Cybersecurity bounces in and out of the media spotlight, but the issue captured national attention in December when headlines screamed “LifeLabs pays ransom after cyberattack exposes information of 15M customers,” “Why the LifeLabs hack likely is worse than most,” and “Security experts say health care industry is prized target for cyber criminals.”
Wired magazine, which has a portion of its website dedicated to covering the latest hacks, noted that 2019 brought a cascade of data breaches, supply chain manipulations, and state-backed hacking campaigns.
“But the hallmark of 2019 perhaps,” according to Wired, “is feeling like the worst is yet to come.”
A recent cybercrime study by multinational professional services company Accenture found that cybercrime is set to cost businesses $5.2 trillion in potential revenue opportunities worldwide, but the bigger story is that the digital talent needed to stem this rising tide of cybercrime isn’t forthcoming.
Today’s cybercrime perps aren’t just young pranksters testing their hacking skills. The ability to monetize theft of data on the dark net through anonymous cryptocurrency transactions is fueling criminal activity.
Some experts maintain that cybercrime has gone “corporate,” with dark-net sites using the same peer-ranking systems as eBay to ramp up business—except the products here are stolen data, drugs, guns, extortion, hire-a-hack services and other nefarious goods and activities.
“Today, many companies are woefully unprepared to fend off a cyberattack,” says Rob Davidson, ICTC’s Manager, Data Analysis and Research.
The Information and Communications Technology Council (ICTC) estimates that by 2023, Canada will see a demand for approximately 40,000 to 53,000 cybersecurity professionals and a total of over 100,000 cybersecurity-related jobs created across the Canadian economy.
Globally, another four million people are needed to fill current and future security jobs, according to (ISC)², an international, non-profit association of 140,000 information security professionals.
An ISC² Cybersecurity Workforce Study recently found that 65% of the organizations it surveyed don’t have enough people working in security and a third of those surveyed cited the lack of skilled and experienced security staff as one of their biggest employment worries.
Beyond the “culture of no”
In an article posted on ZDnet, freelance tech journalist Mary Branscombe argues that businesses need to think about security differently to attract the talent to effectively tackle cybercrime.
Part of the problem she identifies is how people get into the field. ISC2 found that only 42% of cybersecurity professionals actually started out in the field. The majority stumbled into cybersecurity. In fact, there are few university degrees in cybersecurity or high-level recognizable accreditation.
Currently, cybersecurity isn’t mainstream, accessible or transparent. To many people, it’s unclear what security professionals do all day because of the wide variety of roles in security, from managing policy compliance to doing packet analysis.
Branscombe also notes that cybersecurity traditionally fosters a “culture of no,” rather than a “culture of go.” Today, however, IT teams need to work closely with business teams. Cybersecurity is shifting gears from putting the brakes on business operations to enabling, supporting and accelerating business. And this puts a premium on not just technical skills, but business skills such as collaboration, communications, and teamwork.
Cybersecurity comes of age
Security leaders today need to interpret data and tell a story that is meaningful to the CFO, the CEO, and to the board of directors. This broader vision of cybersecurity and its importance to business makes it a much more interesting profession that appeals to a wider range of students.
Many students still choose what to do for a living in the first year of university, but this may be too late if industry wants to attract the right people—and in sufficient quantity. As cybersecurity emerges from the tech backroom to take its place among critical business processes, this vision of cybersecurity needs to be well articulated to students.
ICTC’s Davidson suggests that awareness of cybersecurity should be integrated into the K-12 curriculum so that interested students can focus on building the necessary skills and knowledge.
“Creating this kind of visibility for cybersecurity is part of the journey to fulling the demand. The other part is for academic institutions to pick up on this market need and develop the kind of educational programs that can lead people directly into the field,” Davidson says.
Traditional post-secondary education institutions can sometimes find themselves out of step with business needs because of the rapid development of information and communications technology, but private enterprise bootcamps and nimble programs, such as those developed by ICTC, have stepped into the fray.
ICTC’s Canadian Youth Cyber Education Initiative, CyberTitan, was developed in 2016 in partnership with ICTC’s National Cyber Security Leadership Council on Youth and Education to help students ages 13-18 understand the various roles in the digital economy and, specifically, some of the requirements of pursuing a cybersecurity career.
CyberTitan operates in affiliation with the U.S. Air Force Association’s CyberPatriot Program (presented by the Northrop Grumman Foundation) and is helping to grow the next generation of cybersecurity professionals by harnessing the spirit of competition.
Teams of two to six students work together over the course of five months, learning practical IT and cybersecurity skills while fending off monthly cyber skill tests. Through each round of competition, successful teams earn points to advance to the next round while learning the art of collaboration, communication and teamwork. The competition culminates in the National CyberTitan Finals, held each May in Ottawa.
“Over the past three years, more than 9,000 Canadian students from British Columbia to Newfoundland have participated in sessions where they have battled to protect virtual systems from cyberattacks through our CyberDays and CyberTitan competition,” says Hayley Heaslip, ICTC’s Communications and Events Coordinator and the lead on these cybersecurity programs.
CyberDays, which Heaslip references above, is also an ICTC program offered through ICTC’s Digital Dash 2.0 Initiative. Its aim is to equip K-12 students with digital skills and a pathway to digital careers. Both CyberTitan and CyberDays have met with enthusiastic student participation.
“Every classroom I’ve stepped foot in, virtually or in person, I have met students who are hungry for knowledge that will help them make a difference in the world,” Heaslip says.
That enthusiasm will hopefully bode well for the rise of a new generation of cybersecurity professionals in Canada.
Paul Stastny is a Communications Officer with the Information and Communications Technology Council (ICTC). He draws on two decades of award-winning journalism expertise, including 11 years as staff writer for Oilweek, where he wrote about technology, the environment and Aboriginal issues. Paul has also published hundreds of freelance articles across a wide range of media, from Globe and Mail to Stitches: Journal of Medical Humour. Paul’s interests are increasingly focussed on how emerging technologies affect the economy and culture.