Certification Survey Extra is a series of periodic dispatches that give added insight into the findings of our most recent Certification Survey. These posts contain previously unpublished Certification Survey data.
It's you. The problem is you. OK, maybe not you specifically, but "you" in the sense that each of us represents an individual facet of the collective mass of humanity. It's all of us, really. We can't be trusted to be smart, or even educated, about cybersecurity.
The lack of knowledge has consequences for everybody. Because in much the same way that no man is an island, no cybersecurity incident happens in isolation, and the ripple effects are not limited to stolen data and compromised systems. Billions of dollars are essentially set on fire each year through remediation and restoration in the aftermath of damaging breaches and attacks.
Many if not all of those breaches and attacks could be prevented if individuals were better trained and more knowledgeable about cybersecurity best practices. Software vulnerabilities both receive and deserve a lot of the blame for digital malfeasance. It has almost always been, and probably almost always will be, however, easier to hack people than to crack computer code.
Parents and others often complain about what children are taught in public schools, and politicians have made many different attempts (sometimes fumbling, sometimes heavy-handed) to tweak and regulate curriculum. Given the critical importance — as noted above — of cybersecurity awareness and cybersecurity skills, however, it's somewhat surprising that there isn't more of an outcry about beefing up cybersecurity curriculum.
The obvious benefit of more proactively teaching cybersecurity in public schools is that kids would learn and understand the role that each individual must play, as well as develop good security habits, much sooner than might otherwise be the case. A key secondary benefit, however, is that more children might take an active interest in cybersecurity and eventually choose to pursue it professionally.
Given the worldwide shortage of skilled cybersecurity professionals —it's estimated that there there are currently more than 3.5 million unfilled cybersecurity jobs — the value of exciting young minds about cybersecurity career prospects can almost not be understated.
Taking all of that into account, should governments make more of an effort to layer cybersecurity into public education curriculum? Should they go so far as to mandate its inclusion? We put both questions to the certified security professionals who participated in our recent Security Certification Survey. Here's what we learned:
Statement 1: Government should aggressively promote cybersecurity curriculum in public education.
Strongly Agree: 43.7 percent
Agree: 38.3 percent
Neither Agree nor Disagree: 14.1 percent
Disagree: 2.4 percent
Strongly Disagree: 1.5 percent
Statement 2: Government should mandate cybersecurity curriculum in public education.
Strongly Agree: 28.1 percent
Agree: 36.5 percent
Neither Agree nor Disagree: 25.1 percent
Disagree: 6.9 percent
Strongly Disagree: 3.4 percent
It's important to take into account that we're speaking to people who engage in cybersecurity pursuits for a living. Even so, however, there's still a remarkable level of consensus here. Especially when we ask whether government should simply make a concerted effort to get cybersecurity into public education curriculum. Not even 4 percent of respondents disagree (on some level), and only 14 percent would prefer to punt.
Everyone else either agrees (38.3 percent of those surveyed) or strongly agrees (43.7 percent) that government should get this ball rolling. It's interesting to note that, while most people, at least in theory, resent the notion of a government's telling them what to do, even switching from "aggressively promote" to "mandate" only dampens enthusiasm somewhat.
If we're talking about government putting its foot down, then 11-ish percent of respondents disagree, and the number of people punting on the question shoots up one-fourth of those surveyed. Even here, however, we've got almost 60 percent of survey takers expressing either support (36.5 percent of respondents) or strong support (28.1 percent) for direct intervention.
Whether or not cybersecurity does, in fact, become an important part of public education in the near future, there are certainly people out there who would probably like to have their elected representatives pushing the issue.