Connect with us

Business

Why the lack of quantum cybersecurity skills is a powder keg

Source: Finance Derivative

There is a clear shortage of trained cybersecurity professionals and a need to close the gap. Although there has been a decrease in the skills shortfall over the last year (3.12 million to 2.72 million), the world is effectively missing the equivalent of a major city’s worth of workers to secure valuable data. This would be a major problem in ordinary times, but these aren’t ordinary times.

The effect of the last two years has meant that fraud is increasing while the ability for professionals and new entrants into the field is reducing. Additionally, new technology threatens to make existing cybersecurity skills obsolete and renders many of the forms of protection they rely on null. However, before we explore that threat and its ramifications, it’s important to look at the current problem.

Why is there a serious shortage of cybersecurity professionals?

Cybersecurity is a growing industry, with Germany seeing growth of as much as 165% in 2021, and cybersecurity professionals typically report very high job satisfaction. However, one of the major barriers to a skills shortage seems to be the complexity and ever-evolving nature of the role. It is difficult to keep up with a changing security ecosystem when cybersecurity teams are facing an increasing workload and burnout, and HR departments find it difficult to hire candidates with the right skills.

Many current cybersecurity professionals say that their companies don’t understand the skills necessary to work in cybersecurity, demanding an unrealistic level of experience and certification and ignoring the varied paths that people take into the profession. Because people with high levels of security training are rare, compensation needs to be set at a high level, and even though pay in the industry is typically very good it often falls short of what highly skilled and experienced people expect.

Cybersecurity skills shortage: an impending threat

This shortage in skills comes at a time of growing cybersecurity threats, but there is a way in which it can get worse. Quantum computing has long been theorised but only in the last few years have working prototypes emerged. By using the counter-intuitive effects that emerge at very small scales, where an object can be in two places at once or can ‘entangle’ with another object so that they continue to affect each other across time and space, scientists have developed computers with capabilities that far outstrip conventional computers based on a binary logic where everything is either a zero or a one.

This is a major problem for the cybersecurity industry because many forms of encryption that secure valuable data are not literally impossible to crack but so time consuming that it could potentially take billions or even trillions of years to do so. Imagine trying to guess a four-digit numerical PIN – it would take a maximum of 9,999 tries before you were guaranteed to get the right number. For an 8 character password that uses numbers and lowercase and uppercase letters that time increases to 92 years with a traditional CPU. The linked article shows how even with a $5,000 investment in graphics processing units this time can be taken down to minutes, hence why passwords are often longer and more complex. Clearly, guessing PIN numbers at an ATM or a password to a user account isn’t possible – both lock after a certain number of tries. But what if you had an encrypted file?

It is relatively easy for bad actors to acquire large amounts of data, but nearly impossible for them to make use of it because it is secured, often with Private Key Infrastructure (PKI). Although there are more efficient ways to crack this encryption than the simplistic ‘brute force’ attack outlined above, they also take a prohibitively long amount of time – unless an assailant is using the raw power of a quantum computer. This could lead to scenarios in which bad actors take data now and store it until they have access to quantum computers that can break its encryption. Most of this old data will be worthless or out of date, but there may be enough to damage an organisation’s finances or reputation.

Quantum-safe forms of encryption exist, and some are in use today, but ensuring that every part of a company’s infrastructure is safe from an evolving threat that is still only in the realm of theory is going to be a major challenge.

Cybersecurity in a post-quantum world

Governments, militaries, energy companies, banks and other organisations with critical data are already working to secure themselves against quantum computers. The US has recently worked to ensure that all of its information classified as ‘Top Secret’ and above be encrypted with quantum-resistant security. They aren’t the only organisations that will be affected – any and every company with a digital presence needs to reckon with this, and how to go about encrypting their existing data. This could potentially be a major project for even a small company, and people with the skills to do it are in short supply.

Identifying data that is vulnerable to quantum computing, finding ways to secure it and keeping up with new developments in this technology is a full-time job, and cybersecurity professionals are already overstretched. It is likely that existing cybersecurity professionals will need to train to understand the threat and continually update their training as the threat actualises, and that the training given to new cybersecurity professionals will have to change dramatically.

There needs to be a large-scale realignment in cybersecurity aimed at getting more qualified workers into the industry, helping decision-makers understand the issues and preparing the current and future workforce for a quantum computing age. This would undoubtedly involve all corners of the security ecosystem, including professional bodies, the education sector, and technology providers who can provide the hardware, software and solutions that security professionals will use.

Preparing to be quantum secure will be a major project, but it is essential.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

How Agile practices can transform people operations

Bryan Stallings, Chief Evangelist, Lucid Software

Fostering a positive workplace can be more challenging today than in years past. As hybrid work solidifies itself as the standard, HR professionals are tasked with navigating a more complex set of responsibilities and expectations. For instance, employees may feel that having a desirable work-life balance is as important as other company-provided benefits, and they may request additional support to accommodate their expectations. While this adds a layer of complexity to the traditional HR role, it presents an opportunity for HR leaders to improve the current workplace experience and differentiate themselves from competitors in order to attract and retain the best talent.  

With 57% of employers having hard-to-fill vacancies, adopting an approach to HR that offers this flexibility can help create the workplace experience needed to attract the best talent in the coming years. Agile practices could support this necessary shift, helping to support people more effectively in an uncertain and turbulent environment.

Agile – supporting a changing workforce 

Traditional HR departments are often perceived as rigid bureaucracies, reliant on established policies and procedures to preserve the status quo. However, organisations increasingly recognize the need for a more agile approach to HR to meet the demands of a dynamic workforce.

The agile mindset encourages flexibility to create and respond to change, test our ideas, and succeed despite the uncertainty that emerges during an initiative. It recognises that the requirements of any initiative are emergent – rather than defined prior – and so teams can  prioritise working closely with stakeholders throughout and in response to change. 

Taking an agile approach to traditional HR functions also improves performance more broadly. For instance, in performance management, managers provide more consistent and relevant feedback so employees are aware of their strengths and areas of growth in real time. Rather than waiting for annual performance reviews, employees working in an agile environment are cognizant of what they need to improve through ongoing communication and collaboration with colleagues. 

Putting agile into action

As HR professionals learn and instil agile practices in their organisation, the journey encourages them to look beyond traditional hierarchy and management philosophies. However, it’s important to recognize that outside of IT and technology spheres, many employees may be unfamiliar with agile ways of working, which can hinder its initial acceptance.

For instance, when selecting members for a team, prioritising an individual’s skills over their seniority can lead to significant productivity improvements by better aligning project ownership with capabilities. To achieve this, first identify the skills your individual team members have and then visualise that data, grouping employees based on their assigned tasks and competencies. This can reveal information needed to understand who works best together or even where the organisation may lack specific talent.

By sharing this information across an organisation, employees are empowered to self-organise their teams for new initiatives based around what skills are needed rather than who is available. And the issues that frequently plague siloed organisations – poor communication between teams leading to delays – occur far less frequently as teams work cross-functionally in an agile way.

Adopting an agile framework can help by providing a structure to guide employees in agile ways of working. There are frameworks, like Kanban and Scrum, that can help. Scrum structures work into a regular process of sprint planning, two-week or weekly cadence blocks, and concludes with a sprint review. They can provide the necessary scaffolding for colleagues to understand how agile principles can apply in practice and across their other work. 

It is also possible to test the waters before adopting an agile framework across an entire organisation. Whether it’s recruiting talent for very specific roles or measuring employee engagement, the approach encourages collecting actionable data on how initiatives are performing, which helps provide the evidence needed to run successful trials and pilot programs and make informed decisions.

Embracing Agile for HR transformation

Too many companies are tethered to outdated HR models that no longer align with the realities of today’s workplace. Embracing agile provides an opportunity to evolve practices and usher in better HR operations. With its flexibility, collaborative ethos, and emphasis on continuous improvement, agile is the natural solution. Applying agile practices not only empowers HR teams to navigate the challenges of the chaotic work environment, but also serves as a catalyst for streamlining processes, enhancing job satisfaction, and cultivating an adaptive, team-centric culture.

Continue Reading

Business

Dealing with Parental Leave: How Your Business Can Support Employees with Families

Looking after your staff is a fundamental part of running a successful business, ensuring staff turnover remains low and workers remain happily motivated. Workers now have more agency than ever when it comes to choosing their employer, in part thanks to the rise in remote working which means workers are no longer limited to looking for roles within their local area.

