Cybersecurity has become a crucial policy area for governments, amid surging attacks targeting critical national infrastructure and services.
As well as attacks perpetrated by financially motivated cyber-criminals, the fragmented geopolitical landscape means that countries are facing an unprecedented level of threats from rival nation-states. In one high profile case, Albania cut all diplomatic ties with Iran following a ransomware attack in July 2022 that temporarily shut down many of its digital services and websites.
In response to such challenges, the UK government published a new national cyber strategy at the end of 2021, designed to boost the nation’s defensive and offensive capabilities in cyber space. Two major components of this strategy are to expand the UK’s cyber talent pool, and develop closer ties between government and industry to share intelligence and tackle emerging threats.
On 16 and 17 January, the UK’s National Cyber Security Centre (NCSC) and training and certifications body the SANS Institute hosted CyberThreat, a conference designed to bring together the UK and Europe’s cybersecurity community to facilitate information sharing and showcase industry best practices.
At the conference, Infosecurity spoke to James Lyne, SANS’ chief technology officer, to discuss a range of topics around the cyber skills gap and promoting greater collaboration throughout the cybersecurity sector.
Sharing Cyber’s Knowledge Wealth
For Lyne, the most important purpose of the CyberThreat conference is to facilitate networking opportunities between technical cyber personnel at the frontline of the fight against attacks, particularly those working in cyber threat intelligence and network detection and response.
“We want to bring them together without the normal marketing noise or leadership topics and say here is a space where you can talk about what works and what’s really going on,” explained Lyne.
These “grassroots exchanges” are effective in exposing these coalface workers to new ideas around countermeasures in a relaxed environment without the usual day-to-day stresses of working in this high-intensity industry, he added.
Lyne noted that it has been “traditionally difficult” to facilitate such intelligence sharing in the cybersecurity industry due to legal and commercial concerns. However, he highlighted the finance industry’s collaborative approach to tackling fraud as the gold standard to follow in this regard.
“The banking and finance industry was able to work through the legal issues, developing the right non-disclosure agreements and so on, to create forums where they are sharing information about fraud that in theory could be competitively beneficial,” he said.
It is a model he is hoping will similarly develop in cybersecurity over time.
In addition to collaboration within the cybersecurity industry, Lyne highlighted the importance of the government fostering a closer relationship with private companies in the sector – something that has also proved challenging.
For example, Lyne highlighted concerns around intellectual property and the difficulties of reconciling commercially motivated companies with the aims of government. However, he said, “the more it’s played out in reality, the more those frictions have proven to be untrue”.
“When you get the people who are working in those types of organizations around collecting data and handling incidents to connect together, you realise it’s not that hard to collaborate, to share data and to share best practices.”
Lyne credits the NCSC as playing a pivotal role in boosting public-private sector relations in cybersecurity since its formation in 2016, due to its visible engagement with the public and industry, removing the “smokescreen” of government activity in this area.
Nevertheless, he still sees room for improvement, particularly regarding developing more internship and apprenticeship programs that enable people to quickly transition into cybersecurity.
Addressing the Cyber Skills Gap
Lyne’s role at the SANS Institute allows him to indulge his passion for developing new talent in the industry. He said that watching people train in cybersecurity through to forging a career in the sector and even presenting at events like CyberThreat is the most rewarding aspect of his job.
As the cybersecurity industry grows rapidly, the need to train and develop a new generation of cyber workers has never been more acute.
Lyne noted that the variety of skills and specialisms required in cybersecurity has increased substantially since he began his career. “When I started, cybersecurity was essentially two roles – offensive and defensive cyber,” he said. “Now, there’s hundreds of roles, from cloud specialists to mobile forensics.”
One initiative aimed at tackling the skills crisis is the Upskill in Cyber program, run by the SANS Institute in collaboration with the UK government. Its primary focus is to quickly onboard newcomers into the industry, including those moving from other fields.
The program provides intensive training for 10 weeks, which culminates in two industry-recognized certifications.
Once passed, candidates are qualified and ready to be deployed into junior roles, far quicker than traditional educational pathways.
“It’s the first rung of the ladder, there’s years to mastery, but they can join a team and speak the same language and be helpful in an incident,” commented Lyne.
The approach of getting more people into the industry doors faster, with the opportunities to learn as they continue their careers, will be critical if the skills gap is to be closed. “Less theory, more doing,” he stated.
Lyne emphasized that anyone is capable of retraining in cyber with the right will, even if they do not have technical skills or qualifications. “One of the best malware analysts I ran into came from a background of being a chef,” he noted.
Biggest Cyber Challenges for 2023
Lyne highlighted the three biggest challenges he expects to see for security teams during 2023. The first of these is prioritizing budgets and focusing on the security basics in light of global economic headwinds.
“Security leaders will have to be utterly ruthless about what their biggest threats and priorities are and not get distracted by the latest shiny bauble, because there isn’t going to be as much discretionary budget,” he said.
The second trend, which Lyne acknowledged is “not sexy,” is continuing to mitigate the core attack vectors like ransomware and phishing, which are set to be the primary dangers for organizations for the foreseeable future due to their ongoing success.
“If you’re a CISO I wouldn’t be looking at the next big terrifying threat, I’d be focusing on the things we didn’t solve in 2022,” he advised.
Finally, Lyne highlighted the security challenges posed by rapid cloud adoption during the pandemic. While the security principles in the cloud are similar other networks, the rate at which new tools and services are rolled out makes it a particular concern.
He believes organizations should be looking to incorporate solutions like Secure Access Service Edge (SASE) into the cloud architecture and even more importantly, recruiting cloud security specialists into their teams. Lyne acknowledged that these roles are difficult to recruit for at the moment.
“I would very much have my eyes on the cloud prize because the attackers do too,” added Lyne.