Not a day goes by without a news story on the topic of cyber security. It’s a subject which dominates digital forums frequented by IT professionals and the national media, rousing concern from the general public about how safe the digital landscape is and who has access to our personal information. In the face of the challenges cyber security poses to our everyday lives, how can businesses ensure that they have the knowledge to protect themselves online?
The cost of the void in digital skills
Currently, businesses face a real challenge in the search for the cyber security skills they need to succeed. Networkers’ recent Voice of the Workforce research confirmed this lack of skills, with more than half of the 1,656 technology professionals who were surveyed saying they believe there is a skills shortage in the sector they work in. In addition, we found that cyber security is seen as the greatest potential disruptor to the industry over the next five years. Essentially, these findings demonstrate that cyber security will live up to the hype over the coming years, but there aren’t enough people with the level of digital skills needed to deal with its impact.
In addition, a 2016 Digital Skills Crisis report by the Science and Technology Committee indicated the full extent of the UK’s lack of digital capability, highlighting that 12.6 million adults lack basic digital skills - a skills gap which costs the economy more than £60 billion a year in lost income. Consequently, the lack of skills to cope with cyber security will cost us, our businesses, and our economy.
Investing in knowledge
It’s encouraging to see many companies starting to run their own academies to up-skill their IT staff with more specialist cyber security knowledge and qualifications. These are directed towards IT professionals who have experience in positions such as second and third line support and support analysts. In these academies, budding cyber security professionals are put through their paces in a controlled SOC (Security Operations Centre) environment with an experienced cyber security expert. This provides them with hands on experience dealing with threats and helps to gain knowledge from more experienced staff.
While practical experience is essential for a cyber security career path, companies are also looking for new candidates with certifications such as the Certified Ethical Hacker (CEH) to provide a good foundation of knowledge. Another respected certification is the Certified Information Systems Security Professional (CISSP).
Crucially, protecting data and preventing cyber threats are not the sole responsibilities of IT teams. Business leaders need to prioritise training for all current staff within their organisations. The importance of company-wide education was highlighted in a study by Intel Security last year, called Grand Theft Data, which showed that internal ‘actors’ (employees, contractors and third-party suppliers) were responsible for 43 per cent of data loss incidents. This statistic represents a mix of accidental and intentional incidents and indicates a need for businesses to place as much focus on identifying and preventing internal security threats as they do on external threats.
Gearing up for GDPR
However, protecting our businesses from cyber security threats is not only about technical solutions. One major storm on the horizon of the cyber security shores is the impending General Data Protection Regulation (GDPR), which comes into effect in May 2018. The regulations, which will apply to organisations holding more than 4,000 pieces of personal data, dictate the measures companies must take for protecting data on EU citizens. However, this cannot just be seen as a problem for IT to solve. We may see the challenge as understanding how to keep data secure in an online, hackable world but these vulnerabilities are so much more than IT applications and infrastructure.
Processes and culture within organisations are often the bigger threat. To solve this issue, businesses need to adopt a top down approach to cyber safety. CEOs must champion change where required and encourage collaboration between governance, analysts and risk to establish how much change is required to the processes that currently exist. Finally, and perhaps most importantly, there needs to be real ownership of the training of existing staff, to create a human firewall which will drastically help to reduce risk.
As it stands, this company-wide, joined up approach is not being adopted by organisations. Our Voice of the Workforce research highlighted that a third of IT professionals believe the company they work for is either not aware of the future disruptors to their sector or is not doing anything to address these challenges.
The consequences of non-compliance are severe. If the data you hold on EU citizens is found to be inadequately protected, not only do you risk leaving your business exposed to cyber threats and having your reputation permanently damaged, but you could also face fines for non-compliance, which could be up to 4 per cent of your annual global turnover. That would be quite an expensive lesson in cyber security!
Next Gen cyber security pros
Whilst the industry struggles with a void in digital skills, positive steps are being taken to establish a strong future talent pipeline. In the UK, the Government has set aside £20 million to deliver an extracurricular school programme that will teach selected teenagers up and down the country vital cyber security skills, to keep them safe online and hopefully encourage them to consider a career in this exciting discipline. In addition, the new National Cyber Security Centre (NCSC) is taking notable steps to educate and inspire young people in the field of cyber security. The launch of the CyberFirst Girls Competition (which has received more than 5,000 registrations) is just one example of the work the NCSC is undertaking to promote cyber security skills and careers to young people.
Knowledge is power and that phrase is particularly apt in the world of cyber security. The UK is on a journey to better understand the threats our cyber systems face and how we can defend ourselves against them. With the rise of cyber-crime, this knowledge cannot be learned fast enough. We must make the most of the skills we have now, educate people on the basic principles of cyber safety and continue to nurture the talent of the future, in order to protect ourselves and our businesses online.
Jonathan Martin, Department Manager, Cyber Security & Cloud, Networkers
Image source: Shutterstock/jijomathaidesigners