer has almost become desensitised to them.

In reality, UK PLC and critical infrastructure providers alike are being threatened on a regular basis by a combination of state-sponsored hackers, cybercrime gangs and hacktivists.

The truth is that there is a serious lack of cyber security practitioners on the market and this has serious long-term implications for our economic wellbeing and potentially even our physical safety.

That’s why we must start from scratch by encouraging more school kids to take an interest in IT and cyber security. The good news is that the government has identified this as a problem area and is working with industry to address it.

A skills cliff edge

Wherever you look, there are major challenges. The UK Commission for Employment and Skills (UKCES), has claimed that 43% of STEM vacancies are hard to fill because of a dearth of applicants with the right set of skills. What’s more, the Center for Cyber Safety and Education warned at the start of 2017 that the UK is heading for a cybersecurity skills “cliff edge” as older professionals retire with few new entrants coming through the ranks to replace them.

Two-thirds of UK firms claimed to have too few cybersecurity personnel; with almost half (47%) saying the reason is a lack of qualified applicants. According to the same report, the global shortage is set to hit 1.8m by 2022.

In addition, Intel Security/McAfee research from last year revealed that 82% of global firms suffer from security skills shortages. Nearly three-quarters (71%) said that this has directly damaged their organisation as it has become a bigger target for hackers.

Raising the stakes

This comes at a time when threats are at an all-time high, driven by a highly professional cybercrime underground and increasingly audacious raids from state-backed operatives. Trend Micro claims to have blocked a massive 38bn+ cyber-threats in the first half of 2017 alone, including 82 million ransomware threats. The UK government, meanwhile, said earlier this year that nearly half (46%) of all businesses had suffered at least one breach or attack in the previous 12 months — rising to 68% for large companies.

Cyber threats don’t just result in data loss, service outages and financial and reputational damage for companies; they can also have a real impact on our daily lives. In the Ukraine in December 2015 and 2016, sophisticated attacks crippled power suppliers, leaving hundreds of thousands in the dark. Now the National Cyber Security Centre, and even the Prime Minister Theresa May, have warned that Russian hackers are actively attacking our media, telecommunications and energy sectors.

In short, the stakes couldn’t be higher.

Back to basics

While the UK has a world class cybersecurity sector, the sheer growth of the digital world is outpacing our ability to secure it. Skills shortages persist despite generous salaries, near-guaranteed employment and prospects for career advancement simply not available in other sectors. Automation tools can help address some of the shortfall in personnel, but even technologies like machine learning and AI ultimately need human input to unlock true value.

To address these endemic skills shortages we therefore need to go right back to basics, by encouraging more school children to take an interest in the field at an early age. The government has quite rightly identified this as a key area and has committed £20m to an ambitious Cyber Schools Programme for 14-18-year-olds. The aim is to give the brightest young minds the opportunity to learn security skills alongside their secondary school studies, with a view to hopefully progressing into a full-blown career in the industry.

The SANS Institute is helping to deliver this as part of a consortium of partners with BT, Cyber Security UK Challenge and FutureLearn. The Cyber Discovery programme welcomes students from all educational backgrounds between the ages of 14 and 18 (school years 10-13). It starts with an online assessment designed to find those young minds which have the qualities that make a great security practitioner. Several subsequent stages will expand students’ knowledge through engaging interactive learning opportunities, introducing important disciplines including Linux, cryptography and programming. The top performers will then be invited to a final CyberStart Elite stage where they’ll be able to combine theory with hands-on practice and even train with some of the industry’s top experts.

It’s not too late to pull back from the cyber-skills cliff edge. With the right approach and a committed government we stand a great chance of repopulating the UK’s cybersecurity industry with a much needed injection of new blood — although it won’t happen overnight. The reality is that every business and consumer in the UK needs this to work out.

James Lyne, Head of Research and Development, SANS Institute

Students and adult mentors can find out more about Cyber Discovery here.

Related Articles