Cyber-attacks increase leads to jobs boom
- 26 March 2014
- From the section Business
Every cloud has a silicon lining.
As the number and sophistication of cyber-attacks increase, so too does the demand for people who can prevent such digital incursions. Cyber-security is having a jobs boom.
But there aren't enough people with the necessary skills to become the next generation of cyber-cops.
According to the most recent US Bureau of Labor statistics, demand for graduate-level information security workers will rise by 37% in the next decade, more than twice the predicted rate of increase for the overall computer industry.
"Demand for information security analysts is expected to be very high," forecasts the US Department of Labor.
In response, private sector firms and governments have been hurrying to work with universities to fill the gap.
This includes an ambitious project by IBM to create a partnership of 200 universities to produce the missing expertise.
As well as US universities, this talent-raising project is involving students in Singapore, Malaysia, Germany and Poland.
Marisa Viveros, IBM's vice-president for cyber-security innovation, says it is a response to a changing "threat landscape".
The increase in cloud and mobile computing has introduced more risk, she says. And there are more complex attacks being attempted than ever before.
"It's no longer about if an attack is going to happen, but when it's going to happen," she says.
Setting up a global university network with a wide range of skills, she says, is a natural response to a globalised problem.
The students trained in cyber-security will enter a relentless battle, says Ms Viveros.
Even before online products have been launched, there are attempts to hack them. And even relief funds for humanitarian disasters, such as earthquakes or typhoons, are under threat from hackers trying to steal donations, she says.
Mark Harris, an assistant professor at one of the participating universities, the University of Southern Carolina, says there has been a surge of student interest in cyber-security courses - not least because they stand a good chance of getting a job.
But Dr Harris says that it's also going to be a challenge for universities to keep up with the pace of change.
"Textbooks on the subject are out of date before they're published," he said.
According to the most recent monitoring report from IBM on the current levels of cyber-attacks, universities could do with some extra security themselves.
It shows that education faces a higher proportion of cyber-attacks than retail, consumer products or telecommunications.
The only areas with more attacks than education are governments, computer services, financial institutions and media firms.
When there are attacks it can affect large numbers of people. Last month the University of Maryland faced what it called a "sophisticated cyber-attack" which breached the records of more than 287,000 present and past students.
It's a shadowy parallel world - and adding to the slightly sci-fi sense of unseen danger, IBM has its own "X-Force" to monitor the latest threats.
According to its latest report, the X-Force Threat Intelligence Quarterly, half a billion individual records, such as emails or credit card passwords, were leaked last year.
The latest trends include "malvertising", where online advertising can be used to launch malicious attacks on computer users.
It warns of "drive-by downloads", where a browsing reader can accidentally download rogue computer programs.
There is also "spear phishing", where specific individuals or organisations are targeted with fake emails to obtain confidential information.
The report says that about one in 20 attacks uses the so-called "watering hole" strategy.
Rather than trying to break into an organisation's network directly, this targets other websites where people might regularly visit, with the aim of infecting their computers and trying to get the unwitting carrier to bring a virus back into their own network.
Dr Harris, at the University of South Carolina, says attackers are creating ever more complex threats.
"I've seen the level of sophistication grow. They're spending months working on a strategy, finding weak links, using external sites, looking for a back door."
"It's like a race," says IBM's Ms Viveros. "The system gets better, then the hackers understand it and they try to catch up.
"It's going to carry on being a problem."
Not least because computer technology is central to so many places, such as financial markets, defence, health industries, energy supplies and the media.
"It's inside your business, inside your home," says Dr Harris.
An attack on such essential infrastructure would have profound implications. But there is no quick fix, according to the UK's spending watchdog, the National Audit Office, which last month warned it could take another 20 years to tackle the skills gap in trained cyber-security staff.
There has been a huge growth in undergraduate and postgraduate degree courses in the UK related to cyber-security, including so-called "ethical hacking", where students try to penetrate computer networks in order to reveal weaknesses in their defence.
And the UK government wants cyber-security to be "integral to education at all ages", announcing this month that there would be lessons for pupils from the age of 11 and plans for cyber-security apprenticeships.
Does all this scrambling for training mean that we should be worried about the cyber-threats?
"I know enough about this to be scared," says Dr Harris.