Encouraging Education in Cybersecurity

Ignorance has never been bliss, but it is even less so today. Cybercriminals are always looking for vulnerabilities to exploit. This is why Bob Mueller said over a decade ago that there are only two types of companies in America: those that have been hacked and those that will be hacked. A decade later that sentiment is still true, except that many have been hacked numerous times. Many cybercriminals attack on a daily basis. Their target is your information.

Sadly, in the decade since Mueller made his statement we’ve made little progress in the war waged against us by cybercriminals. For the most part, our technical efforts -- while impressive -- have been reactionary.

How do we begin to combat such a threat? It begins with education.

For example, audiences at conferences, workshops and employee training sessions are still amazed when I speak to them of password cracking software, the need for updates, and simple tips on staying safe. Most viruses are still delivered via email and most passwords are still too simplistic. It is astounding that with all the articles, jokes, and anecdotal emphasis on password complexity, the most popular password in America is still some form of “Password” (P@ssw0rd, Password 123, Password 123!, etc.). This is why all companies should regularly emphasize cyber awareness training for all their employees. It seems logical that if you shrink the target, you will also shrink the cybercrime industry. Training in antivirus technology, update and password management, and education seem to be a no-brainer. This could easily and inexpensively be done through community colleges and different types of IT education programs.

The boom in cybercrime has created a corresponding increase in cybersecurity jobs. Yet the industry of cybersecurity is reported to have currently over 1.5 million positions going unfilled -- and an expected three million by 2021 -- because there are not enough educated and qualified people to fill the positions. Only recently have colleges and universities begun to offer an emphasis in cybersecurity, with only a few offering a degree in it, despite the fact that the IT industry allows stackable credentials (A+, N+ or S+).

The education industry needs to work with government and business to establish regional cybersecurity operational centers (CSOCs). Students would receive real world training to accompany their academic training (using certificates like COMPTIA’s as the final exams in classes like networking—N+). These students could work alongside experienced professionals at the CSOCs, and, as interns, work at organizations (SMBs, non-profits, government) that will also benefit from added emphasis on cybersecurity. Educational institutions would be able to market cyber awareness to the consumer while also benefiting from relationships with the organizations where they have placed interns. This idea is win-win. Education wins with increased student populations and more fully developed community relationships. Government, business, and NGOs benefit from improved security and better
educated employees. And everyone becomes less of a target for cybercrimes. The battle will always be engaged, but at least we won’t be in full surrender.