As new threats from ‘weaponisation’ of AI to the Internet of Things serve to increase the number of avenues open to potential cyber-attacks, companies are pushed to find more effective ways of recruiting new talent to mitigate them.
Adrian Davis, Director of Advocacy, EMEA, at (ISC)² explains that this comes at a time when data privacy laws such as GDPR are adding to the pressure and when we are already set for a shortage of 350,000 cyber security workers across Europe by 2022.
It’s time to move away from current recruitment practices and the traditional candidate profile. In our recent (ISC)2 podcast ‘AI Storm in a Teacup’, Brian Higgins, formerly of the National Cyber Crime Unit, noted that SMEs may well be best positioned to lead this change.
In an early indication of the threat, experts recently warned that artificial intelligence could be ‘weaponised’ to create virtual hackers with cognitive capabilities that get smarter every time an attack is repelled. AI hackers would have limitless time and patience at their disposal and, they would be free of the biological, legal or ethical constraints on human hackers. In addition, the expansion of the Internet of Things is rapidly widening the attack surface.
One of the first priorities to help mitigate growing threats is to find a more effective and open way of recruiting new cyber security talent from a wider pool of candidates.
In large enterprises, recruitment is often handed over to HR departments with an ingrained corporate culture reflected in their outdated recruitment methods and job profiles. But, as Mr Higgins explained, SMEs are likely to spend more time and effort finding the right person for the role rather than handing over the job to some faraway HR department.
SMEs cannot compete with big brands for a small pool of qualified cyber personnel who command enormous salaries, so they have an incentive to unearth or retrain new talent. They also have the ability to start afresh and create a new job candidate profile, free of the need to fit in with a large existing workforce or corporate culture. With 6 million SMEs in the UK, they are perfectly positioned to lead the drive to expand and diversify the cyber profession.
One example is Titania, a pioneering tech organisation that transformed its recruitment process and workplace culture to attract more neuro-diverse candidates. This included creating an autism-friendly workplace, promoting them as a neuro-diverse company and looking at job profiles that did not exclude people who may be technically-gifted but lack communication skills.
There is wider evidence of this, with over half of UK SMEs recently found to have diverse workforces with over two fifths revealing they have senior female employees, and a third said they would make adjustments for disabled employees.
Evidence shows that recruiting for aptitude rather than ‘techie qualifications’, can also help unearth genuine talent. Some organisations have used innovative amateur competitions and advanced psychometric tests to find unqualified talent in all walks of life. These people can be quickly trained or transitioned from other careers into cyber security.
SMEs are ideally positioned to establish a new style of recruiting talent that reaches a broader talent pool, from neuro-diverse individuals to more female candidates. SMEs have the potential to become the driving force behind revolutionising cyber security recruitment and plugging the UK’s cyber security skills gap.