For the European Union, the U.S., and many countries around the world, October is Cyber Security Awareness Month, a time to broaden awareness and expand the conversation on staying safe and secure online. This time of year presents an opportunity to reflect on the state of cybersecurity – how we’re dealing with today’s challenges and how we are preparing for the future.
Progress is great, right?
We live in a truly amazing time – a hyperconnected, digital world where people, processes, data, and things are connected in ways that stir the imagination. In this digital age, 30 million new devices are connected to the Internet every week. IoT devices create almost 300 times the data that people create and that number will increase exponentially as we connect more devices. Mobility, cloud computing, smart devices, and our ability to connect globally in real time are so pervasive today that we already take them for granted.
Our research forecasts that there will be 50 billion connected devices by 2020, and some say that estimate is low. By 2018, 78 percent of all computing will be done in the cloud. By 2025, 1 million new devices are projected to be connected to the Internet every hour. Global mobile data traffic will reach 11 exabytes (EB) per month by year’s end, and 49 EB per month by 2021. To put that in perspective: 1 EB is equivalent to 1 billion gigabytes; 5 EB equals all the words ever spoken by human beings.
Who could have anticipated this level of connectivity and growth just a few decades ago?
Preparing today for tomorrow
So how can we prepare today for tomorrow’s threats? To be successful in the age of digital disruption, we need to commit to cybersecurity that enables as a critical foundation. To capture the benefits of this digital age, cybersecurity must be sewn tightly into the fabric of every organization and business process. It has to be a mindset that permeates governments, businesses, education, and our lives.
The volatility of the geopolitical landscape, specifically tied to cyber, continues to keep governments around the world and businesses with a global footprint on notice. What’s at stake? According to the National Association of Corporate Directors’ Handbook on Cyber-Risk Oversight, “some estimates predict that between $9 and $21 trillion of global economic value creation could be at risk if companies and governments are unable to successfully combat cyber threats.”
Governments must drive a national security strategy and work with state and local law enforcement to address the threat of malicious, well-funded adversaries seeking financial reward, social instability or political gain. With cyber and financial controls now on par, businesses around the world must ensure the protection of their customer’s information. They both must examine how the threats of geopolitical instability and improper business operations affect risk, and take direct action to protect our collective interests.
To that end, the U.S. Securities and Exchanges Commission (SEC) Chair Jay Clayton recently commented that publicly traded company’s obligations of protection exceed a breach. It extends to disclosing the risks companies face from cyberattacks and revealing more readily and quickly when a breach occurs.
What is Cisco doing in this domain? One aspect is that we’re applying Unified Security Metrics that measure the security posture of an IT service, enable reporting and feedback, and promote continuous improvement over time. These indicators bring visibility and intelligence to critical systems that assess security posture, help manage risk, improve security hygiene, and drive better operational and business outcomes.
The results? Security is now more strategically driven. We have more operational control and flexibility to manage security actions, policies, processes, and investment. Most importantly, we’re focused on measuring outcomes based on risk and efficacy, not budget spend, and more effective at protecting our customer’s and our own information.
Businesses need to approach cybersecurity as a strategic business imperative, not a defensive necessity. Cybersecurity needs to be a cornerstone of our digital strategy and our business strategy. That’s why security is a strategic imperative at Cisco and pervasive across everything we do. It’s embedded strategically into our business operations, processes and polices, and how we educate our employees, customers, and partners around the globe.
Filling the skills and diversity gap
In preparing for the future, we also need to resolve two factors that hinder our ability to fight the good fight: drive greater opportunities for diversity in cybersecurity and fill the skills gap. Today, there are more than 1 million global cybersecurity jobs unfulfilled. We need diverse thinking, diverse candidates, and a diverse workforce to fill these roles.
For example, while globally women hold about half of the nontechnical positions, they account for only 25 percent of computing-related jobs, and 11 percent of the information security workforce. We can’t possibly meet the needs of the Digital Age if only one in four STEM professionals are women, and less than half of them are focusing on security.
Our blog on women in cyber shares how women can be better-represented in the future and links to perspectives from other Cisco leaders on this critical initiative that I wholeheartedly support. Let’s also broaden opportunities for underrepresented populations to find STEM-related jobs – and particularly those in cybersecurity – to enrich our industry with greater diversity.
How can jobseekers looking to break into the cybersecurity industry get a start? Attend the Finding a Career in Cybersecurity: Panel on Job Success webinar on October 25, in which a panel of experts will share how they got their role, lessons learned, and tips and advice.
Cisco has overhauled its learning curriculum to set people up for the next 20 years of their careers. We’re reskilling 3 million certified professionals, adding new digital skills to existing certifications. We’ve evolved our certifications to include cybersecurity, cloud, and next-generation curriculum. We’re expanding learning options for Architects through to the entry-level certifications with virtual labs, learning libraries and custom training. All of our education programs are geared to aid the global digital workforce to move forward effectively, and help our customers reach their desired outcomes securely.
Building a culture of cybersecurity is critical for any organization as is creating advocates in functions beyond the security team. Industry and government can help by partnering with learning institutions to raise awareness and promote available opportunities to train IT and security professionals, as well as the general public. Educators must continuously develop creative new training approaches that will prepare the next-generation workforce for the cybersecurity needs of the future.
The future is still bright, despite these challenges
Every individual with an online presence must get involved. Stay informed, apply the appropriate security controls, share what’s working and call out what needs to improve. Help one-another to be cyber resilient and raise our collective security posture. Safe web, email, and social media habits, patching and updating systems, and better password management are actions we can all take today.
October is a time to lean in and engage. Learn new techniques and share your insights with your colleagues, family, friends, and us. National Cyber Security Awareness Month in the U.S., the European Cyber Security Month, as well as other cybersecurity advocacy programs around the globe offer tremendous resources, as does Cisco’s Trust Center.