Can you teach cyber security?
There are two words on every industry’s mind right now: AI and cybersecurity.
There are two words on every industry’s mind right now: AI and cybersecurity.
These fields are separate, but linked. With the meteoric rise of generative AI and Large Language Models (LLMs) – in February 2023, ChatGPT became officially the fastest growing company ever – the concern is that artificial intelligence will soon be turned inwards. Against companies, institutions and previously robust cyber defences. And nobody knows exactly what that looks like.
The effect of COVID-19
The demand for cybersecurity skills has also spiked since the COVID-19 pandemic. In the 2020-2021 financial year, the Australian Cyber Security Centre (ACSC) logged over 67,500 cybercrime reports; an increase of nearly 13 per cent on the previous year.
With an entire planet at home on their (often unsecured) WIFI modems, poor cyber hygiene was ruthlessly exploited by hackers. During the same period, ACSC measured self-reported losses from cybercrime of more than $33 billion. Approximately one quarter of reported incidents involved entities associated with Australia’s critical infrastructure.
“We saw numerous healthcare systems and hospitals shut down while dealing with the pandemic, so that just goes to show the seriousness of the threat we’re facing,”
Even the Australian census was targeted, with Australian statistician Dr David Gruen acknowledging there were over one billion attacks on our census system – on a single day – in 2021.
This backdrop has led to a surge in cyber demand. According to the 2020 Australia Cyber Security Sector Competitiveness Plan, Australia needs 7000 new cyber professionals by 2024 just to keep pace with industry growth. And the truth is, those workers don’t exist yet. They need to be trained.
Everyone’s responsibility
The old saying goes that cyber is ‘everyone’s responsibility’, and that’s true. If your role involves any sort of digital communication, data storage, classified information or even an internet connection, good cyber governance is 100% your responsibility.
The simple reason for this is that the vast majority of cyber breaches are preventable: they occur as a result of bad habits and poor education. Some studies suggest that lack of employee training is behind 80 per cent of all breaches, which means upskilling staff is, dollar for dollar, the most effective use of your cyber budget.
Formal training vs experience
Of course, basic awareness of phishing scams, WIFI best-practise, and two-factor authentication is a great start, but it’s not a long-term solution for Australia’s cyber industry.
“We just haven’t made enough investment and don’t have enough people to fight cybercrime at scale,” Bergman tells Microsoft. “And Australia needs to rapidly change the equation on that.”
This brings up another question: should you attempt to upskill your staff with formal training, or use on-the-job learning to bring them slowly up to speed. As usual, the answer is: “a little of both”. If your organisation already has dedicated cyber specialists, running in-house seminars, workshops and learning groups will absolutely pay long-term dividends.
On the other hand, to stay on top of the latest threats and build a more resilient cyber strategy, you’re going to need to invest in proper third-party training, especially if your team currently lacks any formal cyber education.
Cyber Security short courses
The best place to start is with online short courses. These can efficiently plug skills gaps in certain areas within the business. Train your IT team in data privacy management. Have senior stakeholders complete a graduate certificate of cyber security governance. Or get the marketing department upskilled in cyber risk and strategy. Building these skills across multiple departments, and aligning each of these departments to one governance strategy, is the best defence against online threats.
Hiring external talent is another option, but with demand increasing rapidly and the country’s cyber talent pool still relatively shallow, you’re likely to pay top dollar on the open market. External recruitment can be an effective way to plug short-term cyber gaps, or hire specialist skills, but it’s usually more cost effective to upskill existing staff.
It’s certainly more cost effective than a breach. According to IBM, the average cost of a cyber breach, globally, hit US$4.35 million in 2022, up 2.6 per cent from the previous year. In other words, it’s never been more expensive to neglect cybersecurity.
For more information on cyber security short courses, check out RMIT Online’s cyber portfolio.