The almost complete reliance on the internet has meant that everything from economic vitality to national elections are affected by the changing landscape of cyber space.
The global dependence on this infrastructure has exposed a plethora of vulnerabilities that are being exploited on a daily basis by criminal groups, lone cyber attackers and state-sponsored actors.
Increasingly, it is the business sector that is now taking the brunt of their attacks.
This concentration of cyber-attacks on a single sector has been well documented in government research into cyber security.
Findings from the 2016 Cyber Security Breaches Survey revealed that two thirds of big businesses have been the victim of a cyber-attack in the past year alone, with the cost of some these breaches reaching into the millions of pounds.
>See also: Britain’s cyber security gap…it’s bad
Across the globe, corporate executives and board members have ranked cyber threats as the third highest risk to their businesses, behind that of customer loss and taxation. Just as worrying is the increasing number of attacks on smaller enterprises.
According to statistics released by internet security firm Symantec, 43% of the global attacks logged during 2015 were against small firms – a figure that is increasing year-on-year.
The increase in attacks comes down to a number of contributing factors. Companies now store a wealth of customer and employee data, yet too many of these companies still lack a security infrastructure that can competently defend against internal or external breaches.
Critical information is being protected by weak security; an opportunity that is too good to pass up for most cyber criminals.
Implementing business-wide cyber security processes and technology is costly and requires experts with the experience and knowledge to carry out effectively.
However, the IT security skills gap has created a drought that is affecting the industry’s ability to build the workforce of cyber defenders so urgently needed.
>See also: Cybersecurity brain drain: the silent killer
There is now a severe vacuum of man-power. The (ISC)2 Global Information Security Workforce Study predicts there will be a shortage of 1.5 million information security professionals by 2020. This shortfall is having a knock-on effect that is directly impacting how businesses can respond to cyber-attacks.
One in five organisations throughout the public and private sector admitted that it could take between eight days and eight weeks to repair the damage from a cyber-attack. Nearly half (45%) blamed the lack of qualified staff.
The nature of cyber threats affecting businesses are often specific and certain skills are in high demand, requiring training to develop them. Despite this, Government research has indicated that only 17% of businesses have invested in cyber security training in the last 12 months.
With the alarming rise in cyber-attacks against UK companies, the Government has quickly come to terms with the critical vulnerability the IT security skills gap is creating for the country’s economic security.
It is now backing initiatives that are enabling businesses to work collaboratively with the cyber security industry to recruit, train and develop IT security professionals.
The Cyber Security Challenge UK works with the government to provide one such initiative. Collaborating with UK businesses and cyber security firms, the initiative aims to find individuals with the appropriate skills and inspire them to pursue a career in the industry.
Similarly, a collaborative cyber security education scheme between government and industry has been launched which allows potential employers to track student’s progress – helping them transition straight into a career in the industry.
Schemes such as these offer a platform through which businesses can unearth and develop the UK’s cyber security talent. This is achieved by providing a gateway through which these businesses can witness this talent first-hand and fast-track it directly into cyber security roles.
>See also: Diversity in cyber security: how to close the gender gap
This is proving vital for the cyber security industry as the school syllabus and the majority of university courses do not teach the basics of computer security.
This means the stream of talented graduates most industries have become used to hiring from does not exist for the cyber security sector. UK businesses therefore need to take it upon themselves to invest in the training and education of a skilled cyber security workforce.
Over the past few years this has started to become a reality. The UK is becoming more effective at contending with these threats as more and more companies invest in cyber security through collaborative projects and initiatives.
However, the lack of a well-trained workforce, coupled with the blistering pace of technological advancement, still poses a dire threat to UK businesses.
Trained professionals are the best line of defence when it comes to opposing this threat and investment in education and training will be key to achieving the number of professionals needed.
Sourced by Dr Robert L Nowill, chair of the board at the UK Cyber Security Challenge
