National Cyber Security Centre handles over 1,100 attacks in two years, while cybersecurity skills gap grows.
If you were ever in any doubt about the fine work that the good people at the National Cyber Security Centre (NCSC) do, then data coming from the government agency’s second annual review should leave you under no illusions as to its importance
The cybersecurity arm of GCHQ has stated that since it came into full force in 2016, it has defended the country against no less than 1,167 threats, with 557 of those cyber incidents occurring over the past 12 months. A quick calculation and this works out as over 10 cyber attacks a week. The annual report also notes that the majority of those attacks are from hostile nation states. Furthermore, because of its work the NCSC has reduced the UK’s share of visible global phishing attacks by more than half.
The agency’s Active Cyber Defence initiative has proven key to protecting the UK from high-volume commodity attacks affecting everyday lives, and between September 2017 and August 2018, the initiative has taken out 138,398 phishing sites in the UK.
In the end, then, the people working at the NCSC are working hard to ensure that businesses and individuals can operate safely online, and we should all be thankful for that.
Unfortunately, however, everything is not all rosy in the cybersecurity conversation. Data from a non-profit association of cybersecurity professionals, (ISC)², has shown that the global digital skills gap is widening.
The organisation commissioned a survey of over 1,450 cybersecurity professionals throughout North America, Latin America, Asia-Pacific and Europe in order to help measure the gap in the cybersecurity workforce in companies of all sizes. From this survey, (ISC)² has concluded that the global cybersecurity workforce gap has risen to nearly three million across the world.
That rather startling figure aside, the survey also throws up some other interesting points. Nearly two-thirds of respondents said that their organisations have a shortage of IT staff dedicated to cybersecurity, and 59% said that their companies are at moderate or extreme risk of cybersecurity attacks as a consequence.
Under half of respondents said that their organisations plan to increase cybersecurity staffing over the next 12 months, which at least shows that many companies are looking at taking their approach to cybersecurity more seriously.
Cybersecurity professionals are, broadly-speaking, a happy bunch too as 68% of respondents said that they are either very or somewhat satisfied in their current job. The cybersecurity workforce is also younger than identified in previous research, according to (ISC)² CEO David Shearer, and women are also better represented.
As for reasons why cybersecurity individuals might not wish to further their careers, (ISC)²’s research highlights that some of the biggest career progression challenges include an unclear career path, a lack of knowledge within the business about cybersecurity, and the cost of getting into a career in cybersecurity.
So what are we to conclude from these reports? First, and most obviously, of all, cybercrime is a potentially massive threat that all businesses must face up to. The fantastic work of GCHQ’s National Cyber Security Centre continues to save us all from high-level threats, but at a business level, cyber-threats must be taken seriously to avoid financial losses.
Secondly, demand for cybersecurity professionals and their particular skills isn’t going to slow down any time soon. Professional training to upskill current IT workers and introducing cybersecurity to students in education are just two ways that the government and organisations can help to bridge the obvious gap that has emerged for what is a very pressing issue.
The UK government has been accused in the past of not taking the matter seriously enough, but tackling any shortfall is likely to require answers from both government and industry.