While most of us were slow to grasp the new rhythms of working from home, one group seized on the chaos of the pandemic with lightning speed: cyber criminals.
Everyone – from the NHS to national infrastructure to FTSE250 companies – has been left reeling from relentless campaigns to infiltrate and exploit our vulnerabilities when we’ve been at our weakest.
Cyber criminals have exploited the security vacuum created by the shift from secure, centralised office IT systems to the vast constellation of personal devices as people worked from home. Cyber attacks rose 93% in the first half of 2021, compared to the same period last year – an astonishing figure given that 2020 was already breaking cyber crime records.
Many of us naively thought only larger players would be in the cyber criminals’ sights, but breaches over the course of the pandemic – from Pegasus malware to the SolarWinds incident – highlight how critical a robust cyber security strategy is for all organisations, both large and small.
None of us can afford to be complacent: it is no longer a matter of if a cyber attack will happen, but when. It therefore makes it all the more worrying that half of UK firms lack staff with basic cyber security skills, such as storing personal data, setting up firewalls or detecting malware.
It’s a problem that’s only expected to get worse as companies are forced by the exponential rise in cyber attacks to rush out and recruit skilled professionals. With the talent pool depleting rapidly, many organisations simply cannot afford to keep up – investment in cyber security training has been severely impacted by the pandemic, with businesses slashing budgets to survive through lockdown. While there were one million unfilled cyber security jobs worldwide in 2014, today there are 3.5 million.
There is great work being done, not least by the National Cyber Security Centre (NCSC), which has introduced cyber education for children as young as eight years old, and bursary schemes, degree apprenticeships, and thousands of free places on CyberFirst courses at UK universities and colleges.
But we still have a mountain to climb. While there are rising numbers of people with cyber security degrees and qualifications, this still falls way short of industry demand. Further down the education system, there is still a long way to go as the number of young people taking IT subjects at GCSE level has dropped 40% in the past six years.
Cyber security challenges will only become more complex, which means we need to be proactive. It takes time to educate and train highly skilled professionals, and time to gain practical working experience.
For those who do go on to take computer science degrees, many companies require further extensive training before they’ll even offer a cyber security specific role. Schools and universities must invest more in providing students with up-to-date cyber know-how and a corresponding soft skill set. Training opportunities must diversify to include apprenticeships, and a broader, more inclusive set of qualifications and certificates.
However, a new cyber security education pathway is a long-term solution to an imminent crisis. We need to recruit the brightest and the best now, which is why cyber education and recruitment must look beyond the classroom. We often hear of large companies complaining about the lack of cyber expertise available to hire and fighting among themselves over the few graduates who are qualified.
While the stream of cyber professionals from universities remains unreliable, there must be a greater readiness in the corporate world to upskill employees themselves, as well as take on candidates from diverse career backgrounds. Getting employers and recruits talking to each other is an important way in which the industry can immediately broaden their recruitment processes.
If we are going to realistically meet these mounting challenges, we must find ways to bridge the cyber skills gap – by casting our nets wide and leaving no stone unturned, we can build a workforce that is capable of meeting the cyber security challenges of tomorrow.
SASIG’s free Cybersecurity Skills Festival is taking place on Tuesday 12 October 2021, from 9 a.m. to 5 p.m. Cyber security professionals will discuss skills in cyber, and the jobs fair will connect those looking for opportunities directly with those looking to hire.