I remember my Grandfather telling me that during times of conflict, and he was referring to the Second World War, that there were jobs for everyone.
This was being said against the backdrop of unemployment figures in the early 1980s that topped 3 million. He was convinced, rightly or wrongly, that if we were plunged into some sort of war then all that spare human capital, as it’s called nowadays, would be utilised.
As a wide eyed optimistic teenager at that time I dismissed his comments as I was sure they that could be proved, or disproved in equal measure. These comments resonated with me as a couple of stories hit my inbox this week referring to the ongoing skills shortage within the cyber security industry, an industry that has many of its foundations built on conflict, or at the very least, the threat of conflict.
CSO online stated that there will be over a million cyber security job openings in 2017 and that even though there is a new wave of cyber security graduates coming through the educational system, that will only put a small dent in pile of vacancies.
But why the sudden and desperate need for such skills? And how come the mature workforce with IT has been caught unawares? The website Information Age takes a stab at answering this question with a simple assumption that “the scale of the cyber security skills shortage reflects the attacks businesses face” They point out that businesses are facing up to the fact that with the new legislation coming into place, the General Data Protection Register (GDPR) that fines for businesses who lose data are going to go through the roof. They stated that under the GDPR, Tesco Bank would face a fine of up to £1.9 billion for its recent breach of security. Today, the maximum fine the Information Commissioner’s Office can impose is £500,000.
As the GDPR legislation comes into force in a little over 16 months from now, I predict that this skills shortage will increase as more and more businesses of all sizes become aware that they need to access skills to reduce their vulnerability to attack and their exposure to these potential eye watering fines.
The threat from cyber attacks and cyber criminals is an ever-moving target, with ‘threat vectors’ as they are called changing and adapting all the time. During 2016 ransomeware seemed to be the weapon of choice for extracting money out of unsuspecting organisations, however many did invest in anti-malware solutions. The cyber criminals however have responded to this and are actually cold calling a traditional soft target, schools in an attempt get them to believe that ransomware attachments sent via email are important official documents.
This development was reported by Action Fraud, the National Fraud and Cyber Crime Reporting Centre, who explained that the criminals are initially cold calling education establishments claiming to be from the “Department of Education”. They then ask to be given the personal email and/or phone number of the head teacher/financial administrator.
The fraudsters claim that they need to send guidance forms to the head teacher (these so far have varied from exam guidance to mental health assessments) and these emails will include an attachment – a .zip file (potentially masked as an Excel or Word document). This attachment will contain ransomware, that once downloaded will encrypt files and demand money (up to £8,000) to recover the files.
This is a blending of ransomeware and social engineering techniques in order to fraudulently obtain funds. I fear for such organisations who will in the foreseeable future not be able to access the necessary and increasingly in demand skills to ensure they don’t fall victim to such crimes.
Not strictly a cyber story but one piece of information that I also read this week, is that according to the Office For National Statistics there were 1.62 million unemployed people (people not in work but seeking and available to work) in October 2016 in the UK. There is, as I’ve said, one million vacancies in cyber security and it could be easily argued that we are collectively being plunged into conflict. I wonder what conclusion my Grandfather would come to about all of that.
For links to all these stories and more, or to contribute with some comments join us by searching for the National Cyber Skills Centre on our social channels of FaceBook, LinkedIn and Twitter, or just click the relevant links from our website.