October marks the cybersecurity awareness month and there can’t be a more fitting topic to discuss.

With the evolution of technology and AI, it’s not surprising that cyber attacks and threats are becoming more creative and sophisticated. Attackers are leveraging tools like GPT models to ensure their phishing mails are as genuine as possible to lure the uninitiated.

A report reveals that India ranks third in the list of largest countries for phishing attacks with over 79 million cyber attacks in 2023 alone. Besides, Indian businesses witness over 3,000 cyber attacks per week.

Such reports bring to light the criticality of cyber security awareness, knowledge, and most importantly, skilling. Even as we approach 2025, cyber security is still seen as an ancillary department in most enterprises.

Today, the avenues to leverage a loophole and gain access to our critical assets are more and diverse. Emails are no longer the only point-of-entries for malicious links to be planted. A skilled attacker can gain access through a refrigerator connected to our Wi-Fi.

As attacks become increasingly sophisticated, it’s inevitable that we revisit our cyber security measures. In this context, some of the implications for cybersecurity roles and skills going forward will include:

● AI and machine learning engineers to power their devices and solutions with AI-driven security measures

● IoT security specialists to fortify their devices and the networks they connect to

● Software developers to implement clean coding, leaving no bug, back gates or breadcrumbs for attackers to leverage

● Cloud security architects to implement cloud-secure protocols and threat mitigation plans

● Quantum computing researchers to develop post-quantum cryptography measures

● Behavioural analytics experts to work on social hacking techniques to mitigate threats and more

Post-quantum cryptography and the skills required

The power and potential of quantum computing makes breaking conventional encryption standards appear like kindergarten math. With access to a quantum computer, hackers can seamlessly decrypt even the most complex encryptions in seconds.

Malicious agencies and attackers have already started collecting encrypted data so they can gain access to it when quantum computers are practical. This is called harvesting and is a prominent technique deployed in cyber espionage.

Such preparation from attackers demands our focus in amplifying our cyber security measures and in recalibrating our approach towards fortifying assets for quantum computers.

Post-quantum cryptography involves the development of cryptographic algorithms that are immensely resistant to quantum computers. This also involves the development of new Key Encapsulation Mechanisms and digital signatures to safeguard assets from a quantum attack. Significant number of studies and research is being done in this field, offering us insights on how:

● Post-quantum cryptography is resistant to Shor’s algorithm – a quantum algorithm that enables processing and handling massive numbers seamlessly

● The development of such cryptography standards should also be compatible with classical computing standards because they will be tested in them initially

● Such algorithms need to be resistant to both quantum and classical algorithms and more

Essential skills to future-proof enterprise cyber security (and careers)

Let’s breakdown the skills required into three:

Technical Skills: Networking and system administration; Incident response; Cloud security; Application security; Blockchain and IoT security; audits and compliance; understanding of virtual machines.

Recommended skills: Digital forensics; AI; ethical hacking; Cryptography

Professional skills: Analytical problem solving; critical and lateral thinking; Communication and coordination

The ever-persisting skill gap

Cybersecurity is an industry that demands hands-on learning. This involves access to tools, platforms, scenarios, and Sandbox labs for learners to experiment, test, and hone their skills. While conventional academia has been commendable, given the digital world is ever evolving and accommodative of new devices, networks, and infrastructure, there’s a perpetual skill gap in this domain.

Individuals looking to build a career in cybersecurity can start with self-paced research and study on the domain to understand the ecosystem and its dimensions. There are several online degrees and certifications courses on becoming a cybersecurity analyst, certified application security engineer, ethical hacker, penetration testing engineer and more where they can enroll in to strengthen their foundation.

For more practical exposure, they can participate in Capture The Flag contests and hackathons to test their expertise, learn from others and build on their skills.

From an enterprise capability perspective, developing cyber security skills demands making continuous learning as part of enterprise culture and the mindset of learners. This can be addressed and mitigated through frequent skill assessments in enterprise workforces, allowing L&D and HR stakeholders to implement strategic training programs and interventions to ensure optimum levels of cyber vigilance at all times.

This can be propelled through collaborations with tech companies and research institutions and through partnerships with prominent workforce development companies. Consistent exposure in this domain and perpetual learning are the only way forward in ensuring our assets are fortified by iron walls from let’s say, quantum attacks.

(The writer is CEO, UNext Learning)

Published on October 28, 2024