Call for action: Building a hub for effective cybersecurity | IGF 2023

8 Oct 2023 04:35h - 06:35h UTC

Event report

Speakers and Moderators

Speakers:
  • Maciej Groń, NASK, technical community, Eastern Europe
  • Anna Rywczyńska, NASK, technical community, Eastern Europe
  • Janice Richardson, InSight, civil society, Australia, Oceania
  • Awo Aidam Amenyah, child online Africa, civil society, African Group
  • Wout de Natris, De Natris Consult – private sector, Western Europe
  • Juwang Zhu, intergovernmental organization, UN DESA
  • MAEMURA Akinori, JPNIC, JPCERT/CC, DotAsia, technical community, Japan, Asia-Pacific Group
  • Mohammad A. Jauhar, YIGF, Internet Society Youth Standing Group, civil society, India, Asia-Pacific Group
Moderators:
  • Wout de Natris, De Natris Consult

Table of contents

Disclaimer: This is not an official record of the IGF session. The DiploAI system automatically generates these resources from the audiovisual recording. Resources are presented in their original format, as provided by the AI (e.g. including any spelling mistakes). The accuracy of these resources cannot be guaranteed. The official record of the session can be found on the IGF's official website.

Knowledge Graph of Debate

Session report

Yuki Tadobayashi

A significant disparity exists between the content taught within universities and the fundamental needs of industries, specifically concerning cybersecurity education. It has been observed, with certain negativity, that universities are becoming entrenched in outdated teaching methodologies. These institutions often prompt students to demonstrate individual brilliance and foster innovation. However, this approach might inadvertently impede teamwork – an integral ingredient for problem-solving in cybersecurity. Moreover, they put an undue emphasis on inventing new technologies, such as AI, instead of instructing students on their secure usage.

Conversely, it is laudable how industry training programmes in Japan effectively cater to the necessities of the rapidly evolving cyber landscape. With an annual budget of $20m, these programmes concentrate on the future of technology. They focus on providing practical education on secure applications of cutting-edge technologies such as cloud security and AI implementation, among others. An outstanding aspect of these programmes is their emphatic endorsement of teamwork, acknowledging the multidimensional nature of tech issues within corporate structures.

Parallelly, attention ought to be drawn towards the untapped potential within industries possessing notable digital aspects. Notwithstanding the escalating level of digitisation within factories, individuals within these workforces frequently fail to recognise potential opportunities to shift towards a career in cybersecurity. To address this issue, a myriad of industry-sponsored training programmes has been initiated in a bid to arm individuals with essential cybersecurity skills. These comprehensive programmes stretch across a year, operating from Monday to Friday, and cover an array of topics including programming, penetration testing, and defence exercises. Intriguingly, they also conduct business-oriented drills, involving briefings to Chief Information Security Officers (CISOs), board members, accountants, and lawyers.

Conversely, the switch to a cybersecurity profession necessitates a substantial commitment of a year, considering the intricate nature of both technological adaptations and legal/regulatory developments. This has triggered a backlash from certain industrial contingents, leading to the suggestion that the demanding duration could potentially deter prospective aspirants.

Lastly, it’s worth considering the ‘security hub’ – a proposed global collaboration platform designed to bolster internet safety. Ideally, this hub should promote less strenuous participation, encouraging involvement across various scales. However, the success of such an endeavour would heavily rely on establishing a network of trust. This brings associated risk as malevolent entities could potential exploit this network, hence careful strategic planning alongside stringent safeguards are indispensable to its development.

To summarise, whilst academia must endeavour to bridge the gap with industrial necessities in cybersecurity education, industry-sponsored training and innovative propositions like the ‘security hub’ offer unique opportunities to enhance cybersecurity skills and facilitate global teamwork. Nevertheless, elements such as the duration of training and trust issues in a collaborative platform require thorough analysis to ensure sustained engagement in these initiatives.

Review and Edit: Look for any grammatical mistakes, issues with sentence structure, typographical errors, or omitted details and rectify them. Ensure that UK spelling and grammar are employed in the text, and correct the same if not. The comprehensive summary should reflect the primary analysis text as accurately as possible. When summarising, aim to incorporate as many long-tail keywords as feasible without compromising the quality of the summary.

