Ciaran Martin, director of the newly formed National Cyber Security Centre, told CyberUK conference attendees that companies need to adapt quickly to the rising threat, while Robert Hannigan, outgoing director of GCHQ, predicted a “huge skills shortage” by the middle of the next decade.
This was the message yesterday at this week’s CyberUK conference in Liverpool. Martin expressed concern that companies were not adapting fast enough to this rising threat to crowd of 3,000 from the government and private sector: “If we don’t get cyber security right, the fundamentals of our economy and our way of life could be challenged.”
He continued that – as been expressed many times before – cyber security was no longer an IT issue and is now a boardroom, business-critical issue; especially with regulation like GDPR waiting in the wings.
>See also: The cyber threat to UK businesses – NCSC and NCA report
Hannigan cited tackling gender diversity as a potential solution. Diversity in the workplace is crucial to not only address the skills shortage, but also to boost innovation.
Organisations in the IT and tech sphere can’t hope to remain competitive in an era of disruption and security vulnerabilities if 50% of the population are not being considered for roles in the industry.
Gender inequality has pervaded the IT and technology industry for a long time and is continuing to do so.
But it is improving and Hannigan has turned to increasing the number of female cyber security staff.
Despite his efforts to increase this number, he has faced opposition. “We all feel threatened by change,” said Hannigan, “but it is crucial to make progress. People will look back in 10 years time and ask: ‘Why did we not do something earlier?’”
Paul Fletcher, cyber security evangelist at Alert Logic, commenting on the skills shortage, said “The demand for well-trained cyber security professionals continues to increase and the shortage in supply is a major challenge for the industry. There are plenty of traditional IT training and education organisations that provide curriculums to teach students to gain certifications and a lot of students successfully achieve quality certifications.”
>See also: The official opening of the National Cyber Security Centre
However, Raj Samani, CTO EMEA, Intel Security has said “the truth is that traditional education is not preparing individuals for cybersecurity jobs. In addition to redirecting the curriculum to focus further on cybersecurity, we need to look beyond higher education to train people for the profession.”
“Whether through hands-on training or professional certifications, employees can access specific cyber skills without a certain degree course.”
More vulnerable
Hannigan – during his speech, said that the UK had experienced five “game changing” attacks in 2016, which included the largest recorded cyber heist and a significant data breach concerning TalkTalk.
The threat from cyber attacks is increasing and with one-eighth of Britain’s GDP coming from the digital economy – the highest level among countries in the Group of 20 – the need to protect it couldn’t be more crucial.
These attacks may have been happening at the same rate before the NCSC was formed in October 2016, but there was no structured method of identifying or categorising them.
The aim of the new cyber security defence hub is to further raise awareness of the increased threat to UK businesses from external cyber threats; the most common of which is ransomware in particular from ransomware.
>See also: Women in IT Awards 2017: winners revealed
Ultimately, the cyber threat will continue to increase. The most significant way to balance the fight is by tackling the skills shortage, which conveniently, goes hand in hand with addressing the gender gap.
In a closing thought, Samani suggested that “companies can significantly reduce the number of events to investigate in person if intelligent automation processes are in place, thereby reducing the burden for staff.”