News / Why is cyber security so hard?
As we have noted before in our blogs, the cyber security skills shortage remains an enduring problem despite efforts by government and academia to address the issue with extra money and university training.
If anything, the gap between supply and demand is widening further just as threat levels increase and compliance becomes more pressing for all organisations. The ransomware attacks in the last week showed how vulnerable organisations are to sustained cyber attacks.
A report this week suggested that recruitment policies for cyber security roles may need to change in future. Aptitude and creative thinking should be taken into account as well as traditional technical qualifications.
IBM is quoted as saying that one way to fill new cyber security positions is to embrace the so-called “new collar” movement. This emphasises on the job training over traditional qualifications which, in other words, means find bright young things and train them alongside your experienced folk. Successful applicants require a good brain and the ability to ask searching questions.
This in turn can be supplemented by automating or outsourcing certain security functions allowing human talent to focus on more complex issues such as compliance and risk management, which need the kind of analytical skills that people remain best at providing.
This is not to say that traditional cyber security qualifications are no longer of use – they certainly are – but we need to mix things up a little in the way that we approach the ongoing security of our data and networks.
It’s not just IBM and Reliance acsn who believe that effective cyber security is about much more than simple technology choices.
The brains at Harvard University have published several papers, in which they try to answer the question of why cyber security is so hard and come to the same conclusion: “Cybersecurity is more than just a technical problem, incorporating aspects of economics, human psychology, and other disciplines” it writes in an edition of the Harvard Business Review.
It also reminds us that the shift to a business world built around the internet has happened so rapidly that it is not surprising that we have not yet created any permanent means to secure it. We were too busy taking advantage of its openness to create a new digital world of opportunity.
We should not give up hope however. Cyber criminals may seemingly have the upper hand in this very early part of the connected era, but that does not mean we have no chance of permanently securing our businesses and organizations in future years against cyber threats.
Even now, while the level of attacks is at an all time high, the sophistication of many remains ow. The ransomware attack of the last two weeks relied on system vulnerability rather than advanced capability to penetrate defences.
The future of permanent cyber security will come through a combination of better job training, intelligently managed security services and enhanced security technologies.