Not being able to access the right skills poses a severe threat to the security of UK businesses. Here, Andy Barratt, UK managing director at cybersecurity consultancy Coalfire, looks at the potential for ex-servicemen and women to bridge the skills gap
A recent study by the UK government found that four out of every five businesses feel they are adequately equipped to deal with the cyber threats they currently face. But, given that one in three UK firms were targeted by cybercriminals last year, there seems to be a worrying sense of complacency within the business community about the nation’s well-documented cyber skills gap.
Barely a month has gone by lately without some form of hack or data breach reaching the media and, while we generally only hear about the shortcomings of household names, cybercriminals are indiscriminate when it comes to businesses with gaps in their armour. Moreover, from a financial perspective, the Information Commissioner’s Office’s jurisdiction to hand out fines in the new GDPR era extends to businesses of all shapes and sizes.
Contrary to business opinion, the government’s national Cyber Skills Security Strategy found that that more than half of businesses and charities have failed to address some form of basic cyber skills gap within their organisation. It’s a gap that the National Cyber Security Centre, which provides advice, guidance and support on cybersecurity to business, says is unsustainable, given the inherent cyber threats within the digital economy.
Determined and persistent
Encouraged by the current skills gap, a determined and persistent community of cybercriminals is growing in confidence, motivated by the lucrative prospect of stealing and selling customer data on the dark web, or using it in their own criminal activities. Indeed, government stats indicate that almost half of the businesses who were hit by cyberattacks in the last year were repeatedly targeted on a monthly basis.
It’s a threat that’s unlikely to diminish any time soon, so it’s incumbent on anyone holding potentially sensitive data to ensure they are armed with the skills they need to defend themselves. Those seeking a pipeline of appropriately qualified candidates could look to graduates and school leavers, but there is another valuable pool of talented recruits to be found in former members of the British Armed Forces.
A pool of talent
More than 14,000 service leavers come on to the civilian job market every year and the number of ex-military personnel is forecast to grow by up to seven per cent by 2028, representing a potential recruitment pool of three quarters of a million people with highly relevant core skills.
A background in the Armed Forces brings with it a heightened security awareness and detailed problem-solving ability that often isn’t as developed in other kinds of roles.
For example, a candidate who has formerly been employed in the military police will be familiar with the processes of a forensic military investigation, which has obvious parallels with that of a cyber breach.
Both require an elevated attention to detail and the ability to scrutinise and evaluate the behaviour and motivation of parties involved.
On top of these analytical personality characteristics, the Armed Forces also emphasises the importance of discipline, self-motivation, team work and organisational skills from day one – meaning ex-armed forces personnel are prime candidates for leadership roles in the longer-term.
This toolbox of management skills can be important in distinguishing ex-army, navy and air force staff from graduates or school leavers and is an important consideration when it comes to timely return on investment.
Rapid return on investment
Knowing recruits can take on client and project management responsibilities relatively quickly means they are likely to start generating revenues more speedily for those firms willing to employ them.
The average cost of a successful cyber breach to a large business in the UK, for example, is more than £22,000. In comparison, a veteran can be trained to effectively support a group of large clients for less than half that amount –underlining the sustainable business case for doing so.
It’s a strategy that is already well understood by employers across the Atlantic and, at Coalfire, we’ve seen the benefit firsthand.
The Department of Homeland Security – whose responsibilities include providing employment opportunities for ex-service members – actively encourages cybersecurity training and education for veterans, and we’ve tapped into this to staff Coalfire’s US operations.
Seeking suitable candidates
After seeing the positive impact that employing a small number of military leavers could have on our business across the Atlantic, we joined forces with employers including British Telecom, Jaguar Land Rover and the Post Office to sign the Armed Forces Covenant here in the UK.
It’s a formal commitment to provide ex-servicemen and women with routes to skilled employment and, for the benefit of the wider cybersecurity sector, we’d encourage others to do the same.
The Ministry of Defence’s Career Transition Partnership connects a wide range of experienced, trained and skilled ex-service people with employers and is a good first port of call for any business seeking suitable candidates.
It seems clear that there is a pressing need for the cybersecurity sector to recruit from all areas of society in order to effectively respond to the ongoing threat and also to solve the skills shortage.
Teams that can draw on different types of people, with their own distinct thought processes, approaches to problem solving and experiences to draw from will perform better than teams made up of similar individuals.
Ex-service personnel can make up an important part of that mix in the front line of the fight against cyberattacks.