eSecurity: Why We Need New Defences and New Skills

March 19, 2019


President, Merrell Consulting Group, North America President of GTWN

For all the benefits of the fourth industrial revolution, the age of the Internet and big data, most of us are faced with an inability to adequately prevent eSecurity breaches that seem to occur on a daily basis, despite an ever-increasing spend on IT security.

Many within the tech sector from twenty years or so ago, will remember that over the years, IT security was relative child’s play. Most of the data (of which there was a fraction of what we have today) was largely contained within a small IT department and its infrastructure. Access to company data and applications was tightly controlled and occurred in a few well-known ways via terminals, desktops, laptops and consoles. Where data breaches occurred, it was usually seen as a bit of mischief by amateurs without any clear agenda beyond their 15 minutes of fame. In those days, many hackers were actually recruited by large tech companies and turned from “poachers” to “game keepers,” as the saying goes.

Today, one of the fastest growing job specializations in the ICT sector is e-security or cybersecurity expert. Governments and businesses around the world have woken up to security threats presented by the highly complex online environment we now face – with an ever changing and evolving mix of different fixed and mobile hardware, firmware, software, BYO devices and applications. And because businesses around the globe are transforming themselves digitally and putting more and more of their data online and in the cloud, corporate or even national boundaries no longer provide the protections they once did.

Hacking has now become a central skill for organized crime gangs in places as far apart as Nigeria, Malaysia and Belarus. The armies of hackers keep growing and are dispersed around the globe, and in many cases, they use the dark web to share data and ply their modern-day form of piracy. The motives of those who are fighting this cyberwar are also as diverse as their locations − from terrorism, to nationalism, to anarchy or just plain greed.

So how can we address this increasing risk, and turn it from threat to opportunity? How can we design new security systems that will adequately defend us against these data breaches? What are businesses proposing, and what should they do, to increase their e-security now and in the near future?

Some interesting insights into these questions was provided in the 2018 Thales Global Data Threat Report.1 According to the report, “data breaches have become the new reality… For the global survey conducted by 451 Research 1,200+ senior security executives were surveyed from across the globe and included respondents from key regional markets in the U.S., U.K., Germany, Japan, Sweden, the Netherlands, Korea and India. Key segments within those countries were also included in the survey, including federal government, retail, nance and healthcare.”

The key results of the survey are both astounding and sobering. According to the respondents, “67% of global enterprises have now been breached (73% in the US); 42% of enterprises breached this year have been breached in the past; and 79% increased IT spending, but the data breaches did not slow down in response”.

So clearly what we are doing is not working, or it may be having some slight impact, but not enough to keep pace with the growing threat. Consumers and businesses are no longer as accepting of data breaches as they perhaps were in the past, and the potential economic and social harm is growing. Governments are starting to give privacy regulators ever greater powers to intervene.

In response to community concern about the increasing risk to private data, data privacy regulations have either been introduced or are in planning in many countries, with the potential to substantially impact organizations of all types. Last year the most potent of these new privacy frameworks came into effect – the EU General Data Protection Regulation (GDPR). Although it applies only within the EU, it has in fact ushered in fundamental changes in the way organizations must deal with any data related to the European Union’s 500 million residents. The GDPR has required online actors to disclose how and why they keep personal data and track online behaviour. This has made the whole process more transparent to online users, but also in many ways, even more concerning. The pressure is mounting on all sides to find a new solution.

We need new skills to tackle these threats. Perhaps the key to tackling these ever- increasing cyberthreats is to realize that we are all ultimately responsible for our own online security. It is no longer just the task of the IT department, or businesses with whom we do online transactions, to secure our data and make sure we do not fall victim to online hacking or cybercrime. And this exposes all of us to the reality that we are not nearly as skilled in digital world survival as we should be. Only a relatively small percentage of children study IT in any depth, even fewer at tertiary level, and an even smaller percentage go on to make a career in IT. While the so-called ‘digital natives’ of the millennial and Gen Z demographics are rmly wedded to their mobile devices and online gaming consoles, far too few of them are choosing to study IT, digital media and above all digital security or to progress to a career in these areas. As a fast-moving sector that hinges on advancements in technology, the cyber security industry is facing a skills gap.

From a slow start a few years ago with voluntary and community organizations, digital skills education is now being adopted as a priority in many countries.

In the US, the National Initiative for Cybersecurity Careers and Studies offers more than 3,000 cybersecurity- related courses, both online and in person, from more than 125 providers around the US. These providers offer education and training courses for all people interested in advancing their cybersecurity knowledge and skills. It has a particular focus on career changers seeking to forge a new path as well as US service veterans retraining for the next phase of their lives. In addition, the Federal Government offers free online, on-demand cybersecurity training for government personnel and veterans. Topics include ethical hacking and surveillance, cyber risk management, as well as malware analysis and mitigation. Many cybersecurity initiatives in the US now focus on high schools, to identify and encourage those who have the ability to excel in cyber and to make a career in this rapidly growing eld. According to some analysts, there will be up to 3.5 million job openings in cyber-related roles by 2021, but women still make up only 20% of the cybersecurity workforce.

In order to address this gender gap, both in the US and elsewhere, a special focus is being placed on the low numbers of girls participating in computing skills classes, as they generally lag behind their male peers in this area. It was recently announced that the UK’s intelligence and security agency, the GCHQ has created a new competition for girls aged 12 – 13 in codebreaking, in a bid to create the next generation of female cybersecurity professionals. This initiative, CyberFirst Girls Competition, kicked off on January 21 this year and offers female students an opportunity to learn about cybersecurity and practice skills in a simulated real- world environment. It is great to see this initiative to inspire female students to join the cybersecurity workforce.

Given the vast number of data breaches reported by organizations around the globe in 2018, and the ongoing skills shortage, it is vital that government, industry, education and the media work together to make cyber security an exciting and inviting career choice for all.

Michele M. Merrell is a senior level technology and telecommunications executive with 30 years experience in organizations ranging from start-up to mature, private, public and pre-IPO. She is the President of Merrell Consulting Group, a global marketing consulting consortium. She is an experienced practitioner in marketing, branding, advertising, social media, digital marketing, internet development, product marketing, public relations, crisis communications, public affairs, corporate communications, investor relations, and corporate social responsibility. She has worked for companies such as Tyco International, Brightstar, CSPI Technology Solutions, Thales eSecurity, Bellsouth, U.S. Cellular and others.

Michele currently serves on the Board of Directors for three international corporations, including Cable Bahamas (BISX: CBL) , Aliv (Nassau, Bahamas) and Summit Broadband (Orlando, FL). She is the head of the Corporate Governance Committee for all three organizations, and also sits on the HR & Compensation Committee. She is on the international board of directors for the GTWN and is the North America President for the GTWN. In 2018, she was named to the board of the LeMieux Center for Public Policy. She is an elected of cial in her county of residence. Michele’s achievements have earned her dozens of awards and recognition over her career for her business and leadership acumen. In 2019, she will receive the “Women of Distinction Lifetime Achievement Award from Celebrating Women International. She received the Women of the Channel Power 100 Award by CRN Magazine. Michele was the recipient of the Florida Achievement Award from the Florida Commission on the Status of Women, part of the Of ce of the Attorney General, State of Florida. The South Florida Business Journal also named Michele as their “Business Woman of Influence” recipient. Michele was named by the Diversity Journal as the recipient of their “Woman Worth Watching” award. She has been a featured business executive in an edition of March Magazine, a women’s executive magazine. She speaks regularly both internationally and domestically on topics ranging from technology, entrepreneurship, marketing, business leadership, politics and women’s issues.