The Cybersecurity skills shortage – is Collaboration the answer?

  • by : admin
  • Category : cybercrime, Petya, Uncategorized, Wannacry,

The Cybersecurity skills shortage – is Collaboration the answer?

WannaCry, Petya….we can’t seem to go a month without news of another aggressive cyberattack crippling organisations & governments all over the world.

US Intelligence agencies have now confirmed that Russia, under the explicit direction of Putin, was involved in penetrating US electoral systems to sway political voting in favour of Donald Trump. It’s frightening to think just how much control cybercriminals can have over entire nations, let alone people just like you and me.

These incidents impact all of us, whether it’s hacking elections or extorting money from innocent individuals & companies. According to PwC, cyberattacks now cost an average of £2.6 million globally, more than twice as much as last year & 8 out of 10 companies have suffered some form of loss of service because of them.

As the world becomes increasingly digital, our risk increases. IT risk is now the new warfare; there’s no blood, no guts but plenty of glory for the cybercriminals who hold countries, organisations & individuals at ransom. Gone are the days when robbing a bank meant a masked intruder holding up a gun to a bank teller & walking away with £1000. These criminals can walk away with £1 million without leaving the comfort of their front room.

It’s no surprise then, that the annual global spend on Cybersecurity exceeds $1bn. Security spending is generally split between hardware, software, services (outsourcing & consultancy) & personnel, with the largest chunk going towards tools & software. It’s safe to say that if there were more skilled people in this sector, spending on personnel would likely be increased but the global skills shortage in cybersecurity is a threat in itself.

Cisco estimates that there are 1 million unfilled Cybersecurity jobs & in 18 months, that number is likely to increase to 1.5 million. All over the world, the demand for cybersecurity talent outstrips the talent available. In the UK, more than 50% of jobs go unfilled because of lack of talent.

So would pooling the world’s cybersecurity resources help stand up to the threats we as individuals, corporations & nations face from cybercriminals?

Sure, if we partner with the right people, in the right way.

Fortunately, Trump is now back-tracking on the proposal to set up a US-Russian joint combat force against cybercriminals so we can all sleep a little easier at night. If that ‘partnership’ were to go ahead, it would be akin to handing over the keys to your home to an armed burglar. And why not just throw in a welcome pack that includes a map highlighting where all your valuables are exactly?!

The huge risk with the US collaborating with Russia on cybersecurity initiatives is that they don’t even agree on what security means. Not only is Russia currently harbouring the most notorious cybercriminal in the world, who happens to be the FBI’s most wanted cybercriminal, the Russian government is relying on him to provide intel about vulnerabilities of his victims from his successful cyberattacks. The 2 countries are working entirely at cross purposes so it just can’t work.

However, collaboration with countries who have a shared interest in protecting our online interactions is surely the way to go; “more hands make light work” as they say.

The UK & US (like most countries) are experiencing a talent shortage in the cybersecurity sector. Both countries have a long-standing relationship of working together to achieve an end goal. I was recently discussing an innovative accelerator programme to help UK cyber start-ups to effectively operate in the US market. That means, the US benefits from cyber skills from across the pond, thus keeping the US cyber infrastructure & therefore citizens & companies more secure by sharing skills & expertise that are in short supply in both countries.

Similarly, there is an agreement in place across European energy providers to operate within an agreed set of regulations as it relates to cybersecurity, thus keeping each other safe.

Historically, companies have been reluctant to share news of breaches with competitors, for fear of being exposed as ill prepared in the face of a cyberattack. However, increasingly, CISOs are forming groups where they work together to ensure that other organisations within their industry are aware of what’s around the corner. It’s like an industry-wide ‘neighbourhood watch’ programme; you’re just informing your neighbours of potential risks so they can protect themselves.

So yes, collaboration and joining forces can certainly help make the online world more secure. It doesn’t negate the fact that more investment needs to be made to increase the level of cybersecurity expertise in most countries around the world but it does mean that we are all working together to protect each other. However, this comes with a word of caution – be careful who you ask for help. Are they really helping or are they fooling you into giving up your most protected assets & secrets, only for their own gain?

14 Jul