Cyber space adds a new dimension to modern life. It’s a way of interacting for business, politics, education and pleasure. And it contributes to the economy in a large scale. While internet presents enormous commercial opportunities, it also presents certain risks. In 2007, the year when Twitter was founded, United States Company Emergency Readiness Team (US-CERT) received almost 12,000 cyber-crime reports. The number had more than doubled by 2009, according to new statistics from the Government Accountability Office, and it had quadrupled by 2012. In today’s corporate world, safeguarding business information and company reputation is an important part of business strategy. It has now become a daunting task further to the upsurge in the number of cyber-attacks. Cyber security skills are essential to any organization committed to addressing the rising cyber threat.
At the recently held Tata Interactive Learning Forum (TLF) USA 2013 in partnership with Cohen Group in Washington.D.C. the issues pertaining to ‘Closing the Cyber Security Skills Gap’ were addressed. The interactive session focused on the importance of improving cybersecurity skills training across federal, education and private sector workforce.
So is this highly publicized Cyber Security skills gap a real problem today? Yes it is! The World which was used to lock down terminals and thin clients have now become used to social media and other online platforms. From the perspective of a corporate citizen in an organization, the skills gap is described by the difference between the desired state and the current state. Potentially, more often it is the Corporate Citizen, who is not aware of how this skills gap has widened without being aware of what the implications are.
At the time when the IT Sector is on the upsurge, the gap is getting bigger and is increasingly becoming a matter of great worry. The concern lies in the way in which cyber security skills training has been conducted in the past.
Now, apart from ensuring that the processes are documented, providing guidance to resolve issues and providing metrics that exhibit things are safe, the one thing that compliance doesn’t do is making you secure. This is because many organizations comply due to a mandate. Organizations can be totally compliant with a number of standards and still be insecure. On the other hand the regulators, who provide an outdated solution for a 21st century problem will simply not be of any help. This will not improve security levels but may lower it by providing outdated regulations. Hence compliances or regulators are also not the best way to bridge or address this gap.
To place points about the lack of critical thinking as a skill is quite important when you are trying to bridge the skills gap. What happens if the issue is not raised is more important to address than just making them aware of the consequences. So it is really the learning gap that causing a problem in the industry. If there are ways and means to address this learning gap effectively for instance by building interesting ways of learning interventions, one can avoid bigger problems. Finding people with the right skill-set to secure cyber space is no mean feat. The challenge also lies in providing the right training and education. Creating awareness of the Cyber security skills gap and addressing it at the top of an organization, seems like an ideal place to start.
Watch out for the second part of the blog which would emphasize on addressing the cyber security skills gap.