CYBERCRIME is never far from the headlines in our digital world as hackers and scammers dream up increasingly inventive ways to part us from our money.

Neither is Scotland’s fine pedigree in the field long out of the public gaze – just last week Glasgow-based Vistalworks was chosen to be part of the National Cyber Security Centre’s “Cyber Accelerator” scheme, which encourages new products, skills and growth to help make the country safer to live in and work online.

Across the UK last year £190 billion was lost to cybercrime from a global figure of $2.2 trillion (£1.68tr), but industry leaders have warned that a proactive approach will have to be taken to address a serious shortage of cybersecurity skills.

This is despite universities and colleges offering an extensive range of courses on various cyber subjects, the first of which was an ethical hacking degree launched by Abertay University in Dundee in 2006.

The personnel shortage is not restricted to Scotland, as illustrated by a report from the Department for Digital, Culture, Media and Sport last year.

Its Cyber Security Skills in the UK Labour Market 2020 paper said nearly half (48%) of all UK businesses have a basic technical cybersecurity skills gap and three in 10 have an advanced technical skills gap.

The report also found that 26% of Scottish businesses struggled to find cover for cyber security personnel when they take time off work.

“Scottish businesses need partners that they can work with to provide the expertise and services they lack in house,” said Simon Turner, regional vice-president for Western Europe, Palo Alto Networks’

“Whilst it is undeniably a work in progress, the Scottish cybersecurity sector is gaining momentum. The Scottish Cyber Cluster Analysis Report published by ScotlandIS this week revealed that there are now 230 cyber security companies operating in Scotland, comprising both homegrown businesses and an increasing number from outside Scotland.

“Many of these homegrown businesses are university spin-outs, which shows just how important it is to ensure that the teaching and facilities on offer to Scottish students is of the highest quality.

“It is for exactly this reason that we launched the Cyber ACES and Cybersecurity Academy programmes and continue to work with academia in Scotland to provide expert teaching and technology.”

Callum Campbell, a cyber security lecturer at Glasgow Clyde College, told The Sunday National it was widely accepted the security skills gap was “massive”, largely because we are not proactive enough.

He said: “Security has traditionally been an afterthought, we have worked on a reactive premise, waiting until something breaks or is breached, and then look at how to fix it, even then it would be a minimum fix or patch. Over the last year I have spoken to public sector compliance regulators, energy companies, private sector disruptive companies and established private sector companies with respect to security.

“Only the disruptive companies have a forward-thinking adaptive security posture. The others have a flat security posture, and the simple reason for this is that they don’t have the staff with the required security skills to move the companies forward in terms of posture.”

Campbell said the gap was likely to widen further as the operation technology sector (OTC) shifted towards greenfield industrial internet of things (IIOT) devices by as much as half by 2025 – a natural development from the personal IoT we have now. He said: “Given the sheer amount or proprietary platforms they utilise, and the protocol stacks, they simply do not have the staffing in the security sector, this is clearly a concern given it drives infrastructure. The security skills shortage in IT will be a drop in the ocean in comparison.”

Turner said government and industry would have to work together to develop the skills ecosystem needed for the future: “It is for governments to set the overarching policy foundations that address the skills gap, and industry to act as a force multiplier and help to develop tangible initiatives that advance the cybersecurity skills ecosystem.

“We must work collaboratively with academia too, to help direct research and ensure the sector is equipping the future workforce with the next generation of skills that businesses need.”

Certainly academia has a huge part to play, but while students may be graduating from cyber courses, Campbell said only up to a fifth were making their career in the sector, despite the high rewards.

He said: “I had an email this week from a current student who has been offered employment with a major bank as a cryptographer analyst, that shows two things, one there’s a skills shortage and two, it’s very possible to gain employment in cyber security, without a degree, in an amazing role. It simply takes hard work and dedication.”

CAMPBELL added that we all had to change our approach to security, as well as becoming more proactive to approach the skills gap, working together, learning and sharing.

“This is a massive paradigm shift, of which many organisations are intransigent in nature, and simply don’t buy into that fact we need to change our cultural approach to security.

“It has to be considered at the onset of any project, not once it is complete.

“Fundamentally we need to address this as a culture change for society, educate children from a very young age, let them have the mindset that security is important to everyday life and how to implement it.”