JAMES LYNE , HEAD OF RESEARCH AND DEVELOPMENT AT SANS INSTITUTE
?
s our lives become
A increasingly digital , we are exposing our critical infrastructure , commercial systems , citizen data and sensitive IP to ever greater risk of attack from cybercriminals , hacktivists and nation state operatives . Indeed , we have already seen the impact of attacks like Shamoon , which penetrated stateowned energy enterprises in Saudi Arabia , while other attacks have targeted healthcare and other public sector institutions in the region .
The [ Middle East ] region has high adoption of industrial control systems ( ICS ) and new automation projects like Smart Cities . These advancements afford great opportunities but also make the region a more attractive target . Attackers have visibly been accelerating their agenda of pursuing ICS targets , for example the Triton / TriSYS attacks on safety systems and ICS therefore needs to be a particular focus for skills development in the region .
It is therefore absolutely vital that cybersecurity should be a key consideration for every organisation and this includes ensuring there is a pipeline of skilled industry professionals who can help protect the region ’ s critical systems , enterprises and citizens .
At the moment , this is a major problem – not just in the
Middle East but worldwide . The cybersecurity sector is suffering a global skills shortage which is rapidly turning into a crisis . According to reports , the worldwide workforce is heading for a shortfall of 1.8m cybersecurity workers by 2022 and the industry is not attracting enough newcomers to fill the gap . And in the Middle East , organisations typically have smaller IT teams than their Western counterparts and therefore have little time to keep on top of new threats and technologies .
Fortunately , there are answers . Long term , the solution has to lie with teaching appropriate digital skills in schools and in investing in retraining programmes to access a previously untapped pool of talented individuals . SANS has worked with a number of governments to deliver programmes to educate school-age students in cybersecurity skills and is currently working with the UK Government on Cyber Discovery , a schools programme to increase awareness and skills in cybersecurity among 14 to 18-year-olds . So many had not considered cybersecurity as a career before but having started the programme would now definitely consider it as a career . These kinds of initiatives have to be the way forward .
SANS has also run a series of retraining academies both in the Middle East and elsewhere – testing for those with the greatest aptitude and then putting them through an intensive cybersecurity editor ’ s question
training programme . Once they have undergone the retraining programme , students are then helped to find new cybersecurity roles that use their new skills . Experience has shown us that it ’ s not all about having hard-core technical skills . The ability to work in a team and business skills are also extremely important to a successful career in cyber .
Cybersecurity training for IT staff
In the meantime , there are other tactics companies can deploy . While the merits of on-the-job experience cannot be overstated , training can be the most efficient and thorough way to rapidly ramp up technical skills among existing IT staff . This is particularly true when it comes to cybersecurity .
By undergoing training , not only do IT staff become more efficient and have a better understanding of the technologies they work with – critical when defending against cybercriminals – but they can also become more knowledgeable in front of customers , troubleshoot better and so on .
Organisation-wide security awareness
While security is traditionally viewed as an ‘ IT responsibility ’, the human factor is one of the weakest links in the cybersecurity chain . If every employee is made aware of their impact on the organisation ’ s security , they are more likely to avoid the common pitfalls and consequently reduce the pressures on already strained cybersecurity teams – allowing them instead to focus on areas of cybersecurity that require true technical expertise and attention .
Security outsourcing
Finally , for smaller organisations that simply cannot afford to hire dedicated cybersecurity professionals , outsourcing options such as managed security services present a viable option . This allows IT teams to offload the responsibility of key security functions to experts who are highly trained and qualified and who can monitor the environment 24x7x365 . www . intelligentciso . com | Issue 04
29