Ismalia Jawara

Ismalia Jawara, serving as the chair of the cybersecurity group named Gambia Information Security, has ardently championed the causes of diversity and women’s inclusion in the cybersecurity workforce. This testifies to her dedication to ‘SDG 5: Gender Equality’ and ‘SDG 8: Decent Work and Economic Growth’. Under her stewardship, educational initiatives such as bootcamps have enabled approximately 50 university students to graduate with vital competencies in the cybersecurity sector. The fact that fifteen out of twenty-five individuals holding IC2 cybersecurity certifications are women serves as a powerful testament to the strides taken towards women empowerment within this domain.

Moreover, Jawara advocates for increased cooperation across disparate levels, while also encouraging greater involvement from the global south. Her influential role as a senior security analyst for the Gambia government further allows her to foster partnerships and collaborations with the aim of equipping more people with cybersecurity skills. She explicitly acknowledges Cisco’s contributions in providing free cybersecurity scholarships to disadvantaged communities, a commendable step towards fulfilling ‘SDG 17: Partnership for the Goals’.

Despite these affirmative actions, there remain considerable hurdles in achieving gender equality and workforce diversity in the cybersecurity field. Societal constructs such as gendered toys can have subtle, yet profound, impacts on career choices from an early age. Furthermore, despite concerted recruitment efforts, the quantity of women entering the cybersecurity industry remains remarkably low, necessitating an exploration into underlying issues.

Businesses are now being urged to re-evaluate their practices and prioritise the induction of women in the cybersecurity terrain. Such a shift would not only adhere to ‘SDG 5: Gender Equality’, but also cultivate diversity in the corporate ecosystem. The current recruitment stratagems are often interpreted as intimidating, potentially discouraging prospective female recruits. The exceedingly high benchmarks set also compound entry barriers.

Thus, there is a clear demand for the re-examination and adaptation of recruitment strategies. Emphasising inclusivity in hiring, evidenced when a woman with a legal background performed well in the offered position, could be an enlightened approach. Lowering entry-level requisites may render positions less daunting and far more approachable, thus enticing a higher number of female applications. Such measures could significantly bolster not only workforce diversity and gender parity but also embellish the cybersecurity workforce with a broader selection of viewpoints.

Larry CEO of connect safely

Larry is the dedicated CEO of Connect Safely, a non-governmental organisation (NGO) situated in the heart of innovation—Silicon Valley. This NGO is earnestly committed to issues concerning child safety, privacy, and security for all stakeholders. Larry’s roles are not limited to his leadership at Connect Safely. He is also an influential member of the Youth Standing Group, where he steadfastly focuses on advocating similar protections.

There is a deep-rooted concern about the ever-expanding gap in the cybersecurity field. Despite technological advances, the human capacity to develop solutions is not evolving at the same pace as the escalating complexity of cybersecurity threats. This imbalance emphasises a pressing requirement for further focus in this sector to certify the security of our digital environments.

A notable element is the explicit relevance of diversity, creativity, critical thinking, and holistic cognition skills in tackling cybersecurity complications. It is recognised that a diverse workforce is better positioned to cater to a varied community. Importantly, the possession of holistic and critical thinking abilities, often neglected over technical capabilities, can lead to more effective troubleshooting strategies in this sector.

The active involvement and early exposure of high-school students to the realities of the cybersecurity domain are enthusiastically endorsed. With numerous opportunities available, young individuals could potentially transition directly into cybersecurity roles post-schooling. This practical experience not only guarantees a thorough understanding of cyber infrastructure functions, but it also equips them with valuable skills that supplement their theoretical knowledge.

The significance of real-world interaction, networking, and practical experience in accelerating learning is undeniable. Insights from informal exchanges and networking at events often offer learning experiences far beyond traditional classrooms, enabling an intensified understanding of the sphere.

Despite being known for its stress-inducing nature, cybersecurity is identified as a critical sector offering significant and important jobs. Adequate measures such as satisfactory compensation and clear career advancement options are deemed imperative to maintain a motivated and committed workforce.

