Cyber security: The bad guys are organised, so we have to be too
Dr Frank Stajano, Co-founder of Cambridge2Cambridge, and Reader in Security and Privacy at the University of Cambridge
One of the biggest challenges facing businesses, political institutions and individuals is cyber security. For example, a recent report found that hacking attacks on UK businesses has cost investors £42bn, and a severe breach leads to a company’s share price falling, on average, by 1.8 per cent.
As well as protecting data and preventing hacks, one of the major issues surrounding cyber security is the much publicised skills gap. A recent report from cyber security professionals association (ISC)2 identified that by 2021 the shortage of skilled workers in the cyber security sector will reach 1.8 million globally. Individuals, companies and the state will be left exposed to attacks from cyber criminals and terrorists, if this skills gap is not addressed.
Companies and Government alike are developing comprehensive training programmes, that are designed to nurture the cyber security defenders of the future. However, universities across the UK have a vital role to play in equipping these cyber security professionals with the necessary skills to enter the industry. University staff must ensure that candidates are receptive to training, by providing an adequate framework of knowledge to them, instilling a solid foundation of principles and theories behind where these problems come from.
A university's job is to teach the ability to learn new skills; rather than training individuals on learning a particular skill, as we often see with training in industry. This ability to learn new skills is vital, as cyber security is an ever-changing industry with cyber criminals constantly finding new ways to attack and exploit vulnerabilities. At the same time, universities need to combine theory with the development of practical skills in a real-world environment, thus allowing students to test what they’ve learnt and teaching them how to apply this in a realistic environment.
One way to enable students with the vision to do this is through face to face competitions. Bringing together different individuals to apply their cyber security abilities in a collaborative and competitive setting allows students to implement the skills they have been taught, while learning new ones in the process, all in a fun and inclusive environment.
This is the intention behind the annual Cambridge2Cambridge (C2C) cyber competition, which will take place later this summer. The competition is jointly organised by the University of Cambridge and the Massachusetts Institute of Technology (MIT) Boston, US.
This year, the teams competing at C2C will be mixed to include cyber defenders from the best universities from across the UK and US, who will come together to learn best practice in cyber security and demonstrate their ability to become future cyber defenders.
The competition is designed to give budding cyber enthusiasts a platform to test and improve their skills in a real-life simulation, meet like-minded individuals, and learn more about careers in the sector by introducing them to key players in the industry and government.
Cyber security competitions give pupils the opportunity to implement the skills and theory they have been taught at university in a realistic environment, while learning new ones in the process, which will help grow them in to the cyber defenders of the future. It also teaches them to adapt to their surroundings and think on their feet, priming students to be trained in industry and make a real impact.
Universities from across both sides of Atlantic have realised the importance of giving the most talented students a platform to test their skills and knowledge. We will only see staff entering the industry with the right skill set if they are given the platform to put theory into practice in real-life simulations. After all, the bad guys are organised, so we have to be too.