GISEC 2015: Cyber Security Skills Gap ‘Getting Worse’, Warns Help AG
The skills gap within the ICT security sector is “getting worse and worse”, according to Help AG’s director of technology services, Nicolai Solling.
“Skills are very difficult to develop in security because of the rapid evolution of the field,” Solling said. “Every year there are new things we have to deal with. One of the big topics at this year’s RSA conference was cloud. It’s a whole new ball-game for security because you can no longer, as an organisation, necessarily define your security policy for specific cloud applications. You buy into the security of the Microsofts and the Googles of the world.”
As a systems integrator Help AG always participates in events like GISEC with its partners. This year, the company is showcasing one of its more recent cohorts, Cisco.
“If you look at the Cisco portfolio, we have a long story [with them],” said Solling. “We were the first partner in Europe for IronPort. When we moved into the Middle East in 2004, IronPort was part of our first portfolio of services. We’ve also done SourceFire for a very long time.”
Cisco bought IronPort in January 2007, according to the company’s website. The solution offers a suite of email and Web security gateway and management products, now called Cisco Email Security and Cisco Web Security. SourceFire was acquired in October 2013 and, in a single month, Cisco announced it had integrated SourceFire’s products into its security suite.
“We, as a company had a little bit of a challenge with [Cisco’s portfolio] because we are not normally focused on data centre, routers and switches, but what we’ve seen in the last 12 months is strong motivation from Cisco to identify specific partners that would only be focusing on security products, so we decided to sign up with them,” Solling explained.
Security vendors and practitioners across the Gulf have long warned against complacency, and have tried to convince private- and public-sector organisations that being attacked is a matter of “if, not when”.
“Customers need to understand that they will have security issues in the future,” said Solling. “There’s no such thing as not having security issues for any kind of organisation. What’s going to differ among organisations is how we deal with those issues.”
User awareness remains a problem for CSOs. As more and more employees bring their own devices into the corporate network, their mistakes migrate as well. When asked if user error was at least 80% of the problem, Solling said, “I think it’s probably even higher.”
As more and more devices are connected to the Internet, and more points of access open for cyber-attackers, Solling said manufacturers needed to pay more attention to securing overlooked devices such as lamps and washing machines.
“The Internet of Things opened up something a little bit different because there’s a focus on functionality rather than security. This opens up a whole new set of issues.”
But some light may yet shine, as industry heavyweights address, and look for ways to eliminate, an age-old problem: the password.
“There’s a lot of focus within the industry about avoiding a password, because one of the biggest issues we have today is credential theft,” Solling said. “If we can avoid the password we have already eliminated that issue. There are some interesting [innovations] coming up from Microsoft, [namely] cryptographic log-ins.”