In October this year, at a Digital Skills Committee meeting that was hosted in the House of Lords in the UK, it was revealed that by 2017 there will be a global shortage of 2 million cyber security professionals. Why is this? Well, everything these days has an “internet layer”, as Stephanie Daman, CEO of the Cyber Security Challenge, put it. She continued:
“At [the] moment, in my view, we don’t have a sufficient number of skilled people to do that protection piece. There aren’t enough people with those skills. The money is there, the careers are there, and on the face of it, it should be a popular choice. But there’s a skills gap.”
Daman cited banking, shopping and tax as key elements of the modern lifestyle that are now at least in part governed by the internet. All such information is inherently vulnerable as soon as it goes online. In the future, then, as more and more of our daily transactions, information transfers and purchases continue to take place over the web, the threat of fraud, identity theft and other crimes that are the expertise of the cybercriminal rises in unison. The problem is, at present, the amount of skilled professionals with the qualifications and expertise needed to protect and manage all of our information is lagging quite far behind.
Why is there a skills gap?
According to the IT Governance Blog, only a tiny 0.6% of 2012-2013 graduates are currently working in cyber security. The problem, then, perhaps starts in schools. A stronger emphasis needs to be put on the development and training in cyber security across the board and indeed across the world if we are to meaningfully close the skills gap to keep up with the fast-paced changes in our online lives.
But, even if schools were to implement the necessary changes, it’s still estimated that it will take 20 years for the skills gap to close. This simply isn’t quick enough.
To combat the problem, some firms in the UK are considering hiring ex-hackers in an attempt to get ahead of cybercrime more quickly. Computer Weekly cites a poll of 300 senior IT and human resources professionals, in which it was revealed that the inability to find the right people with the necessary cyber security skills was forcing many businesses to seek out ex-criminals to do the jobs instead.
More than half (53%) of the respondents said that “they would consider using a hacker to bring inside information to their security teams.” They also said that they would not overlook recruiting an expert even if that person had a criminal record.
Let’s take a look at some of the other data that the poll gathered:
- 75% of respondents said they are facing new cyber security challenges which require new cyber security skills.
- 70% admitted that their organization lacked data protection and security expertise.
- 60% said that they struggled to find experts who could sufficiently communicate with the business, i.e. making those who work outside of IT fully understand cyber threats and their implications.
- 57% admitted that it was becoming more and more difficult to retain specialized cyber skills staff in the past 2 years.
The willingness of organizations to hire hackers to meet their security requirements shows just how desperate the situation is, and the lengths that are being taken to stay ahead of the game.
Is there a better way?
With 20 years simply being too long to wait for the world to catch up with itself in the training of cyber security professionals, and the essential hiring of pickpockets to act as security guards surely not being the most sensible solution to the problem, organizations need to start looking at alternative means of providing the level of cyber security needed to keep themselves and their customers safe from attack.
One option is to start considering hiring experienced IT professionals who can be trained in direct alignment with the specific security needs of that particular company. Indeed, Serena Gonsalves-Fersch, head of KPMG’s Cyber Security Team, said:
“Rather than relying on hackers to share their secrets, or throwing money at off-the-shelf programs that quickly become out of date, UK companies need to take stock of their cyber defense capabilities and act on the gaps that are specific to their own security needs.”
In the UK, the department for Business, Innovation and Skills (BIS) are beginning to take the initiative to tackle this growing problem head on, and it’s something that needs to be replicated the world over if the skills shortage is going to be combated in any meaningful way in the future.
“We are working in partnership with industry and academia to improve cyber security skills at all levels, including developing guidance and training for businesses so they can deal with cyber threats to their information and services,” a BIS spokesman said in a statement.
Cybercrime is on the rise, and the skills required to deal with it is not keeping up. It’s something that the world will have to watch as we move into the future, but, suffice to say that for now it is a global problem, and we all await an innovation that can tackle it.