These findings intricately link with several Sustainable Development Goals (SDGs), namely Peace, Justice and Strong Institutions, Good Health and Well-being, Quality Education, and Decent Work and Economic Growth. These observations act as a vital reminder of the interconnectedness of various socio-economic, and political aspects in our pursuit of a secure, just, and sustainable future.

Hikohiro Lin

Hikohiro Lin from PwC Japan has specialised in product security, with a special focus on manufacturers and IoT devices. His efforts align with the ‘Industry, Innovation and Infrastructure’ Sustainable Development Goal (SDG), demonstrating a positive stance towards enhancing technological infrastructure. Furthermore, Lin actively advocates for strengthening ties with Japanese manufacturers, thus creating a platform for investment in product security and IoT devices.

In addition to his work with manufacturers, Lin emphasises the importance of quality education in the cybersecurity sector. He deems the collaboration between industry and educational institutions as pivotal in implementing robust cybersecurity training modules. He also underscores the value of experiential learning initiatives such as internships, hackathons and industry conferences in augmenting understanding of the industry landscape and fostering networking among cybersecurity aspirants, thus facilitating decent work and economic growth.

Despite his optimistic outlook, Lin addresses the issue of high job turnover in cybersecurity due to the stressful nature of the work, which often requires 24-hour incident response. Instead of merely increasing salaries as a temporary solution, he advocates for improving the quality of life within the sector. He suggests this could be achieved by providing better professional development opportunities, such as conference attendance and training courses, and promoting a more comfortable work environment.

As a vocal proponent of cybersecurity as a career, Lin describes it as an enjoyable, essential, challenging, and prestigious field, offering job security and constant novelty. He aims to dispel misconceptions and portray it as an attractive profession. He also engages in constructive discussions with high school students, positioning cybersecurity as an exciting career prospect.

In keeping with his belief in continuous development and growth, Lin urges organisations within the cybersecurity hub ecosystem to consider their contributions towards achieving Sustainable Development Goals. This sentiment implies an ongoing self-reflection and conversation on the societal and environmental impacts of the industry.

In summary, Hikohiro Lin’s discourse underlines the importance and potential of cybersecurity in today’s digital landscape, putting emphasis on education, improved working conditions, and its crucial role in attaining Sustainable Development Goals.

Maciej Groń

Maciej Groń expresses robust positivity towards the initiatives of hotlines and help lines, viewed as instrumental in contributing to good health, wellbeing, and fortifying peace, justice, and robust institutions. He recognises these platforms’ crucial role in offering support and guidance to individuals, thereby enhancing societal welfare.

Groń underscores the significant role of universities in achieving quality education and crafting strategic partnerships to achieve broader goals. His belief in co-operating with educational institutions is rooted in the innovative ideas and diverse perspectives emanating from the academic space. Groń sees such collaboration as pivotal in driving progress and achieving sustainable development goals.

He places extraordinary emphasis on cybersecurity awareness and education in our digital age. Groń shows positivity towards cybersecurity training programmes spearheaded by NASC, credited with educating thousands of individuals. Further milestones encompass establishing a cyber science centre and partnering with three universities, collectively working towards bolstering cybersecurity education. These initiatives are reported to have facilitated responsible digital interactions, thereby fostering decent work and economic growth.

Groń also highlights the necessity for international cooperation in cybersecurity. He suggests that such cooperation leads to mutual learning and shared resources, improving cybersecurity measures globally. Policymakers and cybersecurity professionals, according to Groń, must strive to foster international collaborations to combat evolving threats in the digital landscape.

Mirroring sentiments of comprehensive engagement, Groń advocates for strategic cooperation between private and public sectors. He imagines this fusion as a combination of educational efforts and business interests, promoting decent work opportunities and economic growth. He highlights a partnership platform created specifically for cybersecurity, underlining its potential for fostering public-private collaborations.

Groń acknowledges NASC’s positive contributions to establishing a robust national cybersecurity system in Poland. He commends their influential role in steering related legislation, providing informed opinions and recommendations. Notably, he mentions their effective co-operation with the chamber of lawyers, indicating increasingly synchronised work among varied legal entities.

