Cyber security jobs: why are more firms recruiting hackers?

Cyber security jobs: why are more firms recruiting hackers?

Learn about the cyber security sector, including the history of cyber attacks, what careers are available and whether there is such a thing as an ethical hacker

Tell me, what do you think about when you read ‘cyber security’?

Dark clothed anarchists hunched over laptops? Matrix digital rain? Annoying antivirus updates?

These are just the tip of the cyber security iceberg, a sector that has picked up significant momentum over the last decade.

Of course, this has been matched by recruitment growth, with employers increasing their hiring efforts in an attempt to protect themselves from system attacks.

But just what exactly is cyber security and what is the current state of recruitment in the information security and IT sector?

The cyber security sector: an overview

Cyber security is a fairly new industry.

While ‘cyber’ itself has been used as a prefix for more than 50 years, ‘cyber security’ wasn’t coined until 1989.

Still, the term didn’t really enter popular lexicon until the mid-noughties, but even then was more associated with the military or spy novels.

Times have changed though and the acceleration in internet connectivity has brought cyber security to the forefront of modern business.

Employers are increasingly becoming aware of the dangers that a connected world can bring and are turning to recruitment to counteract the problem.

What is the cyber security sector?

The cyber security sector is concerned with protecting computers (and networks) from damage or unauthorised access. It is a growing field of work that has established a significant presence in response to the rising number of internet-connected devices.

It’s thought that the UK cyber security sector employs around 100,000 people and is worth more than £22 billion to the economy – increasing at roughly 10% year-on-year.

This mirrors a trend that has seen the worldwide market increase by £133 billion since 2004.

Job roles can range from risk analysis to information security, but all are ultimately geared towards safeguarding businesses from cyber attacks.

What is a cyber attack?

A cyber attack is exactly as it sounds. It is an attempt to damage, compromise or infiltrate a computer system.

Cyber attacks can be used to:

  • Steal data.
  • Deny service.
  • Damage systems.
  • Blackmail.

Not all cyber attacks are malicious though, something we’ll go into a little later on…

The first cyber attack: the Morris worm

While a need for cyber security has been created by genuine threats, the first notable attack on the internet was actually an accident – the Morris worm.

In 1988, Robert Morris, a college graduate from Cornell University, created a worm (a programme that clones itself and spreads to other computers) in order to find out how large the internet was.

The mistake? Morris had inadvertently instructed the worm to replicate itself more than necessary, causing it to infect a computer multiple times.

It’s been estimated that around 10% of all internet connected systems were brought to a crawl as a result – the largest attack in history (even if it only equated to 6,000 computers at the time).

It took 72 hours to clear up the virus and Robert Morris became the first person to ever be sentenced according to the computer fraud law.

How many business have been the victims of a cyber attack?

If you’ve paid any attention to the news recently, you’ll have noticed a number of high profile cyber attacks.

In May (2017), the NHS became victim of a global ransomware attack that impacted GPs and hospitals all over the UK. The attack essentially rendered computer systems useless, with attackers demanding $300 in order to unfreeze documents including patient records.

Just one month later, UK parliament was subjected to an attack that saw fewer than 90 email addresses accessed. This, however, was less likely to be a few profiteering hackers and more likely to be a different state (country).

Attacks aren’t just reserved for big names though.

The British Chambers of Commerce (BCC) reported that one in five UK businesses were victims to a cyber attack last year.

According to the Department of Culture, Media and Sport, there also seems to be a correlation between the size of a business and the number of attacks received.

In their Cyber Security Breaches Survey, 68% of large businesses (250 + employees) had experienced an attack. This is 16% more than the small businesses who were surveyed.

Recruitment in cyber security

With attacks (and the awareness of attacks) on the rise, cyber security is the future of IT recruitment. Businesses are increasingly concerned with protecting their networks, and as such, this is likely to make cyber security one of the most lucrative sectors for agencies.

What careers are available in cyber security?

Within cyber security, there are a variety of career paths that a recruitment agency will have to recruit for.

Just some cyber security job titles include:

  • Chief Information Office (CIO).
  • Risk Assessor.
  • Security Analyst.
  • Cryptographer.
  • Security Software Developer.
  • Network Security Specialist.

The National Cyber Security Strategy 2016-2021, has seen nearly £2bn invested into stopping cyber attacks in the UK. More money means more jobs – a fact that has seen a rise in cyber-recruitment.

Skills crisis?

The UK is in the midst of a digital skills shortage, and unsurprisingly, this extends to cyber security.

The number of advertised vacancies for cyber security jobs is on the rise. Between 2014 and 2016, the demand for cyber security professionals rose by 32%, however the number of related job searches was less than a third of those posted.

This has seen the skills gap grow by 5% in the last two years and leaves the UK with the second largest skills gap in the world – only ahead of Israel.

Hackers for hire

Okay, so why do employers want to hire hackers?

Well, believe it or not, there really are business that actually want to employ hackers.

I know, I know, this seems kind of counterintuitive. If you want to protect your systems, why openly hire a person who can hack them?

Well think of it this way instead…

If you want to protect your computer systems, why not hire a person who can hack them and tell you where your weakness are?

You can apply this thinking to other areas.

If someone’s telling you how to protect your home (locks, alarm, etc.), you’d better hope they know how to break into one.

See, there’s method in the madness.

Ethical vs black hat hackers

When talking about hackers, it’s important to make a distinction between the different types.

The words ‘hacking’ or ‘hacker’ have become synonymous with crime and angry tabloid headlines – but they’re not all like this.

Hackers can generally be split into white hat and black hat (although there is also grey hat, blue hat and red hat!).

All you really need to remember is that white hat are the good guys and black hat are the bad guys. In other words, white hat hackers build, black hat hackers break…

Bug bounties

Have you heard about companies rewarding hackers who can break into their systems?

These rewards, known as ‘bug bounties,’ are used to encourage hackers to try and find security weaknesses in an organisation’s computer systems.

From Facebook to Google, some of the biggest companies in the world have a bug bounty program – with tens of thousands of pounds potentially being paid out at a time.

In closing

There’s no getting away from it, we’re all becoming more connected – digitally that is. While this has obvious benefits, it’s inevitable that it will also make businesses vulnerable to hackers and online racketeers.

Is recruitment the answer? Well, with more cyber security positions than ever, employers certainly seem to think so.

The challenge for cyber security then, isn’t just holding back the black hats, but also finding a way to tackle a skills shortage which could curtail future growth in the sector.