Cybercrime costs the UK several billion pounds per year. Indeed, a recent government report showed that 46% of all businesses identified at least one cyber attack in the last year, with 74% of directors regarding cyber security as a high priority issue for them.
Despite this level of priority, organizations struggle to attract the talent they need to keep up with the constant arms race they face with hackers and other cyber criminals. The Czech Republic may not be the first place you think of when it comes to finding these skills.
After all, a recent report from the OECD highlighted the relatively low levels of digital sophistication in the country, whilst a McKinsey report highlights the challenges this represents for the country, with productivity at 60% of the levels of peers in western Europe.
Despite this, the country is nonetheless at the forefront of the cybersecurity industry, with a Czech team victorious in a global cybersecurity war game challenge hosted at NATO’s Cooperative Cyber Defense Centre of Excellence (CCD CoE) in Tallinn, Estonia last year.
The victorious Czech team pipped an Estonian team into second place, with the organizers highlighting the good tactics and stable performance across all of the scoring categories of the Czech team, but especially in terms of their strategy.
“The exercise was particularly challenging for all participants this year due to the increased scope and size of specialised systems involved. The teams had to protect large scale SCADA system controlling the power grid, military AirC2 system, military surveillance drone and Ground Station controlling the drone and Programmable Logic Controllers (PLCs) under intense pressure,” the organizers said. “In the end all the teams have gained a valuable training experience, which is the ultimate goal of this defensive exercise.”
Building a cyber workforce
With world leading companies such as Avast based out of the country, it’s a sector where they are clearly punching above their weight. The school system is one of the core reasons for that, with high quality engineers regularly churned off of the production line.
“The schools are just fantastic at training engineers and developing the skills you need for cybersecurity, and so we’ve been moving a lot of our technical jobs back to the Czech Republic,” Vince Steckler, CEO of Czech cybersecurity firm Avast, told me recently.
Indeed, central and eastern Europe produced over 230,000 graduates in STEM topics in 2016, which is more than any of the traditional EU Big Five markets (Britain, France, Germany, Italy and Spain). The region also scores highly in math and science literacy scores in the PISA rankings.
Not only are the schools producing good talent, but there is a strong culture of hacking in the country that helps to produce a large pool of self-taught coders that have been playing around with computers since they were in nappies.
The company, which recently enjoyed a successful $4.5 billion IPO on the London Stock Exchange, strongly believe that their consumer product is a match for enterprise security systems, with high levels of sophistication built upon machine learning technologies.
The cloud-based system combines AI and machine learning to detect threats and develop solutions. With several hundred million users providing a constant stream of threat-related data, the system is able to rapidly funnel anything remotely suspicious into the network for further analysis, after which solutions are rapidly farmed out to users.
Overcoming the skills gap
Whilst Avast has been able to tap into a deep pool of talent, this is certainly not the case for all organizations. Indeed, it’s estimated that there will be a shortfall of some 3.5 million cybersecurity professionals by 2021, with some 75% of those who apply today insufficiently qualified to do the job.
These skills include not only the obvious technical capabilities, but also softer skills such as communication, the ability to work well in teams, and characteristics such as empathy and integrity. For instance, threat detection is but one part of the job, with cybersecurity professionals also having to communicate with non-technical colleagues, whilst at the same time understanding the business sufficiently to push the case for cybersecurity.
Whilst many companies are investing heavily in training to ensure the talent pipeline doesn’t run dry there are also projects to utilize artificial intelligence to lower the skills requirements of cybersecurity roles.
That’s the route taken by Texas A&M University, who are pairing security novices with sophisticated AI software in a bid to ward off threats in their Security Operations Center. The college reveal that they receive around a million hacking attempts every month, but the fact that most of their security team are students is perhaps more of a surprise.
The security team, which consists of ten students working alongside sophisticated AI software, aims to detect, monitor and remediate any threats to the system. Perhaps unsurprisingly, it’s a setup that means the university have had no issues filling the roles, but is it effective?
The university seem happy enough. They reveal that the AI software they use is very much in the ‘augmented intelligence’ vein, with the technology detecting anomalies and providing the students with a degree of context, but leaving the actual decision making to humans. It might eventually reach a point where it can offer a more predictive service to provide earlier threat detection, but the human will always remain in control.
A blended approach
As with so much in life, the reality is likely to require improvements from both ends, with a greater investment in skills development met by enhanced AI-driven capabilities to support professionals, especially in areas such as threat detection.
The very nature of the industry however means that companies and organizations simply cannot stand still, as hackers are constantly looking for vulnerabilities they can exploit.
“Around 54% of our staff are in the R&D team, and that is to stay ahead of the competition and meet our customer’s needs, while also staying ahead of the bad guys,” Steckler says.
In many industries, innovation doesn’t really occur until the platform is burning, but in cybersecurity, it’s an almost constantly burning platform. While it undoubtedly faces a great many challenges to keep digital systems secure, ensuring the industry has the skills required to thrive is arguably at the top of the list.
Whether it’s securing the plethora of connected devices, tackling fake news or keeping health data secure, there are no shortage of challenges for the cyber workforce to get their teeth into. If nothing else, as security risks become greater, it will propel it to the top of more and more service provider’s agendas, and help to ensure that security is at the very core of what they do.
It’s also increasingly at the top of the agenda for small businesses, with recent data from Lloyds bank revealing that cyber security is now the most sought after skill among small businesses, with over a quarter not really understanding what cyber security really is. These companies, who openly admit to having poor digital capabilities have requested help and advice to help them block any threats to their business. Whether it’s working in-house or for cyber secrity firms therefore, it seems certain that security skills are going to be in high demand for some time to come.