What can we do about the critical cybersecurity skills shortage?

Tech-savvy youth could plug a widening skills gap as employers seek to combat the growing threat of cybercrime and avert mass disruption to public and private lives. But the industry is failing to provide a clear path for young people to find work, hone their skills, and serve society. Instead, they are being tempted to exacerbate cybercrime, rather than prevent it.

In a wide-ranging new survey of 12,000 consumers and IT professionals from across the US and Europe, Kaspersky Lab found under-25s, highly skilled and highly impressionable, are already inured to the shock of large-scale cyber hacks. Their concern only marginally outruns their curiosity, and even regard, for these types of crimes. In fact, 57% of under-25s consider hacking to be an ‘impressive’ skill and only 35% of all respondents feel uncomfortable about people who have the skills to hack. Many are already adept at blurring the lines, with a third of under 25s (31%) able to hide their IP address, for example.

And while one in four (27%) have considered a career in cybersecurity, with many (47%) regarding it as a good use of their talent, many others admit an inclination to engage in more questionable activity. Only half (50%) of under-25s would actually join the fight against cybercrime; a significant number would use their skills for fun (17%), secretive activities (16%), and financial gain (11%) instead.

“Industry and education must do more to recruit the younger generation of cyber professionals and the warning signs are clear. The frequency and profile of teenage cyberattacks is growing with each generation’s competency, as well as with the ready availability of ‘malware as a service’,” said Eugene Kaspersky, Chairman and CEO of Kaspersky Lab.

Whether masterminds of these exploits or foot soldiers in the pay of criminal gangs, teenager hackers have been linked with a myriad of high profile cybercrimes in recent years – including attacks on US entertainment firm Sony, US retailer Target, UK parenting site Mumsnet, and UK broadband provider TalkTalk. Even agencies tasked with stopping them have come under fire, with both the CIA and the Serious Organized Crime Agency (SOCA) targeted by teenage hackers in the UK in 2012.

Kirill Slavin, General Manager, UK and Ireland at Kaspersky Lab says: “Organised cybercrime is no longer just a boardroom headache; it’s increasingly a very personal one, which threatens to disrupt, and potentially embarrass, private individuals in their homes. As recent attacks on Sony Entertainment and Ashley Madison highlight, where very private data was made public, cybercrime threatens to tear at the heart of both public and private life if it is not addressed. Yet, our research demonstrates three things: (i) a desperate skills shortage in information security, (ii) the ability of young people to step into the breach, and (iii) a failure of industry to let those young people take those first steps.”

Today’s young IT enthusiasts could hold the key to plugging the widening cyber skills gap, but they need to be encouraged to use their skills in the fight against cybercrime. Frost and Sullivan’s latest Global Workforce Survey predicts a shortage of 1.5 million information security professionals by 2020, on current trends. The survey reveals 93% recognize the profession needs to evolve with the landscape and 87% believe that it is important that young people join the cybersecurity war.

As it stands, employers are failing to channel young people’s interests and talent in the field. Many do not have any entry-level cybersecurity roles; most promote from within (72%), providing internal training as necessary, and recruit externally (53%) for seasoned security professionals.

According to the IT industry, the education system has a key part to play in encouraging young talent into the profession and equipping it with the necessary skill levels, with 62% of IT professionals claiming education should be responsible for training up new generations of cybersecurity professionals.

Work has started in the education sector already. President Obama pledged $4 billion for computer science in US schoolrooms in January. The UK Government has just announced a ‘Post-16 Skills Plan’ to put focus on digital skills in higher education. In Europe, The European Commission has set out steps to improve digital skills in Europe, as part of its journey towards a Digital Single Market.

To solve the problem, Kaspersky Lab believes more should be done at an employer-level to encourage young people to enter cybersecurity careers as well. Even among IT security professionals, 27% admit organizations themselves must do more to offer training and graduate schemes.

“There is a skills gap that needs to be addressed by both industry and education if we are to enthuse young people about entering the cybersecurity workplace. This generation is closer to technology than any before, and will run rings around the industry soon enough, escalating the threat of cybercrime if they are not brought onside and given opportunities to blossom. Their talent should be harnessed and nurtured for society’s good,” concludes Eugene Kaspersky.