Where Do We Start with Cybersecurity?By
Enterprise cybersecurity requires public buy-in, collaboration across sectors, and a much broader and earlier education and training effort.
Addressing the dire need for cybersecurity talent in the workforce isn’t an easy task. Private and government entities alike face a growing shortage of qualified cybersecurity professionals, and the increasing sophistication and pace of cyber threats won’t be solved by entry-level analysts. These advanced threats typically need to be handled by senior analysts, which most organizations have a limited number of. Solving the problems presented by advanced threats requires people with creative problem-solving skills and a rigorous background in computer science theories and methodologies.
Outside of hard technical requirements, cybersecurity also demands excellent soft skills, including communication skills, time management skills, and a dedicated work ethic. The task of securing enterprise systems requires a diversified security team capable of working well with each other and integrating into various external groups when necessary.
The solution to the ever-growing cyber threat begins with awareness. Patches or temporary solutions for threats are almost useless when cybersecurity professionals are unable to communicate problems that arise. There’s a troublesome disconnect between the public and what happens within the cybersecurity realm. The same element of awareness transfers to those who aren’t motivated by cyber or who know nothing at all about the subject area. Global cybersecurity won’t improve unless the public better understands issues related to digital privacy, security, and usage.
The public needs to be educated on the potential risks that arise from using digital devices and how they can protect themselves from immersive cyber threats. This includes the use of personal virtual private network (VPN) services, utilization of anonymous browsing, use of encryption, understanding the difference between http and https, and other common threats that the average user isn’t aware of.
Lack of cyber talent can begin to be remedied with the development of a curriculum that places an emphasis on information assurance. It’s a daunting task, but a passion for cybersecurity must be fostered and fueled at an early age. Cyber hygiene can be integrated into the existing K-12 curriculum. Today’s schoolchildren are part of a generation that doesn’t know life without digital devices or a digitally connected world.
Since its beginning in 2009, the educational program CyberPatriot has gained traction as a national effort to encourage young students to pursue careers in cyber. The latest season, CyberPatriot IX, drew in more than 4,000 teams from middle and high school divisions. Developing an effective cybersecurity program is challenging because the required skill set is constantly evolving. While the workforce has a vast shortage of cybersecurity professionals, the fundamentals required to protect digital systems could plausibly become certified as early as high school.
The largest barrier to a progressive cybersecurity industry is the lack of collaboration among individuals, companies, organizations, and governments of the world. At the end of the day, cybersecurity firms, just like any other rational business, seek profit. These companies won’t succeed if they disclose all cybersecurity innovations for the greater good.
Zero-day vulnerabilities, for example, will cripple organizations until patches are released. A zero-day vulnerability is an unforeseen or recently discovered hole in software. When leveraged in an attack, the hole would immediately stop operations. The only prevention against zero-day exploitation is for software developers to find and mitigate the vulnerabilities before malicious users have the opportunity to exploit a system. Software developers are only human, so mistakes happen. Given enough time and resources, every digital device could be hacked. The best cure for a zero day would be reporting the threat to software vendors as soon as possible.
The sooner a vendor is aware of a vulnerability, the faster it can develop and release the software patch to prevent the issue from propagating further. There are current efforts, such as US-CERT (United States Computer Emergency Readiness Team) and the CVE (Common Vulnerabilities and Exposure), which strive to be credible primary sources that raise awareness of known vulnerabilities prevalent in the cyber domain.
Many great minds rush in to understand and solve the issues at hand when new threats are reported to the cyber domain. Yet even with increased vigilance, fresh outbreaks of cyber events can have a global impact for days at a time. Some companies involved with cybersecurity have begun to form partnerships within the industry. These business partnerships often pool resources and intelligence to better counter threats and protect clients.
The whole cybersecurity community has begun shifting toward a more collaborative approach in research and defense, but even this will take several more years to mature into a sustainable asset. The formation of strategic partnerships across private and public sectors could also reveal previously undiscovered or seemingly unrelated cyber events within a bigger network. Similar to Interpol, the United Nations, or NATO, the sharing of cyber threat intelligence could cut down response times, expedite responses, and alleviate the surprise element of cyber outbreaks. While providing a credible and reliable source, the cybersecurity community can respond to digital threats.