How to empower and prepare the next generation of cyber professionals
In this exclusive guest article, Lauri Almann, Co-Founder of CybExer Technologies, covers how to empower and prepare the next generation of cyber professionals.
Digital transformation has been front of mind for all the most successful visionaries since the turn of the millennium – every day, we are reaping the rewards of their ability to see 10 years into the future, and new experts are promising even more exciting times to come. But when it comes to certain elements of our digital lives, namely cybersecurity, most organisations are struggling to find a vision which can influence the here and now.
The pandemic has been a huge unforeseen catalyst in digital transformation, and although the world has risen to the challenge of meeting increased demands on networks, scalability requirements and changing use cases, most companies’ back-end IT infrastructure leaves a lot to be desired. Most companies have moved at least partially to the cloud, meaning complex migrations have become a part of everyday operations. The IT skills gap is holding steady, with organisations in need of millions of IT professionals, and to top it all off, cyber attacks have become rampant.
None of these problems have simple solutions. We may see more companies trying to help ease these stresses (as big software companies and also telecoms launching cybersecurity services to help clients fight off attacks), but the hard truth of the matter is that it is time for businesses to take the issue of compromised data and overall online safety more seriously. We need to be ready for detecting the attacks and be able to solve the incidents inside the organisation. That requires proper cyber education, investment, and training.
Tech skills are not just an issue for businesses, but governments too. A recent Salesforce-commissioned RAND Europe Report estimated that 14 G20 countries could miss out on $11.5 trillion cumulative GDP growth if the skills gap isn’t addressed.
Cyber skills are of particular interest, of course, given that cyber attacks of all kinds increased dramatically and on a global scale in 2021. In the UK alone, internet scams increased near-fourfold from 2020, while the number of data compromises rose from 2.2m to 42.2m. Data also indicates that Britain is lagging behind the rest of the world, with online security company Surfshark revealing the number of cybercrimes grew 40 percent in Britain last year, compared to a global rate of eight percent.
So, what steps can we take to combat this? The way forward is to make everyone part of the solution and empower a new generation of cyber-savvy individuals. This will not only help prevent day-to-day attacks, but it will also ease the strain on our already limited pool of cyber professionals. Here are five steps which can help us to achieve this:
1. We must recognise that cybersecurity is primarily a human problem
Yes, cyber attacks happen virtually in cyberspace, but humans are both the instigators and facilitators of these attacks. We build the infrastructure for hackers to exploit, we give them access to sensitive information by clicking on malicious links – sometimes we even directly transfer money to them.
Of course on the other side, real people are the ones planning and carrying out cyberattacks, too. The only way for us to properly understand cyber risks is to understand the role we, as humans, play in it. This is the key to finding real, workable solutions.
2. We need to understand that not all cyber attacks are ‘sophisticated’
Despite popular discourse, the true state of cyber in enterprise is much more spurious than people think. Indeed, the hackers who pose the most immediate threat to your businesses are, in reality, not likely to be sophisticated in their approach at all.
Ironically, to be successful, hackers do not need to apply the most advanced techniques. Often the most alarming attacks can be low-level phishing emails that entice people to open malicious attachments – a method which has become easily exploitable. Businesses should be alert to evolving techniques used by scammers, but they must not negate lower-level threats.
3. Get peace of mind with a well-planned and executed cyber strategy
Anyone can be the weak link in your cyber strategy, so it is imperative that nobody is left behind at the planning stage. Taking the former two points into account, we need to recognise that every employee has a role to play in the cyber-risk matrix.
Firstly, at the lowest level, every worker should be aware of cyber hygiene principles so they do not click on malicious links and get drawn into criminal schemes. Then, as we refine our strategy, cyber becomes about the IT professionals – if we are to mitigate the growing risk of cyber attacks, we need to make the right sort of training accessible to all who are responsible for the organisation’s cyber defenses. And finally, when we hone in even more, we reach the decision-making (C-level) executives. These individuals need to be prepared to deal with cyber crises in real-time and be alert to the potential risks of ransomware claims or data breaches.
When you get your cyber strategy right and execute it well, you will realise it encompasses all the employees in your organisation. The uncertainty of cyberspace becomes easier to navigate, and you can focus on your core business with relative peace of mind.
4. The way we ‘do’ cyber training needs to shift away from theoretical training and towards practical training
This goes for school children hearing about cyber for the first time, right the way through to the most experienced cyber professionals in the field. The most effective technological solution for supporting this shift is a cyber range platform, which enables any organization – whether they are a university, business, or government – to generate a realistic, capable and credible virtual environment which requires trainees to respond to cyber-attack simulations in real-time.
Within the simulated network, users learn to cope under high levels of stress, locating and exploiting vulnerabilities on various network systems. This helps them develop the skills they need to identify, monitor and resist cyber attacks.
5. Organisations need to take a proactive approach to closing the cyber skills gap
Through sponsoring and supporting young people that are interested in cyber security, the business ecosystem can help the next generation of workers to realise their potential as threat hunters, IT engineers, data analysts and more, who will become our front-line in cyber defense.
Running mentoring programmes, supporting regional cyber initiatives, and offering work placements to those studying IT and cyber security are all long-term solutions that will not only give people better scope to understand what the industry is about but also make a career in cyber a real option. This is particularly important in diversifying our intake of talent, too.
Empowering women in cyber and introducing cyber to the girls are in our global long-term interests, which is to create better solutions to the problems we face since diversifying teams is proven to lead to better outcomes.