By Ross Foley, Cyber Security Director, PwC Scotland
CYBER security has become one of the major societal challenges of the internet age. What was once the domain of IT and security professionals has become a board-level business issue, a challenge which each of us face on a daily basis.
The paradigm shift we have experienced in terms of the threat must now be mirrored in the scale of our response: we must give all people the skills to protect themselves, and ultimately ensure the cyber resilience of UK plc.
I was enthused by the message of collaboration and teamwork that came across loud and clear from key figures from both the public and private sectors at the recent Cyber UK event in Glasgow. In his opening address to delegates Ciaran Martin, CEO of NCSC, the Government agency responsible for cyber security, described the event as the coming together of the “team” tasked with defending the UK in cyberspace.
Working as a team, there are three equally important challenges we must address in order if we are to achieve the Scottish Government’s aim of becoming a “world leader” in cyber resilience, and create an environment where cyber security simply becomes embedded in our culture, both at home and in the workplace:
1) Provide all citizens with a baseline knowledge of the tools and techniques they can use to protect themselves in cyberspace.
2) Create a sustainable and broad pipeline of cyber security talent.
3) Foster a culture of collaboration between government, our security services and the private sector.
An effective first step is to recognise that cyber security is now simply a fundamental life skill for children of the internet age, one which goes hand in hand with the road and personal safety lessons that we all remember from our own school days. For businesses, cyber security must become as fundamental as health and safety has now become. And at a public sector level, it must sit among others deemed critical to a functioning society, such as healthcare or the emergency services.
It’s also important to recognise that the next generation of cyber defenders are not just security managers or coders, but everyone from the future CEOs to any worker who views, holds or processes information. Technology, data and electronic communications are so intrinsically linked to our lives that cyber security begins and ends with every employee of an organisation or every citizen of a state. Ultimately, the more we build security into the culture of our citizens, the more cyber-resilient our organisations will be.
The work of organisations such as Skills Development Scotland are fundamental to addressing these challenges, driving a sustainable pipeline of cyber security professionals. However, while we have a steady stream of technical graduates from highly-respected cyber security degree programmes at both Abertay and Napier Universities it is imperative that we remember that security requires a broad range of technical and non-technical disciplines.
The cyber security industry has also long been criticised for its lack of diversity, with NCSC commenting in 2017 that we needed “a much more diverse workforce” in order to combat ever more sophisticated cyber threats. Driving greater diversity of gender, ethnicity, background and thought, are all vital aspects of creating a cyber-resilient workforce.
While the challenge may seem daunting, it is clear that the appetite to drive change is real. All cyber security professionals hold a duty to facilitate this agenda so I look forward to further opportunities for our community to come together and support the cross-sector conversation and collaboration required to build the foundations of our future cyber resilience.
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules here