As technology develops, cyber incidents are inevitably becoming more and more common so it is crucial to promote the cybersecurity industry as lucrative and rewarding. According to James Lyne, Head of Research and Development, SANS Institute, schools should be going the extra mile to immerse and educate pupils in the world of cyber.
The UK is currently on the brink of a cybersecurity skills crisis, one that will ultimately affect the security and success of its digital economy. The UK is positioning itself as a digital innovator and leader in all things technological in an increasingly technology-driven global economy. However, UK businesses are still being caught out when it comes to cybersecurity. This is heavily influenced by the ongoing lack of cybersecurity talent available to help keep the data, infrastructure and people safe within those businesses. Along with the funding of technologies such as 5G, robotics and AI – a continued and renewed importance must be placed on protecting the national digital infrastructure. This means an ongoing focus on educating those in the workplace about their responsibilities regarding security, but also educating the next generation about IT security, as well as promoting the area as a lucrative, rewarding, but also critical career option.
There remains, however, a large amount of work to be done. Recent research conducted by SANS showed that only 11.5% of UK 14-18 year-olds are aware of job opportunities in the cybersecurity sector, let alone considering a career in the industry. Given that these are the workforce of the future, this has the potential to be highly damaging to the country’s ambitions in areas such as 5G, IoT and other connected areas. We are already in a hyper-connected society, but it’s vital that we ensure innovation does not outpace IT security, exacerbating an already sizeable problem.
We’re not minding the gap
Indeed we’re already seeing the impact of this shortage of skilled cybersecurity staff. The government has reported that around 43% of businesses have experienced a cybersecurity breach or attack in the last 12 months. The severity of the attacks varies, as does their cost to businesses and the wider UK economy, but without dedicated and educated personnel, the potential for greater damage is huge. Whilst it may be hard to quantify and qualify the costs of an attack, Lloyds of London believes that the fallout from a serious cyberattack could cost the global economy more than £92 billion, as much as natural disasters such as Hurricane Katrina.
That same study reports that only 27% of businesses surveyed have any formal policy concerning cybersecurity at all. While there are still a lot of businesses that do have policies in place – the problem they share is one that is all too familiar: they lack the available people with the necessary skills.
Back to school
While a concerted effort to retrain and cross-train existing employees is important to help fightback against this skills gap, the situation has become too severe to rely on this approach alone. In short, IT security needs to go back to school and we need to start properly educating our younger generations in cybersecurity, both in how to stay secure and as a possible career choice. To make matters more complex, our study revealed that 84% of UK students have never considered a career in cybersecurity, trailing miles behind countries such as Saudi Arabia and the UAE, where only 50% and 46% of surveyed students respectively had not considered a career in that area.
What nobody seems to be properly acknowledging is that, given the enthusiasm and aptitude of the iGeneration for digital technologies, we are currently sitting on a potentially rich seam of digitally literate talent; this talent offers the perfect base upon which to build new skills and awareness in cybersecurity. Given the rate at which the cyberthreat landscape is growing and today’s always-on attitudes to social media and online accounts at home and at school, it is perhaps time to consider a more rigorous approach of cybertraining. This should include the teaching of security basics such as digital footprinting, privacy settings and password management, at the very least.
Fortunately for the country, there is government backing. In 2016 the UK government launched the National Cyber Security Strategy, setting out a number of initiatives across the country in order to improve cybersecurity skills, including £20 million of funding to its cyberschools programme, Cyber Discovery, designed to give pupils aged 14-18 clear pathways and direction to the cybersecurity industry through direct contact with industry experts.
Cyber Discovery gets right to the heart of this issue, helping to develop and nurture the skills and aptitude among school children that are needed to help defend our country and its businesses against cybercriminals. The free, extra-curricular programme is primarily delivered through an online gamified portal that is designed to spark interest and deliver comprehensive training through a series of online challenges. Using personal devices to compete with others via online platforms for competitions and collaborative projects have all been proven as successful methods of engaging, immersing and educating pupils in the world of cyber. It can’t all be wrong as a recent McAfee report demonstrated that 96% of businesses using these techniques reported benefits being seen across the board when it comes to cybersecurity.
Stimulating this kind of interest and growth in the cybersecurity sector will take a nationwide and collaborative approach. Proper funding, better allocation of school budget and support from industry are all required to come together in an effort that will reap more reward than the sum of its parts. As well as unlocking career opportunities in a highly lucrative sector, this will equip pupils with IT skills for safer online navigation – benefiting themselves, the broader population and businesses in the UK as we continue on our journey forwards into the unknown.