The future of crime fighting in the cyber age
Hacking from hostile governments, organised crime or even rival businesses is on the rise, with recent cyber attacks like WannaCry demonstrating the power hackers can wield.
Although governments, businesses and other organisations are usually the ones in the cyber spotlight, it’s often ordinary citizens who bear the brunt of such attacks. Stolen or compromised data can have devastating financial consequences, reputational impacts and even adverse physical effects.
It’s at this personal level that the bulk of our shared risk and vulnerability to attack lies, according to RMIT cybersecurity expert Associate Professor Serdar Boztas.
“Lloyds of London estimates that cybercrime costs the world US$400 billion annually,” he says.
“The main forms of attack include ransomware, phishing, and other advanced persistent threats, and the key cybersecurity challenges centre on countering these diverse and ever-evolving threats.”
Behind the scenes, both government and business are arming themselves with new tools and new teams of professionals to combat existing hacking threats and defend against future incursions.
“The cybersecurity sector is growing very rapidly in Australia, as in the rest of the world,” says Boztas.
“This is in response to our increasing vulnerability to attacks, which comes from our increasing use of cloud- and mobile-based software, and platforms that exchange and share our data.”
Despite huge and growing demand for cybersecurity professionals, there is a shortage of qualified graduates with the combination of skills required.
Securing our data in the digital economy
As the amount of data shared online increases, so does risk, making cybersecurity an increasingly critical issue for policymakers, like Pip Wyrdeman, senior adviser at the Federal Government’s Office of the Cyber Security Special Adviser.
“The digital economy has become the economy in Australia and globally and government is driving towards digital business with the population, asking us to do our taxes online, apply for services online and to do business online,” she says.
“The population want to operate online – it’s easy, it’s convenient and it allows us to do things we would never have imagined doing just a couple of decades ago.
“A digital environment relies, fundamentally, on trust. If I’m going to interact with you or your business online, I need to trust that I can do so safely. I rely on cybersecurity – security in the cyber realm.”
Wyrdeman’s office is tasked with developing and implementing cybersecurity policy to protect government, industry and the community.
“A key challenge in this space is to somehow keep up with the speed of technology change, to protect the systems we already have and to work out how to futureproof the ones we build from now on,” she says.
“But I think the biggest challenge we have is the human challenge. We need to educate and inform people from a very young age about how to operate safely and effectively in a digital world – this is fundamental to security.
“If you know what is needed to use anything safely and confidently, you will be safer than if you don’t know what you are doing or lack confidence.
“If we can bring both technical security and human understanding together, we can have security baked into both our systems and our activities using those systems.”
But as we do more business and communication online, securing the data and information exchanged and stored in cyberspace is more important than ever, creating a soaring demand for cybersecurity professionals and job opportunities far outstripping supply.
Jobs boom and cyber skills shortage
Global tech giant Cisco estimates that there are up to a million vacant cybersecurity jobs around the world. That’s a big skills shortage, and reflecting the demand, cybersecurity experts are predicted to earn 9 per cent more than other IT experts.
But who are the professionals working in cybersecurity now? A cyber worker herself, Wyrdeman describes the growing variety of jobs available.
“At the moment there are jobs in cybersecurity across the board, ranging from pentesting, design of secure software, education, law, insurance, policy, data privacy and protection, military, intelligence, engineering of smart cars/buildings/cities – you name it!” she says.
“It’s hard to say what the specific growth areas are right now, but one of the reasons that we run Cyber Security Challenge Australia for current students is to give our industry partners a chance to design their challenges to meet the needs they have, which gives a message to universities and students about what industry is looking for.”
Boztas is tackling the skills shortage first-hand as leader of RMIT’s Master of Cyber Security. In training the next generation to perform some of these new and evolving roles in cybersecurity, he believes students need a holistic approach.
“They need learn the theoretical foundations of cybersecurity, including cryptography, risk management, governance and fundamentals of programming,but also how to work in teams and to analyse and report on vulnerabilities by ethical hacking,” he says.
The high volume of data transactions in a booming digital economy brings risks as well as rewards.
New tech cyber challenges
Megan Haas is a Cyber and Forensic Services Partner at PricewaterhouseCoopers (PwC), working with organisations to manage cybersecurity and privacy, and guard against the threat of online corruption and fraud.
“As cybersecurity continues to evolve at an increasingly rapid pace, many strategic cyber decisions impacting the privacy and lives of people in society are being made for the first time,” Haas says.
“There are a lot of unknowns within the field of Cyber, and PwC leverages its wide industry knowledge to provide value-adding insights to clients on which strategies are more likely to work, and which may not.”
With the advent of the Internet of Things (IoT), whereby digital devices embedded in everyday objects become more connected and internet-enabled, interacting and sharing data, the opportunities for cybercrimes increase.
Haas believes attackers are also likely to focus on the rapid growth of artificial intelligence (AI) systems and the opportunity to seize control of them, but while technology provides the opportunity, it’s people that are the key.
“Cybersecurity is not only securing networks, but is mainly about managing risks and understanding people – a hacker’s mindset – and how they behave,” she says.
“Different threat actors apply different approaches and require different responses, like how organised crime gangs may use emails to send ransomware, while insiders can pose a threat due to their access to systems and data.”
In the past, private and public enterprises have used technology to protect their digital assets, and though technology will continue to be leveraged, Haas says that the current cyber risk landscape has brought a shift towards investing in people and training.
“Cyberterrorism is on the rise and cybersecurity is becoming one of the most sought after areas in industry,” Haas says.
“As we move toward a more virtual, agile, cloud-based environment, this demand will increase further as businesses look to protect against threats to their critical infrastructure.
“The most common challenge we have is to find people who are technically capable, have an understanding of relevant laws, regulations and best practices with a solid grounding in economics and psychology to understand hacker’s mindset.
“The speed of technology innovation means that the demand for these skills will continue to grow for the foreseeable future – individuals with relevant qualifications will be in demand in the market; the work will be varied, challenging and interesting; and financial compensation will be attractive in a competitive market.”
First published 1 November 2017.