Equifax. Yahoo. The Democratic National Committee. Your email inbox. Your home.
The amount and frequency of hacks and data breaches is skyrocketing, rising more than 142 percent since 2012, from 471 to 1,140, and those are just the ones we know about, according to the California-based Identity Theft Resource Center.
As the world becomes increasingly more technologically complex, so have the tactics and tools used by hackers, said Joe Provost, CEO of Worcester cyber defense consultants Syncstate.
Specifically, the delivery of malware is improving, he said.
“We seem to have the same problem where they’re able to get a message across and entice the right person to follow the trail and click on the link,” Provost said.
Yet as attacks rise in frequency and complexity, the people entering the cybersecurity field isn’t keeping up, as estimates anticipate a shortage of between 1.5 and 3.5 million professionals globally in the next four years.
Training in the war room
Provost, an experienced and qualified cybersecurity expert, said it would take him about 30 seconds to assume the identity a Worcester Business Journal reporter. To do so would entail just downloading software from the dark web and sending an email attachment.
The effectiveness of advanced hacking is compounded by cybersecurity professionals’ dependency on preventative tools rather than understanding the science behind them, Provost said.
To help close that skills gap, Provost opened the New England Cyber Range in Devens, a computer lab where cybersecurity professionals can train and hone their skills by learning outside of the classroom or office. The range partnered with Bridgewater State University and UMass Amherst and is working with cybersecurity firms to help train employees.
“It gives you hands-on practice to see how to react, when to react and what tools to react with,” he said.
Provost pointed to increasing collaborations between government entities, colleges and companies poised to begin closing that gap, like Gov. Charlie Baker’s Cyberseucity Growth and Development Center at the Massachusetts Technology Collaborative, announced in September.
The center will work to support the industry and provide development support and increase the cybersecurity talent pipeline in the state.
Lack of workers, interest
According to the U.S. Bureau of Labor Statistics, information security analyst jobs are growing at an impressive clip – from 72,670 in 2012 to 98,870 in 2016 – but Provost said that growth coupled with the parochial style of teaching is leading to the shortage.
Data from a recent survey commissioned by defense contractor Raytheon, which has offices in Marlborough and Northborough, suggests Millennials aren’t interested in those jobs.
Globally, 37 percent of survey respondents said a teacher discussed cybersecurity with them as a career choice, which has tripled since the 13 percent reported in 2013. More than half of respondents said they’re aware of the range of responsibilities that a cybersecurity job entails.
Despite the awareness, only 38 percent of Millennials were more willing to consider a career in cybersecurity than a year ago, unchanged from last year.
According to a 2015 report from Texas business consulting firm Frost and Sullivan, there will be a global workforce shortfall for all cybersecurity of 1.5 million by 2020. A more recent report from California-based Cybersecurity Ventures estimates a shortage of 3.5 million workers by 2021.
Teaching cybersecurity’s importance
Stephanie Weagle, vice president of marketing for Marlborough-based Corero Network Security, said companies need to take Provost’s approach and partner with college students to raise that career interest.
Corero protects hundreds of clients from DDoS attacks, which are intended to take a network offline by overwhelming it with information. Those attacks are increasing, and Corero’s clients now report about four DDoS attacks per day, and they’ve doubled in the last two quarters, Weagle said.
With research and development centers in Scotland, Corero works closely with colleges there to attract top talent. Weagle said the company hasn’t been the victim of the skills gap.
Instead, Weagle called for a larger understanding of the cyber threat landscape for future young professionals.
The Raytheon study found 63 percent of global respondents click on links even if they aren’t sure if the source of the link is legitimate, and the portion of U.S. young adults who share passwords with non-family members nearly doubled from 23 percent in 2013 to 39 percent in 2017.
“Until you’re in the working world and seeing this happen on a regular basis, it’s not something people are talking about everyday,” Weagle said.
Millennials, the generation seemingly attached to devices and always plugged in, should represent the new wave of cybersecurity professionals and slow these data breaches, Weagle said.
“If a group is to take advantage of that career opportunity, [Millennials] could be the one,” Weagle said.
Part of the solution
Interest in Worcester Polytechnic Institute’s cybersecurity program, however, is growing, said Suzanne Mello-Stark, a computer science professor.
She’s the program manager for Scholarship for Service, a program funded by the National Science Foundation giving students studying cybersecurity a scholarship including tuition, stipends and fees in exchange for the student taking summer internships and post-graduation employment with the government.
The demand is growing for those government jobs, Mello-Stark said, as there are about 42,000 open cybersecurity jobs in government agencies.
Interest in that program, she said, has tripled since 2015.
In addition to a cyber summer camp funded by the National Security Agency, the WPI’s cyber program is rigorous, requiring students to solve real-world cybersecurity problems as part of graduation requirements.
“We’re trying to be part of that solution here,” Mello-Stark said.