In a speech to the Global Strategy Forum in London Neville-Jones suggested that “there is a vast swathe of corporates who have valuable intellectual property, much more valuable than they understand, which is inadequately protected.” The level of awareness, she said, is nothing like it should be.
It echoes UK Secretary of State for Education Michael Gove’s determination to improve computer education in UK schools – a move that James Lyne of Sophos calls an encouraging start, but one that “is long overdue and change is needed across the entire academic lifecycle to rectify the talent gap.” The talent gap has been described by ENISA security expert Evangelos Ouzounis as that “big gap between what the market needs and what universities produce.”
In the meantime, Neville-Jones is calling for a greater hands-on approach to the problem by government – even suggesting advertising campaigns like the ‘clunk-click’ adverts that encouraged people to wear car seatbelts. Government might need to bully people into raising their security awareness, she said.
But the education system remains the best solution to the problem. “Graduate programmes, and other such ways of junior cyber experts gaining initial experience, also need to be focussed on,” says Lyne. Classroom development alone will not be sufficient. “Many of the best cyber experts in the industry today are passionately interested in tinkering and playing with technology to understand what makes it tick. It is a mindset we need to encourage, not just a text book knowledge.” The mindset we need, he says, is that “it is cool to be a geek.”