It’s a digital future that we are sending students off into and it is paramount that we prepare them for it. One element of increasing importance is cyber-security; Stephen Jones, MD SANS Institute UK and Nordics, makes a strong case for educating students in cyber-security – bolstering their interest in it and making the school and their future a more secure digital environment
The UK is keen to be seen as a digital innovator, which is probably a smart move considering ongoing uncertainties surrounding the details and final outcome of Brexit. However, along with funding developments in areas like 5G, robotics and AI, there must also be a dedicated focus on protecting and securing the nation’s digital infrastructure. This means educating the next generation of (potential) cyber-security professionals not only on IT security but on why this is such a crucial – and rewarding – career option.
We’re already a hyper-connected society. Recent announcements regarding 5G – the next generation standard which will enable a huge number of internet of things (also known as IoT) use cases – mark another step forward in the digitalisation of things, processes, operations and interactions. This is great news, but it’s vital that innovation does not outpace IT security, which is already a costly and sizeable problem.
Securing the future of cyber skills
A recent government survey found that 43% of businesses had experienced a cyber-security breach or attack in the last 12 months. The severity of attacks – and their cost to businesses and the wider economy – vary, but without effective cyber-security measures and skilled personnel, the potential for damage is huge. It is extremely hard to quantify costs but according to Lloyds of London, a serious cyber-attack could cost the global economy more than £92bn.
Currently, it seems many businesses are doing little to address the problem; the same government report found that only 27% businesses and two in 10 charities have any formal cyber-security policy in place. Whilst organisations do have a responsibility to put policies and personnel in place, they also face a major hurdle: a lack of available people with the necessary skillsets.
Going back to school
Re-skilling and training employees on an ongoing basis can help reduce this gap, but the situation is so severe that it must be addressed at the core: cyber-security must go back to school. Most students today are highly digitally-literate. This offers the perfect foundation upon which to introduce new skills and cyber-awareness, leveraging an existing knowledge of technology.
Given the current – and growing – cyber-threat landscape, this approach should be considered a ‘must-have’ rather than ‘nice-to-have’ for any educational institution. An ‘always on’ usage of social media platforms and online accounts at home, for instance, should be complemented at school – and from an early age – by basics like password management, digital footprint and privacy settings.
Bolstering an interest in cyber-security
This needs to go one step further, however, and begin to introduce to students – and their parents and teachers – the basics of what it takes to become a cyber-security expert and to help develop an understanding of cyber-security as a cool, fun and lucrative career choice. Even for those who had never considered themselves as technically gifted.
Of course, this has the added advantage of pointing those pupils who are already playing around with hacking, in the right direction rather than them potentially drifting towards the ‘bad side’ – where they will only be contributing to the problem rather than helping to solve it.
Fortunately, this approach has had government backing. The UK’s National Cyber Security Strategy was launched in 2016 and sets out a number of initiatives aimed at improving cyber-security skills throughout the school, higher- and post-education sectors. This includes £20m of funding allocated to its Cyber Schools Programme, which is designed to give children aged 14 to 18 clear pathways into the cyber-security industry via direct contact with industry experts.
The programme was launched last year as Cyber Discovery. Aiming to tap into undiscovered cyber-security talent, Cyber Discovery provides a comprehensive cyber-security curriculum delivered through a series of online challenges and training. This allows students aged between 14 and 18 to either learn and progress outside of school hours in their own time or as part of a Cyber Discovery club. The programme takes the crucial approach of building on pupils’ existing knowledge of technology, in order to create cyber-security knowledge.
Gamification – which has been heavily integrated into the Cyber Discovery programme – is one example of a learning style which has proven successful with pupils. Twentieth-century theorists Jean Piaget and Leonard Vygotsky argued that play is a crucial component of cognitive development from birth and through adulthood; an attitude which prevails today but is perhaps under-actioned by many schools and colleges.
Given the shift towards digital gaming over the past two decades, this approach offers the perfect complement to cyber-security course content. Using personal devices to complete learning-based ‘games’ and leveraging online portals for competitions, hackathons and collaborative projects are successful methods of engaging, immersing and educating pupils in cyber-security.
This approach has even proven successful in the workplace; according to a recent report, 96% of businesses that use gamification in the workplace reported seeing benefits and almost all believe that gaming affords players the experience and skills critical to cyber-security, including logic and perseverance.
Teaching teachers, teaching children
Embarking on programmes like Cyber Discovery is great for those children with the time and resources to follow a curriculum outside of school. However, it’s also important that cyber-security education becomes an integrated part of all school curricula and budgets. Just as UK business and industry are facing a cyber skills shortage, many schools have also struggled to hire the teaching talent necessary to implement cyber education.
Almost 70% of teachers in the UK do not think they can teach code effectively to schoolchildren because of a lack of skills and teaching tools, according to research by YouGov. Almost 40% said they do not have access to the right technology software to teach coding. Coding is a crucial part of any cyber-security role, with a lack of knowledge in this area contributing to the skills gap; 44% of tech employers said coding faced the biggest skills gap, while 60% of employers said coding will be one of the most important skills for entry-level tech employees.
Funding the foundations
Again, several pledges have been made to support school leaders in attracting and retaining teaching talent. As part of the 2017 Autumn Budget, £84m was committed to upskilling computer science teachers, which was followed by an announcement in May this year that the National Centre of Computing Education, along with 40 schools across the UK, will be part of a programme to train up to 8,000 computing teachers on digital skills. The 40 Cyber Schools Hubs will host events, trial cyber security content, develop new ways of engaging pupils and build educational resources for teachers.
Stimulating and sustaining growth in the cyber security sector will take a collaborative, nationwide approach. Government funding, appropriate allocation of school budget, and backing from industry bodies and tech companies are all required to help train teachers, and to educate schoolchildren. As well as unlocking career opportunities in cyber-security, equipping pupils with IT skills will allow them to safely navigate our digital world – for the benefit of themselves, and the wider UK economy.