In summary, Maciej Groń emphasises the importance of comprehensive efforts, incorporating diverse sectors, educational institutions, and legal entities to bolster cybersecurity learning, devise efficacious legislation, and construct robust cybersecurity infrastructures. His comments reflect the collective efforts required to navigate complex cybersecurity terrains, accentuating the significance of effective partnerships in accomplishing these goals.

Anna Rywczyńska

Anna Rywczyńska is noted for her legal undertakings at an international research institute, concentrating on aspects of law, research and multinational privacy. She boasts wide-ranging contacts within the multinational privacy and security resource sector, crucial to SDG 16, which encourages peace, justice and robust institutions. Furthermore, since 2006, Rywczyńska has held the significant position of coordinator at the Polish Internet Centre, demonstrating her extensive experience and knowledge in the realm of technology and internet, aligning with SDG 9 which encompasses Industry, Innovation and Infrastructure.

Rywczyńska is a vocal advocate for educational reforms, particularly concerning cybersecurity. She maintains that cybersecurity education should be integrated into both primary and secondary school curricula. Her arguments are underpinned by her participation in a hub focussed on the creation of recommendations for school curricula adaptations to digital transformation. As part of her continued efforts, she retains a productive dialogue with schools to prepare educational materials, organise events, and provide consultation.

However, she also addresses concerns about Poland’s current education system. Rywczyńska highlights that 57% of teachers reportedly believe that the existing curriculum does not sufficiently adapt to the swift progress of technological advancement, with 30% conceding to a lack of awareness regarding complex internet usage among students. These figures support Rywczyńska’s sentiments about the impracticality of the school curriculum, highlighting obstacles including lack of time, unsuitability of the curriculum, and inadequate parental cooperation, obstructing the integration of media education in schools.

Educators, she points out, acknowledge the necessity to include digital competences from the early years of education. This is believed to effectively equip students with the required skills for a digital world, falling in line with SDG 4’s target of quality education for all.

Regarding career prospects in the cybersecurity field, the perception of it being akin to a ‘war zone’ incites negative sentiments. This impression may deter both males and females from entering the field. However, the diversity of competences required in the cybersecurity field is positively received, with the clarification that these skills are not exclusively related to the gaming arena.

Rywczyńska points out the prominent gender gap in IT, stating that more needs to be done to inspire young girls to consider a career in cybersecurity. Educating parents about opportunities in the field and encouraging their daughters to see cybersecurity as a viable career option are essential steps towards achieving gender equality, supporting the SDG 5 goals and ensuring robust economic growth under SDG 8. Unconscious biases often determine student interests, with boys usually opting for coding classes while girls prefer dance classes. As such, challenging these stereotypes forms part of the broader strategy in advancing gender equality in the field of cybersecurity.

Julia Piechna

The importance of involving young individuals in cybersecurity is an issue at the forefront of international discussions, given the ever-rising threats in the cyber domain. Specifically, the Internet Governance Forum (IGF) in Poland has been integral in marketing this involvement. Affiliated with the esteemed United Nations, the IGF in Poland placed a special focus on youth engagement, highlighting the importance of their active participation in this crucial issue.

Tertiary education students’ perspective on cybersecurity is noteworthy, revealing a solid interest and propensity for the subject. Meetings were organised between March and June of 2023 that brought these students into discussions on topics such as cyber policy, internet governance, and human rights in the digital realm. Importantly, 15% of student respondents in the questionnaire had attended university cybersecurity courses, whilst a staggering 71% endorsed that cybersecurity training should be a mandatory part of their tertiary studies.

It is particularly interesting to note from the questionnaire that an emerging academic interest exists among the youth in fields such as artificial intelligence (AI) and cybersecurity. This finding indicates an urgent need for high-quality education and training programmes in these sectors, especially considering that digital careers are expected to dominate the future job market.

However, such enthusiasm is somewhat cooled by a considerable sense of apprehension and concern about potential cyber attacks. Notably, 63% of questionnaire respondents expressed concern about this issue, with 99% pinpointing cybercrime and 97% data leaks as substantial cybersecurity threats.

