Training

You can teach an old dog new tricks

by Mark Rowe

The year 2014 transformed cyber skilling policy, but 2015 must transform the culture, writes Andy Settle, chief cyber security consultant, at Thales UK.

The year 2014 transformed the nation’s approach to cyber skills. After a long period of under-investment, the last few years have seen significant progress, and Britain finally seems to be turning a corner and understanding the essential role that the cyber industry must play in the future of the British economy. Teaching children to code has been a pivotal element of Britain’s long term plan to end the cyber skills gap. This has been reinforced as one of the three themes at the first D5 Summit in December 2014, where South Korea, Estonia, New Zealand, Israel and the UK all signed the D5 Charter which commits each country to working towards specific principles of digital development.

In British schools since September children have found three new additions to the national curriculum, as computer science, digital skills and IT join the traditional subjects of maths, English and science. Formerly the ICT curriculum, the re-named Computing Curriculum ensures that children as young as five will begin to learn the fundamental principles of computer science. This includes skills such as programming, coding and writing algorithms.

This is all part of a much wider initiative to overhaul the nation’s approach to cyber skills. GCHQ’s recently launched ‘Cryptoy’, an app aimed at teaching kids about encryption, whilst the Cabinet Office’s Cyber Security Challenge continues to encourage interest in cyber security careers. STEMNET’s 27,000 volunteer STEM Ambassadors are raising awareness of STEM (science, technology engineering and maths) careers in UK schools. Heritage sites such as Bletchley Park have also demonstrated the valuable role they can play in engaging young people. With the greater priority given on computing skills, the government has made massive steps in equipping young people with this essential skill set.

However, in an era when cyber threats evolve at such a rapid rate, the curriculum cannot be left to stagnate nor be complacent in leaving children with just the basics. David Emm, a senior security researcher at Kaspersky Lab, astutely noted that in the ever-changing cyber climate IT and cyber skills ought to be compulsory up to the age of 16 like Maths and English.

Right skills

Whilst the future looks bright for the new generation, Britain is still struggling to plug the current skills shortage. Whilst some InfoSec companies are struggling with immigration laws to hire foreign workers with the right skills sets, others are turning to harnessing the skills of ex-hackers. But what of our IT and computer science graduates?

Research by the Higher Education Careers Services Unit’s (HECSU) in September found the number of unemployed IT and computing graduates six months after graduating had dropped from 14.8% in 2013 to 13% this year, but still remains staggeringly higher than the average at 7.3%. Unemployment levels have little to do with a shortage of cyber security jobs. Graduates simply are not being provided with the right skills for these jobs.

The lack of adequate vocational-based education plays exacerbates this problem. Whilst we’re seeing more apprenticeships in this sector than ever before, employers and universities still need to create more links to provide graduates with a more comprehensive education, combining studies with practical, hands-on experience.

The European Commission recently forecast that the UK will need 750,000 more cyber security specialists by 2017. With our knowledge and expertise, the UK has every opportunity to become a leading cyber skills exporter. That said, we are not as advanced as we could be. Past failings of the previous IT and security curriculum puts us between 6-8 years behind countries like the USA. It is a shame these recent changes were not done earlier.

To get our house in order, we must continually invest in training in cyber security awareness and creating more jobs in this area. Careers in cyber security must be shown to be more appealing, and positioned as at the cutting edge of IT. Good changes have been made and a cultural change is underway– but it won’t happen overnight.

Whilst curriculum changes and educational programmes, like STEMNET and The Cyber Security Challenge, provide brilliant opportunities to engage the young generation, they offer less opportunities for current employees. The lack of foresight of the benefits of computing initiations means that organisations are now facing a shortage of cyber expertise, and even of general cyber awareness. This remains one of the biggest challenges that organisation face for preventing and dealing with cyber threats.

Organisations should seek to embed a ‘cyber-savvy’ culture among their employees – rather than approaching it as a bolt on. HR departments could be key to helping IT departments provide continuous and obligatory training in cyber best practices to employees of all levels. Many employees are trained in health and safety- so why not in cyber?

Each department needs to understand the particular threats that they face, for instance HR and procurement professionals in particular need support in phishing scams and best practices for opening unsafe attachments. This is because they have to open lots of emails from unknown sources (product specifications, CVs, etc.) and so are often the easiest route in for cyber criminals.

It may be more than a decade before we see the true value of all the current efforts to improve Britain’s cyber skills. But we have shown that we can bring about cultural change and better understanding through business and government initiatives. In 2015 we need to build on this foundation and create a culture in which people from all walks of life are engaged in computing and understand the best ways to protect themselves and their organisations online. Culture change is now essential to help our efforts and improve our chances of surviving in this rapidly evolving threat landscape.

Related News

  • Training

    Chartered Standards

    by Mark Rowe

    Cybersecurity professionals will need to jump through new hoops to get ahead, says Jamal Elmellas, Chief Operating Officer for Focus-on-Security. Certification has…

  • Training

    Health and Safety North

    by Mark Rowe

    You can hear about the new-look NEBOSH qualification, at the Health and Safety North exhibition this month. One of the most popular…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing