• Cybercrime's attack surface has increased because of the switch to home working.

• There is a growing gap in skilled cybersecurity practitioners – hence a need for more training.

• Israel is targetting the unemployed, ultraorthodox and school-age populations as cyber-employees of the future.

The COVID-19 pandemic has affected our lives across the board. The unemployment rate in many countries has crossed into the double digits, and economies have been badly hit due to the health restrictions imposed on travel and business. And people are using the virtual world – to confer, to do business, to study and to socialize – on a scale never seen before.

People’s homes have been modified to accommodate remote working, with no apparent reinforcement of their private communication infrastructures; some using their own private devices and others, end-point devices provided by their employers for home use.

From a cybersecurity perspective, the leap in the use of internet has presented cyber-attackers with a bigger-than-ever attack surface. New applications have been developed in a rush, some without adequate security measures. According to a report from cloud technology firm Datto, ransomware is still the number one threat; such attacks have increased both in number and in sophistication. The cybersecurity challenge, troubling enough prior to the pandemic, has only become bigger and wider.

Another point of concern is the growing gap in skilled cybersecurity professionals. According to a Kaspersky survey, 73% of businesses find it very difficult to hire IT security personnel. The High-Tech Human Capital Report by Israel’s Start-up Nation Central shows a rise of 16% in high-tech recruitments between 2018 and 2019, while the Burning Glass tech report on "the fastest growing cybersecurity skills on demand" estimates a growth of 164% in cybersecure application development jobs available. The State of Cyber Security Hiring Report finds that while IT job postings have risen by 30% since 2013, the number of cybersecurity posts has risen by 94% and take longer to fill. It is estimated that the global gap in cybersecurity professionals will rise to about 3.5 million in the coming three years.

With high-tech wages growing by 27% in relation to a 15% average, no wonder that cybersecurity professionals' salaries are 16% higher than IT jobs, and governments and industry are struggling to recruit them. It seems that the usual recruitment methods won’t suffice, and we need to expand our scope and look for other populations to fill the gap.

The fastest growing cybersecurity skills over the next five years.
The fastest growing cybersecurity skills over the next five years.
Image: Burning Glass

In trying to revive damaged economies, governments are pouring money into initiating public works and by supporting citizens and businesses with allowances. But fewer governments are investing in cyber-professional courses and capacity-building – which could benefit society not only by closing the cybersecurity gap, but also in bridging the social gap.

It is high time governments boarded the “cyber-train”, meaning investing in hands-on training and capacity-building. Such investment has many invaluable benefits: Converting the unemployed to become cybersecurity practitioners will help in bridging the employment gap and assist in our security posture against cyber-attacks. Moreover, such an investment will have a positive and significant impact on economies, both by preventing damage caused by cyberattacks, but also by contributing indirectly to the economy. As salaries of IT employees are relatively high, the return on investment would be much quicker. One must also not forget the social benefits of reducing inequality, and fulfilling the WEF vision of the Great Reset.

Who can we train?

Most of the existing professional courses in cybersecurity are aimed at professionals in computer science that already have some experience in the field.

This is an immediate channel that may require less resources, yet will not suffice, and we should think of other potential populations as candidates. The Israeli National Cyber Directorate (INCD) recently initiated a programme called Cyber4s, designed to train capable young unemployed individuals with no university degree nor work experience. In a period of six months, the aim was for them to become qualified full-stack cyber-developers. The key to the programme’s success is that the syllabus was the product of joint public-private partnership, between industry, the NGO Start-up Nation Central and the 8200 Cyber Unit, a part of Israel’s defence forces. So participants had exposure to the real world of high-tech and a better chance of employment.

Other initiatives target broad groups who might be completely new to the field. One good example is the Cybersecurity Learning Hub, developed in partnership between Salesforce, Fortinet, the Global Cyber Alliance and the World Economic Forum.

Another interesting channel is the one aimed at specific target populations, such as the ultraorthodox minority. This group is generally educated in religious schools that do not follow the core subjects of maths and English as other communities do. It is a challenge to train such demographics in technological professions, yet through a dedicated nine-month course, the candidates qualified as cyber-practitioners. This case study could serve as a model for other populations who lack the requisite maths and English needed as a basis for high-tech jobs.

Third is the "cyber-club" programme for young girls – and other similar school initiatives. The alumni say that such dedicated programmes have enabled them to study more freely and empower them to strive for careers in high-tech industries.

Collaboration to defeat cybercrime

The information technology domain is intensely dynamic. Attack patterns are being developed all the time, hence it is imperative that best practices are updated frequently. The industry innovates at a pace governments cannot keep up with. The key to a successful training programme is to take into account these variables, study the gaps, and adjust the syllabus according to current needs and to the advancements in the tactics and procedures. A solution that will bring together representatives of the high-tech industry, governments and NGOs.

The INCD has initiated a voluntary certification process for cyber-professions. The first profession to be declared is the “Cyber Practitioner”; its syllabus was defined according to the methodology of Unit 8200 and according to industry needs. Israel chose to lead by example by asking service providers for the government to be certified, thus inspiring the market to demand such certification too. Different countries may have different approaches: Some, like Singapore, require all professionals to be certified officially by law, whether working in the public or private sector.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum's Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority.

Our community has three key priorities:

Strengthening Global Cooperation - to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.

Understanding Future Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.

Building Cyber Resilience - to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.

Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.

The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.

For more information, please contact us.

Bringing all relevant players to the table and understanding the needs of the market is something that governments and NGOs everywhere could work towards. The vision of establishing a joint working group of governments and industry to define basic cyber-professions and the minimal syllabus requirements is something that could bolster collective cybersecurity for us all.