People and Technology Gap…
We live in a time where technology is advancing ever faster, and it is almost impossible to keep up anymore. With this advancement of technology, also comes the security risks that we all must face. So, what is the future of cyber security going to be? We are already in the era of cyber wars, where every individual, all the way up to government level, will have to face cyber crime at some point. It's just a matter of time, so what are we going to do as a society? Buy the latest and greatest technology? But can we be sure that having the latest fancy technology will always protect us?
We see a lot of organisations heavily investing in new sophisticated technologies to manage their cyber risks, but a common mistake so many organisations make, is to almost completely ignore their people and processes by relying too much on this technology. Like the saying goes, “Your security is only as strong as your weakest link!” and time and time again, it seems the weakest link in the security chain are people. If we don’t create a security conscious culture that values people over processes over technology, your investment in technology could be rendered ineffectual. But if we prioritise investment in humans, encouraging the right security culture and know how, then the development of good policies and procedures, enable the best return on investment in technology. This is why I believe investing in people is the most important aspect of having a solid security system in any organisation. How can we expect advanced technologies like artificial intelligence to protect us if we don't have the right people and processes in place to help enable ethical business practices?
Do we have enough trained and skilled security people in the industry to cope with ever-advancing cyber-attacks? Unfortunately, the answer is a ‘no’. To support my claim and explain how dire the situation is, here I would like to share some statistics I received from the IISP, Institute of Information Security Professionals. According to a recent study by the IISP, it is obvious that the biggest challenge that we face in security is the number of trained security professionals.
By looking at these stats it is obvious the problem is scarier than one would imagine, and I ask, are we doing enough as individuals?
We have a huge skills gap and to make things worse, below you will notice we also have a massive gender gap where the female representation in the InfoSec industry is disgustingly low.
As a female IT and information security professional, I find it very frustrating and disappointing to see such slow growth in addressing the gender gap. I have been a techie for all my career and in every team I’ve worked, I was either the only female or one of very few. For years I have been talking about this and participating in many projects to promote IT and cybersecurity to many young females, but I always felt there is a lot of talk about it in the industry with people using this as more of an opportunity to promote themselves but when it comes to actions there is not much is happening.
I was born in Sri Lanka and grew up in a culture still heavily influenced by the historic effects of a master servant culture. Servants must follow the orders of the master without question. So naturally people expect to follow what the boss says without a question. I believe this has a major effect on creating future leaders. I know it affected me a lot until I managed to break out of that culture. When it comes to information security I believe it's very important to have people who are ethical, independent and confident so they are able to provide the right advice to top management to help enable business risks are managed properly and business functions are done securely. This also comes down to having trustworthy information security professionals with high integrity and credibility, which can be a really big challenge for many businesses. For example, how do you ensure your pen tester really is a white hat? (White hat is a term used for ethical hackers and black hat is a term used for unethical hackers) How do you ensure that they always disclose everything they find in your system or if they are even doing what they claim to do?
Attitude Gap - What doesn’t kill you makes you stronger…
To make matters worse in this male dominated industry, there is an attitude of male entitlement and (I call it) ‘caveman syndrome’ where women are only seen as sex objects, baby machines and house servants. There have been times where some men thought it’s ok to manhandle me, pretending like it’s nothing and that they are entitled to it. Or this old gem, where some colleague asked me what I’m doing in IT, rather than making babies at home. One time I got bullied quite badly by a project manager that I al