“If we are able to grow a diverse cybersecurity talent pipeline, and also empower everyday people with the knowledge they need to better identify, respond, and report cyberthreats, the future of the cybersecurity industry has the potential to be very, very bright.”
Lisa Plaggemier, Executive Director of the National Cyber Security Alliance
Cybersecurity has become one of the driving narratives of the 21st century. In recent years, cybercriminals have shut down critical national infrastructure, interfered with presidential elections, and held both companies and institutions for ransom. And a growing consumer dependence on interconnected digital technologies has increased the possible vectors of attack by several orders of magnitude.
The Biden Administration has made cybersecurity one of its top priorities. Through a bevy of public-private partnerships, cybersecurity is receiving more attention, more funding, and more resources than ever before. It’s a start. But meeting the nation’s goals on cybersecurity will also require a shift in the general public’s mindset to the point where best cybersecurity practices aren’t just the domain of tech-savvy professionals, but common sense.
October is National Cybersecurity Awareness Month. It’s a time to raise awareness around the importance of cybersecurity and ensure that Americans have all the resources they need to be safer and more secure online. It’s also an opportunity to highlight the essential role that today’s cybersecurity professionals play in making the online and offline worlds safer. Now in its 19th year, National Cybersecurity Awareness Month has never been more important.
To learn more about the state of cybersecurity today, and where it’s going, read on.
Lisa Plaggemier is the Executive Director of the National Cyber Security Alliance (NCSA), where she has served as a board member since 2018. She has held several cybersecurity leadership roles, including Director of Security Culture, Risk, and Client Advocacy at CDK Global; Chief Evangelist at Infosec; and Chief Strategy Officer at MediaPro.
Plaggemier also developed the Certified Security Awareness Professional (CSAP) program, an industry-standard training and certification course in enterprise security awareness. Notably, she joined the advisory board of the 2021 US Cyber Games.
Please note that the following interview is from 2021.
The Covid-19 pandemic had a significant impact on the cybersecurity landscape. With many companies and organizations making quick pivots to remote-work arrangements, it was crucial that cybersecurity practices be adjusted to secure the sensitive information being stored and transmitted outside of traditional offices.
Some entities were more prepared for this than others: tech-native companies like Google had strong cybersecurity cultures to begin with, while legacy institutions like universities had to reinvent themselves practically overnight.
“Educational institutions did a great job of ramping up their digital learning channels during Covid-19,” Plaggemier says. “Unfortunately, in many instances, the cybersecurity of these channels often took a backseat, which has opened up opportunities for hackers. Compounding these vulnerabilities within the education sector is that only 45 percent of K-12 students receive regular cybersecurity awareness education. This has created a perfect storm for cybercriminals looking to gain access to the heaps of sensitive data that educational institutions have at their disposal.”
Today’s cyberattacks are increasingly sophisticated and more widespread than they have ever been. Cybercriminals don’t just target personal data anymore: they also affect critical infrastructure and national elections processes. A list of significant cyber incidents since 2006, compiled by the Center for Strategic and International Studies (CSIS), extends to 73 pages. Between 2019 and 2020, the number of ransomware attacks increased 158 percent in North America alone. The best offense against these threats is a good defense.
“There is a large misunderstanding within the general population that there is nothing they can do to prevent cyberattacks and that breaches will just continue to happen regardless,” Plaggemier says. “But there are some really basic best practices that we all can use that could make a massive dent in cybercrime: things like using password managers with long, complex passphrases, enabling multi-factor authentication, and knowing how to recognize and report phishing emails.”
Human error is a major contributing cause in 95 percent of cyberattacks, meaning the vast majority of cyberattacks are preventable. Just as it’s said that every company is now also partly a tech company, every user of modern tech needs to be adept at applying the basic tenets of good cybersecurity.
“One of the foremost things that we can do to help turn the tables in favor of the ‘good guys’ is to change the prevailing messaging we have been using within the industry away from scare tactics and toward empowerment,” Plaggemier says. “For decades, as an industry, we have been trying to scare people into doing the right things instead of providing them with clear, easy-to-understand guidance around how they can help boost cybersecurity strength. Once we are able to make cybersecurity more accessible and cybersecurity hygiene just as routine as locking your front door, we will be in a much better place.”
Public awareness is one piece of the puzzle in boosting the nation’s cybersecurity. Bolstering the cybersecurity workforce is another. By the end of 2020, there was a need for an estimated three million qualified cybersecurity workers. This number seems to continue to grow. The Bureau of Labor Statistics (2022) projects that the need for information security analysts will rise another 35 percent between 2021 and 2031, making it one of the fastest-growing occupations in the US.
“There is tremendous work being done by the existing workforce, and tools innovation is as strong as it has ever been,” Plaggemier says. “However, with the cyber workforce stretched very thin, and tools only able to pick up so much slack, we need to keep pushing to find new ways to bring in the diverse talent the industry needs.”
Several companies and organizations have stepped up to help. The National Initiative for Cybersecurity Education (NICE), led by the National Institute of Standards and Technology (NIST), has created a program to help equip individuals interested in cyber careers with the resources and guidance they need. IBM has committed to training 30 million people in cybersecurity skills by 2030.
To do so, they have partnered with the U.S. Department of Veterans Affairs (VA), Specialisterne Foundation, and six Historically Black Colleges & Universities (HBCUs) to provide no-cost STEM training and grow a more diverse cyber workforce. These and other initiatives aim to not only expand the cybersecurity workforce but also expand the definition of cybersecurity in the public’s mind.
“Another big misunderstanding about cybersecurity is that you need to be a math and coding lover to pursue a career in the space,” Plaggemier says. “In actuality, all you need to do is like to be a problem-solver and team player. From recruiting to training to coding, there is a job track within cybersecurity for everyone. Therefore, to find success in the field all you really need is a willingness to learn.”
Cybersecurity professionals have a tough mandate. As new types of hardware and software immediately create new vulnerabilities, cybersecurity has to keep pace. But cybersecurity professionals make careers out of staying ahead of the curve and tech giants are on board, too.
Spurred on by the Biden Administration, Google announced in 2021 that it would invest $10 billion over the next five years to expand Zero Trust programs, help secure the software supply chain, and enhance open-source security; Apple, Microsoft, and Amazon have all made their own cybersecurity pledges.
“One of the best things about the cybersecurity field is that it is always changing,” Plaggemier says. “I think eventually security will be more seamless and ‘invisible.’ The promise of technology like Zero Trust means we’ll be more secure without as much end-user friction as we have today.”
There will be more cyberattacks in the future, and they will continue to grow in sophistication. But the future of cybersecurity will not be written by cybercriminals. A current and coming generation of bright young minds has the potential to develop the tools and mindset needed to power a new paradigm in cybersecurity.
“If we are able to grow a diverse cybersecurity talent pipeline, and also empower everyday people with the knowledge they need to better identify, respond, and report cyberthreats, the future of the cybersecurity industry has the potential to be very, very bright,” Plaggemier says.
Cybersecurity is a field practically as big as the internet itself. To learn more about the ways that it’s evolving, check out some of the resources below.
Matt Zbrog is a writer and freelancer who has been living abroad since 2016. His nonfiction has been published by Euromaidan Press, Cirrus Gallery, and Our Thursday. Both his writing and his experience abroad are shaped by seeking out alternative lifestyles and counterculture movements, especially in developing nations. You can follow his travels through Eastern Europe and Central Asia on Instagram at @weirdviewmirror. He’s recently finished his second novel, and is in no hurry to publish it.