G'day, mates, and greetings from 'down under!" The land of roos and rugby cropped up in the news this week with a rather interesting report on their state of cybersecurity. On Tuesday, the Australian government presented its annual cybersecurity report, which revealed that one of its national security contractors had suffered a significant data breach last year. According to the report, it was kind of a big deal, as a large amount of data was lost.
A case study within the report stated that the government’s cybersecurity team discovered that an attacker had compromised the network of a “small Australian company with contracting links to national security projects,” adding that the attacker was on the network for an “extended period of time.”
Apparently, the Government's Australian Cyber Security Centre (ACSC) learned of the incident last November and helped end the attack. According to ABC News, the breach was just one of 734 the ACSC responded to last year that targeted infrastructure or other private systems of national interest.
Experts say that private industry in Australia has been one of the most glaring vulnerabilities in the country's cybersecurity. "It is worrying, but the thing that is most concerning is that what we're seeing is a growing sophistication in these attacks," said Assistant Minister for Cyber Security Dan Tehan. "[It is] absolutely vital that they are building in cyber resilience to everything that they do … they need to be making cyber part of their daily routine."
Same goes for providers. Effective cybersecurity can be achieved by strengthening existing programs and making absolutely certain defense systems are up to snuff.
In other cybersecurity news, ShieldX Networks (ShieldX) and Iowa State University (ISU) have joined together to address the cybersecurity human capital crisis by providing students with real life experience using the industry’s most advanced threat detection and security automation tools.
According to the press release announcing the collaboration, ISU’s Information Assurance Center, which offers interactive educational programs and hosts cyber defense competitions, will use ShieldX APEIRO™ cloud security platform to teach students how to effectively identify and automatically respond to suspicious activities within multi-cloud environments.
“Enterprises are struggling to find the talent and security solutions needed to defend against the growing sophistication and number of cyberattacks. Security innovations and more rigorous training programs are needed to solve the cybersecurity human capital crisis,” said Dr. Ratinder Ahuja, founder and CEO of ShieldX. “ShieldX is proud to be working with ISU to ensure that the next generation of cybersecurity professionals are ready to make an immediate, positive impact upon entering the workforce.”
Pretty neat, huh? Sounds like rainbows and unicorns to us, but let's take a look at this from the topside down and dig into the dreaded "skills gap." As it currently stands, the cybersecurity unemployment rate is zero, with over 1 million jobs unfilled. This number is expected to climb to 3.5 million by 2021. Unfortunately, the cyber skills gap coincides directly with the increasingly ferocious threat landscape and overall intensity of cyber-attacks nowadays. Thirty-two percent of organizations reported being victims of cybercrime in 2016, and 72% of CISOs predicted that their companies would be attacked within the next year.
So let's get to the root of this and start at the source. We asked Dr. Doug Jacobson, director of the Iowa State University Information Assurance Center and University Professor of Electrical and Computer Engineering, why we aren't seeing more college students majoring in and pursuing careers in cybersecurity. What is the cause and effect?
"A large part of it is a lack of awareness of what cybersecurity actually is, among kids and parents alike," Jacobson told us. "We (educators) need to do a better job of showing how cybersecurity jobs can help the world in order to broaden the diversity. We need to reach out into grade schools to help students understand simple cybersecurity and continue to reinforce the need for it."
Jacobson went on to say that early awareness and education about cybersecurity will open the door the possibility of cybersecurity as a career path. Not just for the "best" students, but for everyone. "We need activities that focus on all students - ones that show them cybersecurity can be fun and challenging."
Longterm, what's the impact this gap will have on the number of attacks in the future? Jacobson thinks that it's only going to get worse - fewer defenders coupled with more targets will lead to money lost.
So, early exposure and education - got it. Check. In the meantime, though, for security VARs and MSSPs, the talent shortage could present significant opportunities. MSPs and other channel firms are lined up perfectly to take advantage of the skills gap, as their IT skills are extremely valuable commodities. These opportunities are not without their challenges, of course, but what we do know right now is that organizations are in dire need of skilled technology professionals.
According to IT analyst firm CompTIA, in fields such as cybersecurity and digital transformation, there is some work that can be done from the inside. The speed of innovation can often times leave organizations in the dust, not to mention their stretched-thin IT teams. Channel firms can erase some of these pain points. Say it with me - education. MSPs and solution providers can pass their skills on by educating internal employees.
On the other side of the coin, partners can study up on their end as well. With the aforementioned "speed of innovation," the tech landscape is constantly moving and shifting. So why not bone up on skills one didn't previously have? These skills can be invaluable to a provider.
So on one end, there are strides being made to bring about awareness and education on the early side of things. Close that gap, as it were. In the meantime, channel partners can "mind that gap" by offering that element of assessment and analysis, and making recommendations/steering companies down the right path.
The views expressed in this column do not necessarily reflect the views of Penton Media or The VAR Guy editorial staff.