+
EDITOR’S QUESTION
JAMES LYNE, HEAD OF R&D
AT SANS INSTITUTE
A
s our lives become increasingly
digital, we are exposing our critical
infrastructure, commercial systems,
citizen data and sensitive IP to ever greater
risk of attack from cybercriminals, hacktivists
and nation state operatives. Indeed, we
have already seen the impact of attacks like
Shamoon, which penetrated state-owned
energy enterprises in Saudi Arabia, while
other attacks have targeted healthcare and
other public sector institutions in the region.
The region has high adoption of
industrial control systems (ICS) and new
automation projects like Smart Cities. These
advancements afford great opportunities, but
also make the region a more attractive target.
Attackers have visibly been accelerating their
agenda of pursuing ICS targets, for example
the Triton/TriSYS attacks on safety systems,
and ICS therefore needs to be a particular
focus for skills development in the region. It is
therefore absolutely vital that cybersecurity
should be a key consideration for every
organisation, and this includes ensuring there
is a pipeline of skilled industry professionals
who can help protect the region’s critical
systems, enterprises and citizens.
At the moment, this is a major problem:
not just in the Middle East but worldwide,
the cybersecurity sector is suffering a global
skills shortage which is rapidly turning into
a crisis. According to reports, the worldwide
workforce is heading for a shortfall of 1.8m
cybersecurity workers by 2022 and the
industry is not attracting enough newcomers
to fill the gap. And in the Middle East,
organisations typically have smaller IT
teams than their Western counterparts and
therefore have little time to keep on top of
new threats and technologies.
Fortunately, there are answers. Long
term, the solution has to lie with teaching
appropriate digital skills in schools and in
investing in retraining programmes to access
www.intelligentcio.com
a previously untapped pool of talented
individuals. SANS has worked with a number
of governments to deliver programmes to
educate school-age students in cybersecurity
skills and is currently working with the UK
Government on Cyber Discovery, a schools
programme to increase awareness and skills
in cybersecurity among 14 to 18-year-olds.
/////////////////
So many had not considered cybersecurity
as a career before but having started the
programme would now definitely consider
it. These kinds of initiatives have to be the
way forward. SANS has also run a series of
retraining academies both in the Middle
East and elsewhere, testing for those with
the greatest aptitude and then putting them
through an intensive cybersecurity training
programme. Once they have undergone the
retraining programme, students are then
helped to find new cybersecurity roles that
use their new skills. Experience has shown
us that it’s not all about having hard-core
technical skills: the ability to work in a
team and business skills are also extremely
important to a successful career in cyber.
“
IT IS THEREFORE
ABSOLUTELY
VITAL THAT
CYBERSECURITY
SHOULD BE A KEY
CONSIDERATION
FOR EVERY
ORGANISATION.
Cybersecurity training for IT staff
In the meantime, there are other tactics
companies can deploy. While the merits of
on-the-job experience cannot be overstated,
training can be the most efficient and
thorough way to rapidly ramp up technical
skills among existing IT staff. This is particularly
true when it comes to cybersecurity.
By undergoing training, not only do IT staff
become more efficient and have a better
understanding of the technologies they
work with – critical when defending against
cybercriminals – but they can also become
more knowledgeable in front of customers,
troubleshoot better and so on.
INTELLIGENTCIO
35