Julia Piechna’s professional experience presents a compelling argument for incorporating cybersecurity and safety education into the earliest stages of curriculum design. She suggested moving away from traditional teaching methods in favour of more unconventional and engaging approaches. This innovative perspective aligns with the argument that educational methodologies need to adapt quickly to the rapid advancements in technology and the evolving dynamics of the industry.

In summing up, it is clear that equipping young individuals with the knowledge and tools to navigate the cyber domain is of utmost importance. Not only does it prepare them for the future job market, but it also instils a profound understanding of the seriousness of cyber threats. The shift towards more innovative educational methods, coupled with fostering youth participation in forums such as the IGF, offers a promising path for addressing the multifaceted challenges within cybersecurity.

Katarzyna Kaliszewicz

A comprehensive analysis underscores the critical importance of proactive online participant engagement in driving strategic development and policy decisions. This level of involvement was facilitated through digital platforms like menti.com, which engendered an interactive environment for individuals to articulate their opinions. Participants’ collective interaction was enabled using a QR code, and they were invited to join the platform through a shared code.

The necessity of formulating a well-defined strategic plan emerged as a primary area of concern, alongside the requirement for an enhanced online presence. Participants highlighted this through their feedback and prioritisation, demonstrating a strong need for an online platform delivering comprehensive training and workshops, syncing with adult education needs.

The feedback signalled that promoting collaboration among industry professionals, universities, and the cybersecurity workforce is the top priority. This viewpoint indicates a broad consensus on the need to foster partnerships and establish direct links between these sectors to drive innovation, catalyse skills development, and enhance industry-university engagement.

Another top priority identified across all educational levels is the enhancement of cybersecurity skills, underscoring the pivotal role of cybersecurity in contemporary life. This necessity of integrating cybersecurity training at all stages of the educational pathway, from primary school to professional development, has emerged as a core recommendation, aiming at a universally cyber-literate society.

Participants also emphasised the importance of harnessing best practice from the cybersecurity and tertiary sectors. This attention to fostering a culture of knowledge sharing and standardising effective, secure practices is essential for prioritising infrastructure and network security in the broader educational and industrial context.

Raising interest in the cybersecurity industry, both in academia and the vocational space, is another crucial recommendation from the analysis. The promotion of this field is pivotal in harnessing a diverse talent pool, given the escalating demand for cybersecurity professionals.

Significant interest was also voiced in providing online training on emerging topics via digital platforms, with leadership from industry experts. This exhibits the need to maintain a contemporary repository of knowledge and expertise and demonstrates the appeal of accessible, high-quality professional development.

These priorities are notably endorsed by Katarzyna Kaliszewicz, further reinforcing their relevance and signalling the strategic focus that these preferences propose.

The analysis also reveals a growing consensus around the need to have specialised cybersecurity roles within corporate organisations. This perspective is underpinned by the universal interaction with digital technology and data across industries. The comparison with workplace safety specialists, which are commonplace in organisations, substantiates this viewpoint. Especially in sectors like the medical industry, where the integration of digital tools is rapidly increasing, the need for cybersecurity specialisation is paramount.

Lastly, the analysis foresees an impending need for an increased number of trained cybersecurity professionals. A call to action is thereby made to augment and amplify cybersecurity training in anticipation of this demand, mitigating the risk of a significant talent deficit. Emphasising these specific priorities at the core of strategic decision making is imperative, given the ever-evolving cybersecurity landscape.

Wout de Natris

This discourse is centered around two UN Sustainable Development Goals (SDGs) – SDG 4 and SDG 9. SDG 4 seeks Quality Education, advocating lifelong learning opportunities, whilst SDG 9 promotes the development of resilient infrastructure and the nourishing of innovation. In this context, the discussion’s focus is on the practical implementation of cybersecurity and enhanced education.

The dialogue is informed by the International Society of Service Innovation Professionals, Cybersecurity, and Cybercrime Advisors (IS3C), a dynamic coalition within the Internet Governance Forum (IGF) system. This coalition has stressed the diligent efforts of its two working groups, each centring on a distinct facet of cybersecurity.

The first of these groups is set to produce a comprehensive report on the security design of the Internet of Things (IoT). As IoT devices multiply, their security has transformed into a critical focus. The second working group is targeting government procurement and supply chain management, two areas crucial for a secure digital economy. Additionally, the creation of a tool designed to assist governments procuring ICT securely is seen as a adjunctive value addition to bolster cybersecurity.

The discussion unfailingly identified the persistent gap in cyber security education: a gap showing no signs of reducing, thus posing a concerning hindrance to cybersecurity progress. In response, the formation of a cybersecurity hub has been suggested, tapping into the IGF’s vast potential for creating connections and educational opportunities.

Throughout the conversation, a positive sentiment prevailed, suggesting an optimistic outlook towards these proposed strategies aimed at enhancing cybersecurity and education. This positivity underlined the general consensus on the urgent need for pragmatically implementing the knowledge produced in these reports.

Joao Falcão

The cybersecurity sphere offers a myriad of opportunities and challenges. Success in this field requires a profound understanding of a variety of systems, especially in the industrial sector, as demonstrated by Joao Falcao’s visit to a factory. The task of quickly comprehending how different machines operate within a constrained timetable was a significant challenge, emphasising the need to grasp how systems should and should not operate to pinpoint potential security weak points.

Transitioning into the cybersecurity industry, especially for young people, can often be an isolating experience. Joao’s solitary journey of self-education, spent with his computer, encapsulates the daunting task facing newcomers. His struggles on an industrial cybersecurity course, due to his unfamiliarity with machinery and ‘space’, highlight the urgent necessity of practical experience to complement theoretical knowledge. Conversely, individuals switching careers can utilise their previous experience, an advantage often out of reach for those at the start of their careers.

Interestingly, a distinct shift has been observed in the demography of the cybersecurity field. Once mainly drawing the interest of the curious, the sector now predominantly attracts mature professionals. Joao observed that cybersecurity events, previously dominated by interested individuals, are now primarily attended by professionals, spurring the field’s evolution through peer sharing and community building.

Efforts must be significantly ramped up to provide a welcoming avenue for new entrants into the cybersecurity field, particularly the younger generation. Knowledge sharing initiatives and bridging the gap between theoretical understanding and practical, hands-on experience could encourage interest and foster growth in the industry.

Furthermore, company dynamics play a pivotal role in shaping the cybersecurity landscape. Small security-focused teams often shoulder the entire responsibility for company security, which can precipitate relational difficulties due to the imposition of necessary security measures. To mitigate this, a shift in company culture towards a more encompassing acceptance of cybersecurity is needed. A more distributed responsibility for cybersecurity across the entire workforce could promote this shift.

Media depictions of cybersecurity also wield considerable influence, shaping perceptions and fostering interest in the field. Films such as ‘Hackers’ and ‘War Games’ have inspired the ’80s generation. Lastly, a distinct gender gap exists in the cybersecurity realm, underscored by Joao’s failed attempts to hire a woman for an open position. This situation, where the post remained empty until a man filled the gap, illustrates the need for proactive action to improve gender diversity within the industry.

Audience

The discussion encompassed a broad scope of subjects, relating primarily to the domains of education, policy development, and cybersecurity. The principal argument articulated the intimate connection between education and diverse sectors such as policy formulation and cybersecurity. This overlap precipitates an intersectional understanding of these sectors and their importance within our swiftly evolving landscape. The sentiment throughout this discourse remained neutral, delineating an equilibrium in the interconnectedness of these sectors.

A formidable case was made regarding cybersecurity, distinguishing between the discrete entities of cyber-safety and cybersecurity. A former police officer with Europol experience vehemently embraced the interconnectedness of these two concepts. This assertion was fundamentally optimistic, alluding to the common significance of these two facets of digital safety.

The benefits of a well-rounded strategy addressing both aspects were emphasised, underpinned by the argument that a simultaneous addressal of cyber-safety and cybersecurity would optimise results for end users. This stance exhibited positivity, thus accentuating a forward-thinking projection for future cybersecurity strategies.

