News Leaflets
A leading news portal.

Security firms face shortage of talent

0 21

As organizations realize risks to their operations, industry to help protect them has expanded rapidly

Article content

This twice-weekly series goes in-depth on cybersecurity, one of Canada’s growing economic threats. Our journalists explain the impact of ransomware on municipalities, health authorities, small businesses and the corporate sector.

Advertisement 2

Article content

Chris Johnston doesn’t want to come across as alarmist, but he can see the demand for cybersecurity exploding over the next few years even faster than firms can find people with the skills to do the work.

Article content

The former CEO of Bulletproof, a cybersecurity firm with headquarters in Fredericton, points to the rash of organizations around the world that have been hacked and whose IT systems have been held for ransom by online bandits, including the attack on the City of Saint John, just an hour down the road in New Brunswick.

In late 2020, hackers took down the municipality’s network, demanding $17 million in bitcoin to restore its functions, including water and sewage billing accounts.

In the end, the city refused to pay and had to rebuild its network from scratch, costing taxpayers $2.9 million with insurance covering about $2.5 million.

Advertisement 3

Article content

But beyond the financial loss, the attack was a big headache for city officials and hurt their reputations.

Johnston, who served as Bulletproof’s CEO for nearly three years before taking a senior position with Microsoft Canada last October, said that demand will soar as stories like these continue to make waves.

“We’re expanding because more companies are reading what’s happening in the news and saying, ‘We don’t want that to happen to us,’” said Johnston just before his departure from the company. “Originally, only big-budget firms with very sensitive data would hire us. Now 100-employee firms are buying our services.

“They don’t want the interruption, the brand damage or the financial losses. Insurance can cover the financial losses, but it won’t help with the stress and brand damage.”

Article content

Advertisement 4

Article content

Bulletproof began as a small cybersecurity firm two decades ago, mostly doing consulting or what it is often called ethical hacking, providing a third-party audit to ensure that a customer’s systems are secure and can withstand an attack. It’s still the bread-and-butter of what Bulletproof does because it’s more mature globally as a required service thanks to government regulations and insurance demands.

But more and more, it’s offering 24/7 managed security, providing firms around the world with constant protection thanks to 250 employees scattered between eight offices in Canada, four in the United States and two in Europe.

This certainly wasn’t always the case.

“There was a really good excuse initially to say, ‘I’m not a target’ because the first attacks were about extracting information and selling it to someone else,” Johnston said. “But then when ransomware came about, that flipped the whole business model on its head. It locks you out of your data and prevents you from operating your company. So it’s not what it’s worth to someone else, but to you, so you can get it back.”

Advertisement 5

Article content

And yet the quick growth also poses challenges. The business executive said the firm has been careful not to bite off more than it can chew for the time being.

RECOMMENDED VIDEO

We apologize, but this video has failed to load.

“The talent in the industry is finite right now, so it’s an employee’s market to some degree,” Johnston said. “We were leery, trying to build what we could in this company, so we wouldn’t end up in an arms race and just buying talent.

“But at the same time, you can’t build a senior tenure-pedigree person with a high school diploma and six months’ training. So you have to pick your battles and where we build anything, we build our junior resources, those entry-level positions, and we’ve seen some good success with that.”

Cybersecurity firms, he said, are built like a pyramid with tier 1 positions forming a wide base, typically young people who have completed a two-year college degree, university co-op placements or internships in high school during the summer months. For every 10 tier 1 staffers, five tier 2s are needed and one or two tier 3s. The higher up you go, the harder it is to find expertise, the ones with 20 years of experience.

Advertisement 6

Article content

“Those are the guys who command a higher salary and they’re not always easy to find.”

Ali Ghorbani has followed the Canadian industry closely over the last several decades and is concerned about finding enough talent to keep it growing.

The dean of the University of New Brunswick’s computer science faculty and founding director of the Canadian Institute for Cybersecurity is disheartened that Canadian schools are not stressing the STEM subjects more, the kind of basic training that would help create an army of cybersecurity recruits.

