More security experts needed
November 26th, 2009
CYBERJAYA: The International Multilateral Partnership Against Cyber Threats (Impact) believes that what the world needs now is more cybersecurity experts.
Although it may sound less whimsical than the famous song, in reality, Impact said cyberspace is ever changing and the number of threats is growing everyday.
Threats are also getting more sophisticated and targeted compared to 10 years ago, said Philip Victor, Impact centre for policy and international cooperation, head of communications and outreach.
Aside from attackers being driven by financial gains from attacking global systems, Philip said that terrorists are also turning to the Internet to launch their attacks or execute their plans.
One of the more popular example of the realities of a cyberattack is the 2007 cyberwar in Estonia where attackers launched distributed denial of service (DDoS) attacks on Estonian websites including the Estonian parliament, banks, ministries and newspapers, he said.
Although the attacks may seem low-tech, a DDoS attack can disrupt everyday activities that require Internet connectivity.
“Unfortunately, there’s a lack of global cooperation to fight this due to the shortage of information security professionals,” Philip said.
In Malaysia, he said the information security professional to population ratio is 1:20,000.
“We believe the number of security professionals is growing but as the Internet population increases, we will need more,” he said.
Working towards this effort, Impact has alligned with information security certification company ISC2 to provide information security training to Impact partner countries.
“This is in line with our mandate of operationalising the Global Cybersecurity Agenda (GCA)in escalating cybersecurity capabilities to better defend againts cyberthreats,” said Datuk Mohd Noor Amin, chairman of the Impact management board.
The GCA is the United Nation’s International Telecommunication Union’s framework to enhance confidence and cybersecurity in the information society.
Through this agreement, ISC2’s certification courses such as the Certified Information Systems Security Professional, Systems Security Certified Practitioner and the Certified Secure Software Lifecycle professional will be offered in Impact’s partner countries to enhance the organisation’s position in providing a holistic approach to public sector cybersecurity.
Impact will kick off the first course, the Systems Security Certified course, in Africa in the first quarter of next year.
“Africa is a continent with growing Internet users so its logical to train security profesionals there to ensure its cyberspace is safe,” Philip said.
Impact and ISC2 are expecting 100,000 security professionals to be trained through this partnership.
“We will be working with governments to realise this goal in order to provide enough security professionals for the world,” Philip said.
W. Hord Tipton, executive director for ISC2 said the organisation is happy to work with Impact.
“We jointly believe that only by professional development can we enable the community to protect against cyberthreats and we look forward to educating more individuals,” he said.