By Steve Maguire – Co-founder FCP (first published Dec 2017)
Imagine an alliance of nation states joining forces with a civil movement to attack the UK with indiscriminate force, taking over our financial institutions, crippling our health service and controlling our citizens movements.
Seems far-fetched, but nonetheless our defence plan considers such a risk by planning a proportionate riposte to deal with such a threat. Whether it’s by way of a nuclear deterrent or by more covert means, our resilience to such an attack is testament to the tenacity of the Armed Forces in protecting us from physical invasion.
Ironically these attacks are occurring everyday within the UK and globally, difference being that they are not exactly physical, or are they? We have already seen the impact of Ransomware on the NHS this year, it wasn’t just desktop computers that were affected, it was also essential medical equipment, thus confirming the very physical reality of Cyber-Attack.
Our defence of information and networks is paltry, we are sitting ducks awaiting a cyber Armageddon of which we are ill prepared. We are fighting a Cyber War with Dad’s Army.
Who do you Think you are Kidding?
The cyber battlefield is becoming a mismatch between attack and defence. The average profile of the defender is a middle-aged man, aged 42 (UK govt 2017) earning good money thus increasing the prospect of early retirement. On the other hand, the attacker is young, highly intelligent and innovative and continually finding new ways to drill through Information Security defences with impunity. As the defender withers the attacker blooms. What is even more alarming, is that there is projected to be a global cyber security skills shortage of 1.5 million by 2022. Dad’s Army is de-mobbing while the Cyber Adversary recruits.
This is unsustainable and requires a call-to-arms outside the current circuit of cyber professionals. Veterans are the ideal response to this crisis.
Veterans are IT DIPLOMATS!
What do you get with veterans? Integrity for a start; then Trust, Diligence, Inspiration, Punctuality, Loyalty; they are Organised, Motivated, Assimilative, Tenacious and Strategic. All the assets that the Cyber-Security industry requires to defend against attack. An absolute no brainer? You would think so.
It is perverse that organisations are crying out for resources, whilst veterans are crying out for jobs, given the fact that Cyber-Security has been declared a threat on a par with terrorism. Massive data breaches are occurring on a daily basis, yet there seems to be little happening to tackle this crisis.
GDPR (not a dictatorship)
Sounding a little like a totalitarian nation, GDPR does not stand for the Great Democratic People’s Republic by the way, but it might as well do if organisations do not take the necessary steps to defend personal data. With regulatory fines of up to 4% of turnover for breaches of data, finally organisations are beginning to take stock by implementing compliance plans in the face of the arbitrary financial threat that looms over them.
Part of compliance planning is to have the right resources in place to mitigate Data Leakage, whether that be in a physical sense or within a cyber context. This is easy, right? Just get the right resources in place and all will be fine; but with an unemployment rate for IT professionals at an all-time low (below 1%), these people are not at beckon call.
Effective defence on the Cyber Battlefield requires a holistic response. It requires a Cyber Taskforce of consultants that share values that are congruent to solving the cyber crisis. There is a lucrative trade within cyber consultancy, but the quest for fortune will not solve the problem. There are some great organisations, doing wonderful things, take an Isle of Man company for example, Simply Secure; their mission is to provide total business protection for organisations by de-cluttering the 1’s and 0’s, by providing a simple solution to information security and not baffling with science. This is just what organisations require so they can have the confidence to operate within a regulatory framework.
Consultancy alone isn’t going to solve this crisis. The recruitment dogma of picking the low-hanging-fruit of cyber security professionals is only achieving one thing, it’s taking from Peter to pay Paul, thereby creating a retention crisis. The recruitment mission of making money is being achieved, but it comes at a cost to organisations who wish to hold on to the best talent. Something needs to change, and it needs to change fast, a new standard of recruiting must commence!
The Military Solution to this crisis is an obvious one, there is a wealth of talent out there, able and willing to provide the service that organisations need to tackle their Information Security issues. Part of the problem is that organisations know there is a problem, but they don’t know what the problem is, or how to solve it. Part of the solution is to look outside the box and recruit from the military talent pool; Hackers are humans, defeat them with soldiers!