‘THEY WANT MORE MONEY’

“The bad guys have not only become sophisticated, but they also don’t necessarily differentiate between X and Y, this group or that group,” he said in his high-security office on campus in Fredericton. “They basically build techniques to take advantage of seniors, kids, financial institutions, critical infrastructure, anything you can think of. They want more money or they have political causes or other reasons.

Advertisement 7

Article content

“No one thought that the pacemaker in your heart would be a cybersecurity issue. Now it is. Because many medical devices are prone to attack. Even my watch can be attacked. Anything you can think of that’s connected to the internet can be hacked.”

He said the demands are such that cybersecurity firms will need to find about 10% more trained professionals each year for the foreseeable future.

In New Brunswick alone, a small province with only 800,000 people, there’s already a shortage of up to 700 cybersecurity workers, he said.

“The labour shortage is in everything. It’s a huge challenge. The projection is that in six or seven years, we’ll need 40% more in the cybersecurity workforce worldwide. And that’s much higher than any one country is graduating into this field.”

Advertisement 8

Article content

Since 2017, he said, the losses cost by cybercrime have nearly tripled and now tally about $6 billion annually worldwide. Canada, which he pegged as just behind leading nations like Israel, the U.K. and the U.S. when it comes to cybersecurity, does not have a good hold on how many experts are in the field because it lumps them together with IT professionals, many of whom are responsible to handle it on top of other duties, what Ghorbani and Johnston described as short-sighted.

In the near term, Ghorbani said, Canadian universities should keep trying to find international students to fill the void as up to nine in 10 students enrolled in STEM programs at a master’s or doctoral level come from elsewhere, a situation he said is related to the fact that such an education is valued higher in other places.

Advertisement 9

Article content

He also thinks the government has a role to play, arguing it should be teaching everyone from elementary students to senior citizens how to practise basic internet protocol and offering financial incentives for companies to train their employees how to be the front line for cybersecurity rather than just rely on the cybersecurity industry itself. After all, he said, 80% of successful hacks are the direct result of human error, usually everyday people who have poor computer security hygiene and don’t know any better.

“Cybersecurity is all about avoiding surprises and managing risks,” the academic said. “That’s what it comes down to in the end. But the surprises won’t totally go away, partly because the bad guys are as smart and have more resources and time and are more dedicated to their cause, either monetary or political.

“So keeping them at bay is like keeping burglars from our homes. This problem has never been solved; there are many ways they can come in. But you build barriers against that. It’s the same with cybersecurity.”

Comments

Postmedia is committed to maintaining a lively but civil forum for discussion and encourage all readers to share their views on our articles. Comments may take up to an hour for moderation before appearing on the site. We ask you to keep your comments relevant and respectful. We have enabled email notifications—you will now receive an email if you receive a reply to your comment, there is an update to a comment thread you follow or if a user you follow comments. Visit our Community Guidelines for more information and details on how to adjust your email settings.

Join the Conversation

Advertisement 1

FOLLOW US ON GOOGLE NEWS

Read original article here

Denial of responsibility! News Leaflets is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Leave a comment
vulvatube.com teenpornvideo.mobi desi girls sexy
sex video in bus tubekitty.mobi kamapichachi
the broken marriage vow march 12 full episode teleseryepisode.com mateo lorenzo net worth
telugu hd sex pornflex.org bluefilmtamil
indian sex stories lesbian indaporn.com best sex mms
hinde xnxx video redwap2.com bangla chudachudi
طيز خليجي filmstreamingporno.com التحرش بالمنقبات
affair sex video ultraporn.mobi deshimagi
tubb99 nuporn.mobi mumbaixvideo
agimat ng agila cast watchpinoyteleserye.com stl today result
age of tamanna pimpmovs.com xxxxx inden
indan xvideo com xxx-tube-list.net indina six video
gonzo xxx sunny leone eporner.name desi pirn
بنت تلعب في كسها teentubeonline.com سكس امهات اسيوي
largeporn film tubepatrol.porn kama katai