Cyber threats are everywhere and hardly a week goes by without news of the latest data breach. We hear horror stories about cyberattacks and data breaches involving large corporations and the destruction or theft of millions of records. Large companies have considerable IT resources at their disposal, but also make enticing targets due to the large amount of personal data (credit card details and passwords) that may be held by them.
Small to medium enterprises are also vulnerable, but the threats are different. They have limited resources to protect themselves and may not perceive themselves as prone to cyberattack. However, attacks on small businesses are rising. Additionally, SMEs are vulnerable to some of the same threats as large businesses: Carelessness, disgruntled employees, systems failure and even opportunistic attacks from the outside.
Both small and large businesses need to be able to defend themselves from threats and respond appropriately with the resources at their disposal. Regardless of organisational size, staff need to understand what is at risk, why it needs to be protected and what can be done to protect it. Above all, protective measures must be cost-effective and practical.
So what does the next generation of business professionals need to counter cybercrime in their organisations? Firstly, technical skills are essential. We need graduates who understand the tools that are used to both attack computer systems and defend those systems from attack. They must be familiar with how hackers operate and the workflows used to penetrate company IT systems. They also need to know how to design and maintain systems that safely and reliably retain important data, as well as understanding the requirements of laws and standards such as GDPR and ISO27000.
Being able to apply technical solutions is of little use, however, unless the broader business landscape is understood. For example, a good data protection officer must consider the organisational context within which certain information must be stored and protected. An in-house security team must understand what systems are particularly vulnerable but, with finite resources, how to prioritise potentially costly protective measures.
Hospitals are an interesting example: A modern hospital contains many diverse and interconnected IT systems. Some of those systems contain sensitive patient data. Here there are two main concerns: First, the integrity of the data must be maintained as a faulty patient record may result in misdiagnosis or worse. Second, the patient is entitled to privacy and their data must be kept confidential. Third, some of that data (for example medical observations) must be available 24/7 as lack of data may hinder treatment.
Now consider the hospital’s financial systems. Confidentiality and integrity are also serious concerns. Availability is also an issue, but whereas downtime of any duration is unacceptable in a patient care environment, an outage of a few minutes in an accounting system might be tolerable.
This is where a risk analyst comes in. The consequences of data loss in each system must be weighed; this helps to determine the level of investment in protection of that data against loss, breach or malicious intrusion. The skills required go beyond the technical; this is the underlying ethos of the MSc in Cyber Risk for Business.
The MSc in Cyber Risk for Business (MSc CRB), designed in collaboration with industry experts, provides students with a portfolio of business and project management skills, as well as enhancing knowledge of IS concepts and core technical skills. At the core of this programme is a selection of topics covering cloud technologies, IT performance management, data management as well as IT project management. Additionally, students specialize in topics such as risk audit, risk governance. ethical hacking, security architectures and post breach management. This allows students to fulfil the industry need for professionals who can establish and manage robust systems that are secure against data loss and data breach.
Cork has recently been named as Ireland’s national centre for cyber security. This significant development creates an exciting opportunity for educational institutions in the region, along with businesses, to design and deliver a wide range of programmes to suit the needs of both graduates and employers.
The demand for information security professionals has never been higher and it’s only projected to grow. As directors of MSc Cyber Risk for Business, we see our programme as part of a broader portfolio of education and training solutions offered by UCC, CIT and other organisations in the Cork area. Situated in the department of Business Information Systems in Cork University Business School at UCC, we are delighted to enlighten and educate graduates to become Cyber Risk experts to help organisations secure their IT systems against data loss, breach and attack.