Certification Survey Extra is a series of periodic dispatches that give added insight into the findings of our most recent Certification Survey. These posts contain previously unpublished Certification Survey data.
Discussions of organizational cybersecurity, whether centered on private-sector companies, government institutions, public service entities, or some other important group, generally point to individuals within the organization as being the most vulnerable point of attack. Not specific individuals, just people in general.
The problem, reiterated time and again, is that people tend not to follow, and sometimes are not even aware of, cybersecurity best practices. Today's children grow up knowing more about technology than any previous generation, but may not be any better educated about cybersecurity when they become tomorrow's employees than what is now commonplace.
Appeals to government are perhaps most often made when a critical mass of the citizenry — which, surprisingly frequently, is not the same thing as a majority of the citizenry— agrees that this or that important subject is not being taught correctly, or not being taught to a sufficient degree, or not being taught from the proper perspective, etc.
The obvious benefit of more proactively teaching cybersecurity in public schools is that kids would learn and understand the role that each individual must play, as well as develop good security habits, much sooner than might otherwise be the case. A key secondary benefit, however, is that more children might take an active interest in cybersecurity and eventually choose to pursue it professionally.
Given the worldwide shortage of skilled cybersecurity professionals —it's estimated that there there are currently more than 3.5 million unfilled cybersecurity jobs — the value of exciting young minds about cybersecurity career prospects can almost not be understated.
Taking all of that into account, should governments make more of an effort to layer cybersecurity into public education curriculum? Should they go so far as to mandate its inclusion? We put both questions to the certified security professionals who participated in our recent Security Certification Survey. Here's what we learned:
Statement 1: Government should aggressively promote cybersecurity curriculum in public education.
Strongly Agree: 40.9 percent
Agree: 44.3 percent
Neither Agree nor Disagree: 11.4 percent
Disagree: 2.3 percent
Strongly Disagree: 1.1 percent
Statement 2: Government should mandate cybersecurity curriculum in public education.
Strongly Agree: 25.7 percent
Agree: 32.6 percent
Neither Agree nor Disagree: 30.3 percent
Disagree: 8 percent
Strongly Disagree: 3.4 percent
Bearing in mind that we're speaking to people who engage is cybersecurity pursuits for a living, there's still a remarkable level of consensus here. Especially when we ask whether government should simply make a concerted effort to get cybersecurity into public education curriculum. Not even 4 percent of respondents disagree, and only 11.4 percent would prefer to punt.
Everyone else either agrees (44.3 percent of those surveyed) or strongly agrees (40.9 percent) that government should get this ball rolling. It's interesting to note that, while most people, at least in theory, resent the notion of a government's telling them what to do, even switching from 'aggressively promote' to 'mandate' only dampens enthusiasm somewhat.
If we're talking about government putting its foot down, then 11 percent of respondents disagree, and the number of people punting on the question shoots up almost a full third of those surveyed. Even here, however, we've got almost 60 percent of survey takers expressing either support (32.6 percent of respondents) or strong support (25.7 percent) for direct intervention.
Whether or not cybersecurity does, in fact, become an important part of public education in the near future, there are certainly people who'd like to have their elected representatives pushing the issue.