NEW OPPORTUNITIES FOR BUSINESSES AND WORKERS AS CYBER SECURITY BECOMES SEXY
Experts say that as cyber security goes mainstream, opportunities will open up for businesses and industry professionals. Depictions of hackers and security experts in film, on television and in games is helping to raise awareness of the sector, its issues and related careers.
Many firms struggle to recruit security staff, but in the face of the cyber security skills shortage, IOActive CEO Jennifer Steffens says there are encouraging signs in terms of the amount of talent available and the depth of the skill sets candidates now offer.
This is partly down to the work of groups that engage with children and young people and teach them about their options in cyber security – something IOActive itself is involved in.
“Certainly we are big advocates for starting early,” Steffens says. “There are a number of organisations and groups starting to teach coding and security practices to children. The younger they start, the better they can be.”
Neil Haskins, IOActive’s general manager for the Middle East, says these organisations are doing a good job of building excitement around the cyber security industry.
“Everyone on our team is an advocate for the security industry,” he explains, adding that cyber security is becoming “sexy” thanks to its prominence on television and in film.
At the same time, Steffens says it is important to encourage girls and young women to take up careers in a field where currently only one in every ten workers is female.
“I think it is important to set up strong role models and highlight the success that women have had throughout the industry and their careers,” she says. “Diversity is critical… And it is the most challenging and rewarding industry there is.”
On small businesses looking to become more secure, Steffens says many simply need some pointers on where they should start with cyber security.
“I think it is really easy to get bogged down with too many products, vulnerabilities and distractions,” she says. “It is hard for people to get perspective on where to start.”
However, Steffens explains that there are opportunities for cyber security professionals as the media begins to report on more incidents and breaches, because this means boards and business leaders are “beginning to care” about security.
On the issue of where to start, she explains it is about “concerning yourself with the key items and services you are trying to protect” and “protecting the crown jewels”.
“At some point you are trying to raise the bar for the attacker,” she adds, “trying to make it harder, which reduces the number of people who can and will break in.”
When it comes to technology, the pair believe security should be built in from the start and act as an enabler of innovation, rather than an obstacle to it.
Despite the company’s previous run-ins with the Internet of Things (IoT) – it hit the headlines last year with a dramatic hack of a connected car, for example – Steffens says there are many devices out there that are “improving the quality of life”.
For this reason, she explains, security should “enable technology and not try to stand in the way of it”, although she believes it should be considered earlier on by manufacturers.
“It is critical to be thinking of these things before we roll out the new technology,” she says. “Security cannot be an afterthought when we come to these things,” Haskins agrees, especially when connceted devices are “becoming much more personal to people now”.
But Steffens says manufacturers are beginning to take this advice on board. “We are seeing an increasing number starting to care about security,” she says. “It’s a trend we hope continues.”
But ultimately, businesses react to what their customers buy, and more developers of connected devices will build in security by design if consumers demand it.
Haskins suggests that one day IoT-connected products may have security ratings in the same way appliances have efficiency ratings, but for now the challenge is to educate the public to a level where flawed products begin to affect firms’ bottom lines.
“Part of our job is to help raise that awareness,” he says. “But people are asking questions, and that is what we want. We want people to ask questions, and see the opportunities and the weaknesses. Unfortunately, we can only do so much and then we have to rely on consumers.”