printer friendly version

The science of securing cyber skills

A recent scientific report found that our memories simultaneously generate two forms of personal experience. The hippocampus captures knowledge for the short term and the cortex banks it for the future. Businesses would do well to emulate such foresight and mental dexterity when it comes to bridging what is fast becoming a cavernous cybersecurity skills gap. As technology rapidly transforms the way we live and work, how do decision-makers secure the talent that will lay the foundations for the future?

Martin Walshaw, senior systems engineer at F5 Networks.

The skills gap

We live in a security conscious, app-powered, multi-cloud world and the demand for expertise capable of deciphering advanced technology and adding strategic value is reaching fever pitch. Cisco estimates there are a million unfilled cybersecurity jobs worldwide and Symantec predicts that the figure will rise to 1.5 million by 2019. In fact, Facebook security head honcho, Alex Stamos, recently summarised the situation. “Things are getting worse”, he said, speaking at the 2017 Black Hat conference. “We do not have enough people and not the right people to make the difference.”

The digital world is dynamic and complex, leaving slow-moving businesses without integrated security solutions vulnerable and uncompetitive. The skill deficit is especially pronounced when cloud technology is involved, because speed to market, agility, and innovation are increasingly becoming business prerequisites. Those firms without the in-house resources to handle data and application migration are under intense pressure. The need to manage and migrate apps more efficiently, whether public or private, has gained unstoppable momentum. The drive to reduce operational costs and keep the business profitable is unavoidable.

According to F5’s State of Application Delivery (SoAD) Report, 34% of surveyed customers cited the ‘skills gap’ as a significant security challenge. A scarcity of cybersecurity experts clearly needs urgent attention and only a robust combination of investment, business resource, political will, and cultural change can shift the tide.

Shaping the future

Today’s youngsters are technologically immersed in an unprecedented way. Their lives are shaped by data both in the way they learn and play. To ensure they become responsible, vigilant cybercitizens, it is crucial to integrate smarter security disciplines into their school curriculum and home life from the outset, whether for personal protection or longer-term employment prospects.

Governments and academic institutions frequently tout the importance of STEM (science, technology, engineering, and mathematics) skills at school, but the acronym is arguably a letter shy. In today’s digital society, perhaps we should re-consider STEMS by adding ‘S for Security’ to the education agenda. By bringing the subject into the daily programme, students will understand the issues and quickly follow best practice to discern right from wrong. Tackling the problem early on also paves the way for improving the current problem of an insufficient number of security specialists graduating from university.

There is also significant potential to more actively encourage women to pursue cybersecurity as a career. According to the Global Information Security Workforce Study, only 7% currently do so, but there is a growing appetite to change this issue. The male dominated IT industry has a big responsibility here. As ever, sustainable success will be dependent on government and industry collaboration, as well as incentivisation schemes.

More than ever before, women have the opportunity to benefit from cybersecurity as a fulfilling, rewarding and valuable profession. The career possibilities are endless in a market that is fast-paced, dynamic and at the forefront of cutting-edge technology. The message given by a male dominated industry is currently murky and misdirected. We need to do more to secure talent effectively and from all areas of society.

It is also time to remove the public’s misconception that cybersecurity is a dark science conducted by boffins in white coats. Cybersecurity is, and always will be, an everyday part of our lives and not a function to just sit at the ‘digital-doorstep’ of corporate companies. Whether banking on-line, buying goods at a store or simply installing the latest IoT-enabled gadgets in our homes, security is also an individual responsibility to protect sensitive information.

Mind the data

Scientific discoveries about how our minds work bring fresh evidence for how we develop cognitive capabilities. Greater effort is required to improve cybersecurity awareness and nurturing knowledge from early learning techniques to a better understanding of cyber threats at work, and in the home.

Research by the Ponemon Institute found worrying levels of business readiness for cybersecurity threats and revealed that 42% of CISOs worldwide branded their staffing as inadequate. Interestingly, 50% consider computer learning and artificial intelligence important to address staffing shortages.

Now is the time to scale our skills and invest more in the next generation of industry experts, so we can all become more security-savvy cybercitizens.

New online cybersecurity training

Kaspersky Lab research shows that 44% of businesses in South Africa admit that they don’t know enough about the IT security threats targeting them, and it comes as no surprise that they are concerned about becoming cyberattack victims as a result.

To help IT teams tackle these challenges, Kaspersky Lab has launched Cybersecurity for IT Teams Online, its new interactive training course designed to help IT teams develop their basic information security skills. The skills teams acquire during the course will help enterprise support staff increase the quality of their cyber defences.

According to the Kaspersky Lab IT Security Economics Report, 53% of local companies are concerned about employees lacking cybersecurity awareness – something that can lead to cybersecurity incidents. One of the factors behind this disturbing statistic is the lack of basic skills in working with information security tools among IT support specialists. After all, they are the first to encounter requests from employees about problems potentially linked to cyber threats, whether it’s a suspicious email or the ‘Blue Screen of Death’. To help companies strengthen their first line of IT defence, Kaspersky Lab has introduced its first online training specifically aimed at IT administrators and support staff.

Cybersecurity for IT Teams Online is a modular training course with a unique interactive programme that allows IT specialists to gain practical skills in recognising possible attack scenarios, as well as master the mechanics of collecting preliminary data about incidents in order to send them to an information security service. Cybersecurity for IT Teams Online was created in SCORM 1.2, integrated into corporate learning management systems (LMS) with Internet browser access, and includes four thematic modules:

• Malicious software

• Potentially unwanted programs and files (PuPs)

• Investigation basics

• Phishing and open source intelligence

Each module includes a small theory block and 4-10 practical exercises. The new course will help IT specialists learn how to use IT security tools such as utilities for the detailed analysis of Process Hacker/Process Explorer in the system, tools for storing the hard disk image and obtaining a memory dump (e.g., FTK Imager), a framework for reconnaissance in open sources (e.g., Recon-ng) and many others. The approach recommended by Kaspersky Lab includes the training course lasting one year, with participants spending 45-60 minutes a week on the programme.

For more information, go to https://www.kaspersky.com/enterprise-security/security-awareness

Share this article:

Further reading: