The science of securing cyber skills

1 February 2018 Information Security, Training & Education

A recent scientific report found that our memories simultaneously generate two forms of personal experience. The hippocampus captures knowledge for the short term and the cortex banks it for the future. Businesses would do well to emulate such foresight and mental dexterity when it comes to bridging what is fast becoming a cavernous cybersecurity skills gap. As technology rapidly transforms the way we live and work, how do decision-makers secure the talent that will lay the foundations for the future?

Martin Walshaw, senior systems engineer at F5 Networks.
Martin Walshaw, senior systems engineer at F5 Networks.

The skills gap

We live in a security conscious, app-powered, multi-cloud world and the demand for expertise capable of deciphering advanced technology and adding strategic value is reaching fever pitch. Cisco estimates there are a million unfilled cybersecurity jobs worldwide and Symantec predicts that the figure will rise to 1.5 million by 2019. In fact, Facebook security head honcho, Alex Stamos, recently summarised the situation. “Things are getting worse”, he said, speaking at the 2017 Black Hat conference. “We do not have enough people and not the right people to make the difference.”

The digital world is dynamic and complex, leaving slow-moving businesses without integrated security solutions vulnerable and uncompetitive. The skill deficit is especially pronounced when cloud technology is involved, because speed to market, agility, and innovation are increasingly becoming business prerequisites. Those firms without the in-house resources to handle data and application migration are under intense pressure. The need to manage and migrate apps more efficiently, whether public or private, has gained unstoppable momentum. The drive to reduce operational costs and keep the business profitable is unavoidable.

According to F5’s State of Application Delivery (SoAD) Report, 34% of surveyed customers cited the ‘skills gap’ as a significant security challenge. A scarcity of cybersecurity experts clearly needs urgent attention and only a robust combination of investment, business resource, political will, and cultural change can shift the tide.

Shaping the future

Today’s youngsters are technologically immersed in an unprecedented way. Their lives are shaped by data both in the way they learn and play. To ensure they become responsible, vigilant cybercitizens, it is crucial to integrate smarter security disciplines into their school curriculum and home life from the outset, whether for personal protection or longer-term employment prospects.

Governments and academic institutions frequently tout the importance of STEM (science, technology, engineering, and mathematics) skills at school, but the acronym is arguably a letter shy. In today’s digital society, perhaps we should re-consider STEMS by adding ‘S for Security’ to the education agenda. By bringing the subject into the daily programme, students will understand the issues and quickly follow best practice to discern right from wrong. Tackling the problem early on also paves the way for improving the current problem of an insufficient number of security specialists graduating from university.

There is also significant potential to more actively encourage women to pursue cybersecurity as a career. According to the Global Information Security Workforce Study, only 7% currently do so, but there is a growing appetite to change this issue. The male dominated IT industry has a big responsibility here. As ever, sustainable success will be dependent on government and industry collaboration, as well as incentivisation schemes.

More than ever before, women have the opportunity to benefit from cybersecurity as a fulfilling, rewarding and valuable profession. The career possibilities are endless in a market that is fast-paced, dynamic and at the forefront of cutting-edge technology. The message given by a male dominated industry is currently murky and misdirected. We need to do more to secure talent effectively and from all areas of society.

It is also time to remove the public’s misconception that cybersecurity is a dark science conducted by boffins in white coats. Cybersecurity is, and always will be, an everyday part of our lives and not a function to just sit at the ‘digital-doorstep’ of corporate companies. Whether banking on-line, buying goods at a store or simply installing the latest IoT-enabled gadgets in our homes, security is also an individual responsibility to protect sensitive information.

Mind the data

Scientific discoveries about how our minds work bring fresh evidence for how we develop cognitive capabilities. Greater effort is required to improve cybersecurity awareness and nurturing knowledge from early learning techniques to a better understanding of cyber threats at work, and in the home.

Research by the Ponemon Institute found worrying levels of business readiness for cybersecurity threats and revealed that 42% of CISOs worldwide branded their staffing as inadequate. Interestingly, 50% consider computer learning and artificial intelligence important to address staffing shortages.

Now is the time to scale our skills and invest more in the next generation of industry experts, so we can all become more security-savvy cybercitizens.

New online cybersecurity training

Kaspersky Lab research shows that 44% of businesses in South Africa admit that they don’t know enough about the IT security threats targeting them, and it comes as no surprise that they are concerned about becoming cyberattack victims as a result.

To help IT teams tackle these challenges, Kaspersky Lab has launched Cybersecurity for IT Teams Online, its new interactive training course designed to help IT teams develop their basic information security skills. The skills teams acquire during the course will help enterprise support staff increase the quality of their cyber defences.

