Ruslan Grumble - Fotolia
Popular culture key to giving cyber security much-needed boost
The cyber security industry should turn to popular culture to raise awareness of the cyber threat to businesses and consumers and attract new blood to the field, says McMafia author
The cyber security industry is failing to communicate the scale and nature of the threat and is severely under-resourced in skills, according to UK journalist and author Misha Glenny.
“The Spooks BBC television series resulted in a phenomenal increase in applications to work for UK intelligence services, and the same should be done for the cyber security profession,” he said.
Glenny, author of McMafia, who has studied the patterns of “cyber malfeasance” including cyber crime for the past 12 years, believes one of the key failings of the cyber security industry is around communication.
“The generally high levels of misunderstanding and ignorance about cyber vulnerabilities and cyber security in the population as a whole leads to rich pickings in companies and institutions, for social engineers in particular, because people do not understand their function in a regime of digital hygiene,” he said.
This also persists at boardroom level, Glenny told a media briefing at the Palo Alto Networks End User Cybersecurity Summit in London.
“In the majority of companies, there is very poor communication between information security, risk management, the communication department and the finance department, which are the four most important in terms of achieving a coherent cyber security regime,” he said.
According to Glenny, this poor communication is reflected at board level, where it remains “quite shocking” even in Fortune 500 companies, where the admitted level of ignorance by board members is high about why cyber security is important and how it functions within a company.
“It there is not that leadership from the board, as it filters down the organisation, there is less and less engagement with cyber security issues,” he said. “This means that all cyber security firms need to engage with a more holistic approach that underlines that the digital response alone is insufficient, given the fact that the primary vulnerabilities are human vulnerabilities.”
Read more about information security skills
- Demand for cyber security skills outstrips internal supply, research finds.
- Anti-millennial recruitment stance will widen cyber security skills gap, experts warn.
- Companies struggling to fill infosec roles should focus on finding people who can do what they need, not qualifications, according to a security industry panel.
- Information security professionals need to grow their skills, engage with the business, increase security awareness and set business goals and tailor their messages, says a panel of experts.
At a societal level, despite the exponential growth in dependence on complex network systems, there are still “very few” representations of this in popular culture, said Glenny. “There needs to be a much greater effort by the cyber security industry to engage with popular culture, and for me, television is absolutely critical here,” he said.
The US television series Mr Robot is a “terrific start”, said Glenny. “This series was very engaging and inventive in the way it got past the barrier of the computer screen and keyboard, but we need more of that because there needs to be a general understanding of cyber security, which is not currently being communicated through UK school curricula,” he said.
“There is a paradox here that young people are less concerned about cyber security than those who are not digital natives, which is a worrying trend, and so, in the absence of appropriate school curricula, popular culture becomes extremely important.”
In September 2017, security firm McAfee published research that showed UK school education is providing insufficient IT skills and little to no insight into careers in cyber security.
A poll of 2,000 UK-based respondents found that 70% of British adults feel their school education did not set them up with sufficient digital skills and knowledge of IT. This was more prevalent among older respondents, with 83% of adults over 65 saying so, compared with 59% of 18 to 24-year-olds.
However, a large majority of respondents (88%) said they were not aware of the possibility of a career in cyber security when they were at school. ............................................................................................... .................................................................................................................