University of Limerick’s Dr Lubna Luxmi Dhirani and Dr Tom Newe examine the security skills shortage in Ireland and how it can be addressed.
As the amount of interconnected smart buildings, smart grids and autonomous vehicles etc increases, we need to ask the question – what if the critical underlying infrastructure of this smart world is hacked, controlled or manipulated for a ransom?
In the modern times we live in, the impact and potentially damaging consequences of a cyberattack are much greater than in the past. Data is the new gold and cybercriminals are the gold rush prospectors of this era.
Recent attacks include the HSE cyberattack in 2020, which is estimated to have cost the Irish taxpayer more than €100m. The world’s most valuable oil producer Saudi Aramco was breached in 2021, where hackers scraped 1TB of data and kept it on a leak site while seeking a ransom of $50m in cryptocurrency.
The hackers had access to data that contained the full information on 14,254 employees, their names, passport details, phone numbers, email, job title, residence permits, as well as business/company data such as project specifications, client lists etc. This information is of potential use and value to many different types of threat actors on the dark web. How this happened is still relatively unknown.
If the response is to pay these ransoms, then the cyber prospectors will keep on digging until the shortage of cyber professionals capable of combatting and preventing these threats is addressed.
Careers in cybersecurity are professionally and financially rewarding and the sector is growing at a rate of 10pc per annum in Ireland and worldwide. Results of a recent study commissioned by Cyber Ireland, due to be published in May 2022, show that there are more than 450 cybersecurity businesses in the Republic of Ireland that employ close to 7,000 people.
This growing cybersecurity sector will require an increasing number of graduates of all classifications over the coming years and, in particular, cyber-skilled workers are needed.
Cybersecurity skills and a good understanding of how these skills can impact our daily lives, wider society and community are important.
As per 2021 statistics, around 98pc of successful cyberattacks were of the social engineering variety – psychological manipulation to trick users into making security mistakes or giving away sensitive information – and were successful because of a lack of cyber awareness and understanding by the end user.
With the continuous growth of, and increased dependency on, smart devices and technology at work and at home, the threat of cyberattacks on business and individuals is an ever-increasing problem. Now is the time to consider a career in cybersecurity.
The necessary skills
GDPR compliance and the EU directive NIS2 assist in increasing the level of cybersecurity in Europe, but every day new vulnerabilities and threat scenarios surface.
In these cyber-challenging times, people need to be trained in cyber defence, offence, threat intelligence, cyber standards and risk, data and network security, etc.
Careers in the cyber world are diverse and versatile. Many different skills are required and this enables different people with different abilities to have rewarding careers.
Cybersecurity solutions are not always technical – inculcating a good understanding of security issues, solutions and risks and being able to communicate the necessary solutions and strategies effectively will always be necessary.
The Cyber Ireland study highlights a significant shortfall in cybersecurity talent in Ireland against a backdrop of increased demand. This report states that one of the most significant factors leading to data breaches across digital structures globally is the lack of training of non-technical employees and the lack of highly skilled cybersecurity professionals.
For many seeking training in cybersecurity, a full-time course is not an option and they seek on-the-job training options instead. This gives more experienced staff the opportunity to validate their practical skills with a formal qualification.
On-the-job learning delivered by employers provides staff with the scope to engage in meaningful projects and opportunities and access to relevant work experience while facilitating their more formal learning provided by university or other educational providers in practical activities.
The cybersecurity practitioner apprenticeship programme at University of Limerick is co-designed with industry as part of the Human Capital Initiative UL@Work executive apprenticeships programme. It is a Level 8 programme to facilitate a blended combination of on-the-job employer-based training and off-the-job training in cybersecurity.
This flexibility allows the broadest range of employees to participate as the programme aims to ensure that apprentices can minimise the amount of time they are away from work.
Encouraging a broad range of participation is further supported by the Irish Government’s five-year Action Plan for Apprenticeship, which promotes access, diversity and inclusion in apprenticeships by offering targeted supports to encourage participation from underrepresented groups such as women, those with disabilities and those from ethnic minority backgrounds.
Dr Lubna Luxmi Dhirani is a lecturer and the course director of the cybersecurity practitioner apprenticeship programme at University of Limerick. Dr Tom Newe is also a lecturer at the University of Limerick and a Cyber Ireland board member.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.