39% of UK workers now work at home within a given week and workers are beginning to demand more in terms of employee benefits, especially when it comes to welfare.

One of the areas where employees may focus is “family-friendly” working and benefits. But what does the law say about these contractual offerings? And how can your business benefit from having a comprehensive “family-friendly” benefits package? We spoke to the employment law specialists at Beecham Peacock to discover how your business can become more caring.

What does the law say about parental leave?

In the UK, women are able to take up to 52 weeks of maternity leave. The first 26 weeks of leave, which includes two weeks of compulsory leave (four weeks for factory workers), are known as ordinary maternity leave, while the final 26 weeks are known as additional maternity leave.

During maternity leave, a woman’s rights to pay rises, accrued holiday, and returning to work are protected by the law.

Eligible mothers-to-be are entitled to be paid statutory maternity pay for 39 weeks. This will depend on whether or not they satisfy service and earnings criteria. Otherwise, they may not be able to claim maternity allowance.

Statutory maternity pay equates to six weeks paid at a rate of 90% of average weekly earnings (before tax). For the remaining 33 weeks, the current rate of payment is £172.48 or 90% of their average weekly earnings – whichever is lower. This rate is reviewed annually.  

There has been much discussion about the mandatory amount of maternity pay and whether it does enough to support women in the workplace – a recent study found statutory maternity pay is just 47% of the national living wage. To attract and retain women, businesses may wish to consider offering enhanced maternity pay and benefits packages.

For partners, leave entitlements are different. Statutory paternity and adoption leave entitles fathers/partners to take one or two weeks of paid paternity leave, paid at a rate of £172.48 or 90% of their average weekly earnings – whichever is lower. This rate is also reviewed annually.

When this leave is taken differs depending on whether paternity or adoption leave is being taken. Again, your business may wish to consider enhanced leave and pay packages.

For eligible parents, another option that is increasingly taken up is shared parental leave. Whilst the mother will always have to take two weeks of compulsory leave (four weeks for factory workers), the remaining 50 weeks (or 48 weeks for factory workers) can be taken by either parent.

This gives both parents flexibility and the opportunity to spend time with their child.  Statutory parental leave pay is paid at the same rate as the latter part of statutory maternity or paternity pay, and can be paid for up to 37 weeks to eligible employees. Again, businesses may wish to consider offering enhanced parental leave pay to attract and retain employees.

What are the positives of greater employee benefits for parental leave?

Of course, there are extra costs associated with paying more than the statutory pay requirement. However, offering parental leave options and policies that go above and beyond the minimum requirements can benefit a business just as much as it benefits your employees. Such packages will enable business to attract and retain employees.

How to draft a comprehensive parental leave policy

Lisa Branker, Head of Employment Law at Beecham Peacock, advocates for a comprehensive leave policy that supports all of your employees. She comments:

“Entitlements and eligibility for parental leave, pay and benefits should be clearly contained in your business’ relevant policy. If your goal is to attract and retain your workforce through flexible and/or enhanced benefits packages then this information needs to be clearly set out and accessible. A clear policy makes employees aware of how much leave and pay they are entitled to, helps managers to respond to any queries, and allows your business to plan for and support working parents.”

“Pay and leave aren’t the only considerations – for example, your business may be able to offer a salary sacrifice scheme to make childcare arrangements. Other, non-financial support can also be a huge help for new parents or parents-to-be. Increasing the flexibility of working hours or offering a hybrid working scheme can give your colleagues the support they need to manage the transition into parenthood. These measures will enable you to motivate and retain your workforce, without creating an onerous financial burden.”

Every company is different – and there’s unlikely to be a one-size-fits-all solution. Think about which solution (or combination of solutions) is best-suited to your company before creating or amending a parental leave policy. If you’re considering creating or updating your policy, Beecham Peacock’s free policy reviews are a great starting point to check your offerings meet your business and legal needs.

https://www.beechampeacock.co.uk/employment-law/

Continue Reading

Business

How Africa’s largest payments network is integrating social mission with its business aspirations

Being deliberate about creating a “greater purpose” is essential to building an authentic corporate culture, engaging stakeholders, and navigating the evolving landscape of corporate philanthropy. This is the philosophy behind Africa’s largest digital payments network, Onafriq’s, extensive growth and vision to unify the continent’s digital payments landscape according to its General Counsel and Chief Risk Officer Funmi Dele-Giwa.