The discourse then transitioned to the issues faced by smaller island nations, suggesting indigenous cyber community groups as a solution to build and retain cyber skills. Convincing examples from the Samoa Information Technology Association and Tonga Women in ICT were presented, emphasising these groups’ crucial role in facilitating training, industry knowledge sharing, and networking. This viewpoint was positively empowering, fostering a sense of resilience within these small island nations.

The important balance between formal hubs and informal spaces for information sharing was highlighted, resonating with the consensus on the key connect between academia and the industry. This endorsement of both formal and informal information sharing fosters a unified and thorough approach towards cybersecurity.

The focus then shifted to policy formulation, featuring experiential insights from the EU policy cycle that bases its strategy on research findings was a prime exemplification of a research-based approach. The sentiment here was positive, grounded on the EU’s demonstrably effective strategic cycle.

However, a word of caution was raised regarding the necessity for policies to reflect the current online threats accurately. A negative sentiment percolated through during this point, attributable to anecdotal instances when irrelevant policies did not adequately address the evolving cyber threat landscape. The conclusion drawn from this analytical discourse underscored the critical need for adaptable policies that are responsive to the current realities of online threats. Taken together, the discussion offered significant insights into the intersecting nature of multiple sectors and emphasised the urgency for accurate policy creation in response to present cyber threats.

Raul Echeverria

In 2022, a disturbing trend was noted where almost 70% of companies in Latin America reported experiencing some form of cybersecurity problem. This painted a picture of inadequate preparedness for significant cybersecurity threats across the corporate landscape. Notably, the governments of Costa Rica and Colombia faced significant cyber attacks, further emphasising the gravity of the situation.

Interestingly, in challenging business times, companies often resort to cutting their security provisions in an attempt to save resources. However, this approach was questioned as these companies ended up losing millions in cyber attacks, predicaments that are not only costlier but also more disruptive and could have been effectively managed or even avoided with adequate security provisions in place.

On a positive note, awareness of the necessity for widespread, scalable solutions to enhance cybersecurity is increasing. More emphasis is being placed on robust, far-reaching education and training programmes to equip more professionals with essential cybersecurity skills. The adoption of these education and training initiatives are gradually increasing, with instances of new cybersecurity measures being implemented by companies increasing by approximately 10% per year.

However, this progress is overshadowed by the fact that cyber attacks continue to grow far more menacingly, increasing by a worrying 20%, thus pointing to a vast shortfall in the necessary measures. It is evident that current measures are failing to keep pace with the rapidly evolving threat landscape, with it being estimated that at least 200,000 professionals skilled in this sector are needed in Mexico alone to prevent such cyber intrudiations.

In response to these insights, a concerted effort among various stakeholders is being called for. The public sector, private enterprises, and academic institutions are all urged to collaborate to understand and subsequently tackle the cybersecurity challenge. This joint strategy advocates sector-wide implementation of educational programmes aiming to enlighten companies about latent cyber risks and how to prevent potential attacks.

Arguably, certain individuals within the industry have exhibited varying levels of commitment towards these challenges, exemplified by Raul Echeverria who appears not to prioritise cybersecurity as strongly as necessary. Nevertheless, this should not discourage the broader industry from setting appropriate and effective cyber defence strategies.

Additionally, it is suggested that existing corporate culture could also be remodelled. Companies are advised to adopt short-term hiring strategies, whilst simultaneously offering prospective employees a progressive growth plan which exposes them to various areas within the organisation. This would likely attract more professionals to the sector, effectively helping to bridge the existing skills gap.

In conclusion, collaboration involving the public sector, private enterprises, and academic institutions is crucial for the sector to remain secure and efficiently combat ongoing threats to their cyber infrastructure. While certain industry players have demonstrated lesser commitment, it is vital for all players to accord equal attention to these issues to not only thwart cyber attacks but also build a robust workforce for the future.

Denis Susar

The analysis underscores the paramount importance of areas such as e-government, digital skills, cybersecurity, digital harm, and ICTs in the journey towards accomplishing the ambitious Sustainable Development Goals (SDGs). SDGs 16 and 17, which focus on fostering peace, justice, strong institutions and partnerships for the goals, stand at the forefront of these conversations.

