Compartilhar

International Cybersecurity Day or Information Security Day

PorAlfonso José Martín Palma- 28 / 11 / 2014

 

I've heard that this Saturday November 30 is International Cybersecurity Day or, same thing, Information Security Day. I'm sure that right now the three or four readers of this blog (and I'm including my four-year-old son) are Googling it (my son as well) to check it out and have come across other days like April 6. In any case, this celebration is a good time (and I'm being serious now) to review one of the most important yet least acknowledged aspects of our modern times, which is cybersecurity training.

There is no doubt that modern society depends on new technologies and the Internet to function correctly and guarantee well-being and progress. This is plain to see in every walk of life, on both a professional and personal level. And it is precisely this ultra-dependence on technology that makes us so vulnerable. Imagine the impact on a company's economy if its most sensitive and strategic data were compromised. Depending on the size and purpose of the company, it might also have an impact on the country as a whole. Which is what recently happened in the United States, when a coordinated cyber-attack compromised a huge quantity of sensitive data owned by various financial institutions, including the largest such institution in the world – JPMorgan. The FBI and the U.S. secret service are investigating the case, and it seems that other leaks at major European banks could be related to it. And let's remember that the financial sector is probably one of the most mature sectors as far as cybersecurity goes. Imagine less protected sectors like SMEs. In fact, I could cite numerous examples of attacks on major corporations, strategic organizations and governments because they happen on a daily basis.

There are many reasons for this but they are complex and sometimes misunderstood. However, one of the most important is a shortage of staff with an expert knowledge of cybersecurity – professionals who know how to build the most reliable technology, how to use their knowledge to eradicate cyber threats, either through the police or the private sector, or how to offer companies efficient asset protection services. In short, we need more staff with better skills for addressing the cybersecurity challenges that such a high-tech society has spawned.

According to calculations published by CISCO, in 2014 alone there is a global shortage of more than one million professionals specialized in this field. In Spain the data released by the Public Employment Service (SEPE) (http://www.sepe.es/contenidos/observatorio/perfiles/pdf/Especialistas_ciberseguridad.pdf ) suggest that the number of cybersecurity experts has declined in recent years to pre-2005 levels, a situation that contrasts with the exponential growth of cybercrimes and the related costs. Currently, an average of 23,000 people – 15,000 fewer than in 2007 – are in employed in Spain with profiles like network security administrator, IT security systems architect, software security sales representative, and information security expert. In practice, all of them are regarded as cybersecurity technicians. According to various studies, Spain is the third country most plagued by cyber-attacks and yet there are few genuinely skilled technicians capable of preventing and managing these risks.

However, as pointed out in the report published by the Fundación Empresa Seguridad y Sociedad (ESYS), “Necesidades de Formación en el Sector de la Seguridad 2013” (Training Needs in the Security Sector 2013), today:

  • There is no specific cybersecurity training
  • Companies are specifically demanding  accreditations and training
  • The only professional accreditations that currently exist refer to technical skills and are provided either by manufacturers of ICT security systems or by international organizations that are not governed by any type of legislation:
    • All of these certifications are voluntary.
    • There is a need for a Spanish accreditation system, harmonized with the European system, which focuses on technical characteristics and university studies.

As we have noted in our series on national cybersecurity strategies, all of them include the following goal: "To improve cybersecurity professionals' skills and citizens’ sensitization and awareness."

In spite of all these circumstances, very few degree and postgraduate courses offer a cybersecurity specialism, and in general the ones that do lack sufficient guidance to train professionals in the fields demanded by the labor market. Furthermore, we need to develop a cybersecurity knowledge framework that addresses all the technical, operational and legal considerations, and to enter agreements with universities and specialist centers to extend and augment the content of talent attraction programs, advanced research and cybersecurity training.

Indra is doing its bit in this respect through initiatives that have now become realities, such as the Indra Master's Program in Cybersecurity offered by U-tad (http://www.u-tad.com/estudios/master-indra-en-ciberseguridad/), which is already underway, and the Indra Chair in Cybersecurity at Carlos III University (http://www.inf.uc3m.es/investigacion/19-articulos-sin-categoria/44-catedra-ciberseguridad-de-indra) .

Next week Madrid will play host to Cybercamp (www.cybercamp.es), a cybersecurity event organized by INCIBE, the National Institute of Cybersecurity, under the auspices of Theme 5 "Cybersecurity Excellence Program" of the Digital Confidence Program, whose aim is to disseminate a knowledge and awareness of cybersecurity issues as well as attracting cybersecurity talent.