According to the Kaspersky Lab IT Security Economics Report, 53% of local companies are concerned about employees lacking cybersecurity awareness – something that can lead to cybersecurity incidents. One of the factors behind this disturbing statistic is the lack of basic skills in working with information security tools among IT support specialists. After all, they are the first to encounter requests from employees about problems potentially linked to cyber threats, whether it’s a suspicious email or the ‘Blue Screen of Death’. To help companies strengthen their first line of IT defence, Kaspersky Lab has introduced its first online training specifically aimed at IT administrators and support staff.

Cybersecurity for IT Teams Online is a modular training course with a unique interactive programme that allows IT specialists to gain practical skills in recognising possible attack scenarios, as well as master the mechanics of collecting preliminary data about incidents in order to send them to an information security service. Cybersecurity for IT Teams Online was created in SCORM 1.2, integrated into corporate learning management systems (LMS) with Internet browser access, and includes four thematic modules:

• Malicious software

• Potentially unwanted programs and files (PuPs)

• Investigation basics

• Phishing and open source intelligence

Each module includes a small theory block and 4-10 practical exercises. The new course will help IT specialists learn how to use IT security tools such as utilities for the detailed analysis of Process Hacker/Process Explorer in the system, tools for storing the hard disk image and obtaining a memory dump (e.g., FTK Imager), a framework for reconnaissance in open sources (e.g., Recon-ng) and many others. The approach recommended by Kaspersky Lab includes the training course lasting one year, with participants spending 45-60 minutes a week on the programme.

For more information, go to https://www.kaspersky.com/enterprise-security/security-awareness





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Deception technology crucial to unmasking data theft
Information Security Risk Management & Resilience
The ‘silent theft’ of data is an increasingly prevalent cyber threat to businesses, driving the ongoing leakage of personal information in the public domain through undetected attacks that cannot even be policed by data privacy legislation.

Read more...
Data security and privacy in global mobility
Risk Management & Resilience Information Security
Data security and privacy in today’s interconnected world is of paramount importance. In the realm of global mobility, where individuals and organisations traverse borders for various reasons, safeguarding sensitive information becomes an even more critical imperative.

Read more...
Sophos celebrates partners and cybersecurity innovation at annual conference
News & Events Information Security
[Sponsored] Sun City hosted Sophos' annual partner event this year, which took place from 12 to 14 March. Sophos’ South African cybersecurity distributors and resellers gathered for an engaging two-day conference.

Read more...
The CIPC hack has potentially serious consequences
Editor's Choice Information Security
A cyber breach at the South African Companies and Intellectual Property Commission (CIPC) has put millions of companies at risk. The organisation holds a vast database of registration details, including sensitive data like ID numbers, addresses, and contact information.

Read more...
Tips and tools for trade businesses
News & Events Training & Education
ServCraft brings together trade industry associations and corporations to launch blox, a digital content platform and community impacting lives, businesses and industries across hundreds of thousands of trade business SMEs.

Read more...
Navigating South Africa's cybersecurity regulations
Sophos Information Security Infrastructure
[Sponsored] Data privacy and compliance are not just buzzwords; they are essential components of a robust cybersecurity strategy that cannot be ignored. Understanding and adhering to local data protection laws and regulations becomes paramount.

Read more...
AI augmentation in security software and the resistance to IT
Security Services & Risk Management Information Security
The integration of AI technology into security software has been met with resistance. In this, the first in a series of two articles, Paul Meyer explores the challenges and obstacles that must be overcome to empower AI-enabled, human-centric decision-making.

Read more...
Milestone Systems joins CVE programme
Milestone Systems News & Events Information Security
Milestone Systems has partnered with the Common Vulnerability and Exposures (CVE) Programme as a CVE Numbering Authority (CNA), to assist the programme to find, describe, and catalogue known cybersecurity issues.

Read more...
Access & identity expectations for 2024
Technews Publishing IDEMIA ZKTeco Gallagher Salto Systems Africa Regal Distributors SA Reditron Editor's Choice Access Control & Identity Management Information Security AI & Data Analytics
What does 2024 have in store for the access and identity industry? SMART Security Solutions asked several industry players for their brief thoughts on what they expect this year.

Read more...
Prepare for cyber-physical attacks
Gallagher Information Security Access Control & Identity Management
As the security landscape continues to evolve, organisations must fortify their security solutions to embrace the changing needs of the security and technology industries. Nowhere is this more present than with regard to cybersecurity.

Read more...