Firstly, a resounding call emerges to utilise a hub for capacity building in e-government, which would enhance digital competencies as well as cybersecurity consciousness amongst all 193 member nations. The success of this endeavour is believed to rely heavily on the level of digital literacy and awareness surrounding cybersecurity within the populace.

Secondly, a significant change in perception is presented, advocating the inclusion of digital harms as threats to peace and security. This shift in stance has been partly encouraged by a high-level advisory board’s recent recommendation to extend the definition of threats to include digital harms, thus acknowledging the evolving challenges of the digital age.

The need for cybersecurity within the public sector and ICTs is also given emphasis, with capacity building including engagements with local public officials, thus implying a comprehensive, grassroots approach to addressing these issues.

The report also addresses the vital importance of retaining skilled cybersecurity professionals within the industry. Citing job stress as a key factor causing specialists to leave, it articulates a clear need to establish methods to retain this invaluable talent.

At the heart of the discourse is the role of incentives in fostering a culture of cybersecurity. Large companies, such as Amazon, are highlighted as examples of stakeholders for whom cybersecurity breaches would prove catastrophic. This underlines the vital role that cybersecurity plays in maintaining the health of industries today.

Supporting this assertion are the forthcoming opportunities for global digital compact discussions, due to take place in 2024 and a review set for 2025. These discussions present significant stakes for industry players, policymakers, and cybersecurity professionals alike.

It further suggests that a well-developed cybersecurity hub would most likely be utilised by governments, implying that increasing the competency of such hubs could significantly strengthen national cybersecurity measures.

The need for engagement from the educational sector is also strongly emphasised. A call to break out of conventional silos supports cooperation beyond the IT sector, involving a myriad of sectors, including the motor, fashion, and food industries, amongst others. This integrated approach signals an inventive strategy and is backed by an expectation for more industry participants in the coming year, illustrating a desire for more diversity within cybersecurity dialogues.

Concluding on the note of Denis Susar’s exhortation for industries to “think out of the box”, it sets forth a challenge for industries to step up, collaborate more, and adopt innovative thinking in their quest for more effective cybersecurity solutions.

Janice Richardson

A notable gap exists between the skills fostered in cybersecurity education at universities and the capabilities required in the wider industry. Industry professionals attribute the absence of abilities such as comprehensive holistic thinking, effective communication, and diversity among recent graduates. The education sector recognises the importance of critical thinking, albeit the focus currently tilts heavier towards technical skills like coding and product-specific training.

Addressing this discord, the inception of a multifaceted ‘cybersecurity hub’ is proposed. This critical institution would stimulate synergy between industry, tertiary education, and the younger generation, extending its functions to an international level. Imagined as a nexus for fostering knowledge exchange, providing authentic educational resources, and nurturing understanding of industry-wide best practices – this hub is slated to play a key role in consolidating learning and progress within the cybersecurity arena.

Further insight suggests the essential requirement for the early induction of youngsters in comprehending the functionality of the internet and cybersecurity components. Many reports indicate that young professionals have a limited understanding of the internet’s mechanics, cloud security, and other basics. This finding highlights the necessity of a comprehensive educational base, enabling adaptability to the constantly shifting cybersecurity landscape.

A report citing as many as 67% of respondents from the business and industry sectors implied a deficiency in the transversal skills among cybersecurity graduates, further spotlighting the flaws in the existing education structure. Thus, this perceived insufficiency emphasises the need for the proposed cybersecurity hub.

In terms of diversity, a clarion call has been made for the cybersecurity field to encourage a higher female representation, fostering diversity and inclusivity in technical disciplines. Although explicit supporting facts are not provided, there’s a general positive consensus towards such measures, indicating their significance in catalysing industry growth.

Additionally, an audience speaker stressed the importance of incorporating real-world cases into the strategic planning for the hub, solidifying the requirement for practical applications within cybersecurity education. At the moment, the hub is still in its embryonic stage of development. However, key coordinators, including Janice, are actively seeking public feedback and suggestions, endorsing a collaborative and inclusive approach for this promising initiative. A shared understanding exists that open dialogue will propel the forward motion of the hub’s development, enhancing the strategic focus and operational effectiveness of this indispensable entity.

Speakers

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more