Fighting cybercrime and protecting data in hyperspace conjures images of hi-tech superheroes battling evil hackers, but ensuring our ongoing cyber security is fundamental for all our digital futures.
Hacking from hostile governments, organised crime or even rival businesses is on the rise, with cyber-attacks like this year’s WannaCry demonstrating the power hackers can wield.
Though it’s mostly governments, businesses and other organisations that are in the spotlight, it’s often ordinary citizens who bear the brunt of such attacks. Stolen or compromised data can have devastating financial consequences, reputational impacts and even adverse physical effects.
While cyber-attacks remain a hot topic, behind the scenes both government and business are arming themselves with new tools and new teams of professionals to combat existing hacking threats and defend against future incursions.
As the amount of data shared online increases, so does risk, making cyber security an increasingly critical issue for Government policy-makers, like Pip Wyrdeman, senior adviser at the Federal Government’s Office of the Cyber Security Special Adviser.
"The digital economy has become the economy in Australia and globally and Government is driving towards digital business with the population, asking us to do our taxes online, apply for services online and to do business online," she says.
"The population want to operate online – it’s easy, it’s convenient and it allows us to do things we would never have imagined doing just a couple of decades ago.
"A digital environment relies, fundamentally, on trust. If I’m going to interact with you or your business online, I need to trust that I can do so safely. I rely on cyber security – security in the cyber realm."
Wyrdeman’s office is tasked with developing and implementing cyber security policy to protect government, industry and the community, and while keeping up with the speed of technology is imperative, she feels the biggest challenge is the people who use it.
"A key challenge in this space is to somehow keep up with the speed of technology change, to protect the systems we already have and to work out how to future proof the ones we build from now on," Wyrdeman says.
"But I think the biggest challenge we have is the human challenge. We need to educate and inform people from a very young age about how to operate safely and effectively in a digital world – this is fundamental to security.
"If you know what is needed to use anything safely and confidently, you will be safer than if you don’t know what you are doing or lack confidence. If we can bring both technical security and human understanding together we can have security baked into both our systems and our activities using those systems."
But as we do more business and communication online, securing the data and information exchanged and stored in cyberspace is more important than ever, creating a soaring demand for cyber security professionals and job opportunities far outstripping supply.
Global tech giant Cisco estimates that there are as many as one million vacant cyber security jobs around the world and cyber security experts are predicted to earn 9 per cent more than other IT experts.
But who are the professional working in cyber security? Who are the people guarding your personal and business information and what sort of jobs do they do? A cyber worker herself, Wyrdeman describes the growing variety of jobs available.
"At the moment there are jobs in cyber security across the board, ranging from pentesting, design of secure software, education, law, insurance, policy, data privacy and protection, military, intelligence, engineering of smart cars/buildings/cities – you name it!" she says.
"It’s hard to say what are the specific growth areas are right now, but one of the reasons that we run Cyber Security Challenge Australia for current students is to give our industry partners a chance to design their challenges to meet the needs they have, which gives a message to universities and students about what industry is looking for."
Megan Haas is a Cyber and Forensic Services Partner at PricewaterhouseCoopers (PwC) working with organisations to manage cyber security and privacy, and guard against the threat of online corruption and fraud.
"As cyber security continues to evolve at an increasingly rapid pace, many strategic cyber decisions impacting the privacy and lives of people in society are being made for the first time," Haas says.
"There are a lot of unknowns within the field of Cyber, and PwC leverages its wide industry knowledge to provide value-adding insights to clients on which strategies are more likely to work, and which may not."
With the advent of the Internet of Things (IoT), whereby digital devices embedded in everyday objects become more connected and internet-enabled, interacting and sharing data, the opportunities for cybercrimes increase.
Haas believes attackers are also likely to focus on the rapid growth of artificial intelligence (AI) systems and the opportunity to seize control of them, but while technology provides the opportunity, it’s people that are the key.
"Cyber Security is not only securing networks, but is mainly about managing risks and understanding people – a hacker’s mindset – and how they behave," she says.
"Different threat actors apply different approaches and require different responses, like how organised crime gangs may use emails to send ransomware, while insiders can pose a threat due to their access to systems and data."
In the past, private and public enterprises have used technology to protect their digital assets, and though technology will continue to be leveraged, Haas says that the current cyber risk landscape has brought a shift towards investing in people and training.
"Cyber terrorism is on the rise and cyber security is becoming one of the most sought after areas in industry," Haas says.
"As we move toward a more virtual, agile cloud based environments, this demand will increase further as businesses look to protect against threats to their critical infrastructure.
"The most common challenge we have is to find people who are technically capable, have an understanding of relevant laws, regulations and best practices with a solid grounding in economics and psychology to understand hacker’s mindset.
"The speed of technology innovation means that the demand for these skills will continue to grow for the foreseeable future - individuals with relevant qualifications will be in demand in the market; the work will be varied, challenging and interesting; and financial compensation will be attractive in a competitive market."
The development of relevant degrees, such as RMIT's Master of Cyber Security, are helping to meet the wide array of skills needed by the next generation of cyber security professionals, according to program leader Associate Professor Serdar Boztas.
"The program structure has also been streamlined giving students more options in term of specialisation in the increasingly complex cyber security landscape, with courses covering topics ranging from penetration testing and ethical hacking, to risk management and compliance" he says.
"It's a great time to teach, learn, and practice cyber security."
Story: Daniel Walder