A survey by an information security company at the conference 44Con 2014 has found that three-quarters of the information security people in attendance believed that a lack of cyber security skills in the UK makes it a potential easy target for attackers. A similar number (74pc) thought that people’s lack of education when it comes to cyber security is the most serious threat facing businesses today. This presents a huge opportunity within industry and Government to improve cyber skills for all.
Martyn Ruks, Group Technical Director at MWR InfoSecurity, said: “What we have here is a case of not only a shortage in highly skilled professionals to combat cyber crime, but also a lack of general education amongst the public and employees that hackers can take advantage of to compromise our national security in Great Britain.
A cyber-skills shortage is something which MWR is keen to see change. “This information combined with the fact that three quarters of the industry think the UK is put in a vulnerable position because there aren’t enough skilled cyber professionals should be viewed as an opportunity for the UK government and industry to rise to the challenge,” added Ruks.
“While on first glance, the findings may appear bleak, the good news is that there is plenty that can be done both in the public and private sectors to cultivate talent within the industry. MWR itself strives to create engaging initiatives and challenges within industry such as HackFu which has evolved over the past seven years to encompass all of the key aspects we believe are essential in equipping the cyber security industry to address the cyber skills shortage.”
HackFU is a weekend event on a different theme every year, where a scenario is constructed which factors in people, organisations and motivations as well as current geo-political drivers and market forces. MWR select a diverse bunch of individuals from all over the World to compete, from InfoSec professionals to university graduates.
Through a back story and real characters that participants need to engage and interact with, they work, in teams, through varied activities and challenges – exploiting weaknesses in all manner of systems and technologies as well as investigating compromised networks, defending systems against attack and interacting with custom network protocols. By experiencing these factors first hand, participants discover why they are important for themselves which means they live through the learning process enabling them to teach others – not through words in a text book but through experience.
“We believe that if you want to protect something you need to know why someone would want to acquire or damage it and why,” said Ruks. “Only by understanding motivations and drivers can you begin to map out what the solutions need to look like which is why, in conjunction with professional training courses, University degrees, security conferences and Capture the Flag competitions, we need to equip people with the right approach and attitude for solving the difficult problems through real world simulated activities and challenges that events like HackFu offer.”
As well as corporate schemes to improve skills amongst professionals, Government initiatives, such as Get Safe Online promote individual responsibilities when it comes to online safety. “Each and every one of us has a big role to play when protecting ourselves, and the places we work, from online criminals,” said Tony Neate, CEO of Get Safe Online.
“We must not only take responsibility for our own online safety by following some basic rules, but avoid compromising the security of our employers who are facing more sophisticated threats than ever before. This means doing things like using strong passwords at all times, checking privacy settings on social media accounts, logging out of accounts when we have finished using them, and never opening or forwarding a suspicious looking email,” he continued.
James Moore, senior consultant for Phish’d by MWR, said: “One of the easiest and most prolific tactics modern hackers use is targeting individuals at organisations, building up social profiles on employees’ personal lives. Anything those organisations and government can do to help individuals become clued up on their own personal risks and best practice when it comes to cyber security will go a very long way towards keeping corporate data safe and reducing the hacker’s attack surface.”
October is Cyber Security Awareness month in the UK. For more about MWR visit: https://www.mwrinfosecurity.com/.