Dele-Giwa recently shared insights into the organisation’s unique position at the intersection of social impact and commercial ambition at the Women in Payments Symposium EMEA, held in London. During her speech she delved into the company’s journey in delivering greater financial access and connecting all of Africa into a single integrated network that empowers both individuals and businesses.

“The purpose of Onafriq from the very onset was one of providing financial access to marginalised individuals on the African continent and having a positive impact in the countries we operate in and the clients we serve,” she said. “That is why Onafriq was built on the back of a strong belief that mobile money would serve as a strong enabler of financial access to millions of under- or unserved Africans.”

Established nearly 15 years ago with the mantra of “making borders matter less”, the company aims to facilitate cross-border payment services within Africa – as well as in and out of Africa. This is underpinned by the vision of its Founder and CEO Dare Okoudjou, that making a payment anywhere in the world, to anywhere across the globe should be as easy and as painless as it is to make a phone call.

Today, Onafriq’s payments network connects more than 1,300 cross-border payment corridors providing access to more than 500 million mobile wallets and 200 million bank accounts across 40 African markets. This vast digital infrastructure is a testament to its position as the “network of networks”, enabling services like cross-border payments, remittances, card issuing, agency banking and more, which facilitate seamless money flow from, to, and across the continent.

During her talk at the symposium, Dele-Giwa noted that remittance services were a key example of this marriage of concepts, having particularly emerged as a powerful tool for boosting economic growth and financial empowerment. By partnering with international remittance companies, the Onafriq network enables the significant pool of migrant workers from Africa in the diaspora to send and receive money efficiently and affordably. She notes however, that remittances are not just the privy of the global north to south, as there is significant intra-Africa remittance demand which has traditionally remained unmet. Through partnerships with mobile network operators (MNOs) across the Continent, Onafriq is bridging gaps between countries like Kenya and Uganda, as well as Cameroon and Nigeria, by digitising and facilitating intra-Africa remittance flows.

“Strategic collaborations between key sectors of Africa’s financial services landscape are key to unlocking the full potential of remittances as a catalyst for economic growth and development,”  said Dele-Giwa. “As such, fostering robust partnerships between payment networks and mobile money platforms is important to enabling greater remittance flows given the widespread adoption of mobile wallets across the continent.”

Another way that Onafriq is blending the principles of social betterment with business objectives is by empowering small businesses in Africa to flourish and grow by enabling access to a wider range of choices in disbursing or collecting digital payments over cash. Onafriq’s partnership with One Acre Fund is an example of how the company’s network has contributed to providing small-scale farmers with asset-based financing services.

“Our work to open up markets and connect people to opportunities continues to empower the African gig economy, enabling GDOs to deliver cash assistance to needy communities and international merchants to pay local creators, influencers and artists, as well as helping small traders to sell their goods across borders, by simplifying the ways they can pay and can get paid,” said Dele-Giwa.

Another notable aspect of Onafriq’s journey of positive social impact, according to Dele-Giwa, is its commitment to empowering women. Through its agent network in Nigeria, women entrepreneurs are able to generate additional income by becoming agents, and by using the Baxi point of sale device they can easily manage payments for their shops and market stalls. Furthermore, partnerships with organisations like the One Acre Fund helped to empower women in small-scale farming, amplifying their economic participation.

For those seeking to emulate Onafriq’s success, Dele-Giwa noted that it was important to align their social mission with the innovation and collaboration needed to achieve a positive impact while pursuing commercial success.

“Let’s remember, it’s not just about the services we offer. It’s about the impact we make while doing so,” she said. “It’s important to share those impactful stories of empowerment and positive change delivered as a result of your products and services, but it is also important to create a set of impact metrics to measure success by. This way you are always able to hold yourself accountable to employees, shareholders, regulators, clients, and other stakeholders.”

Continue Reading

Copyright © 2021 Futures Parity.