網上版請按此
Don't underestimate women's potential in cybersecurity
The potential of women in cybersecurity is seriously underestimated, according to a study by the Global Information Security Workforce, which interviewed nearly 20,000 professionals in the information security industry from 170 countries. The study was conducted by the Center for Cyber Safety and Education.
Since the internet is being used as an important channel to conduct business and daily activities, network threats arising from ill intentions are inevitable, network security experts say.
According to Kaspersky Lab, a network security software company, online attacks detected in the first quarter doubled to more than 400 million compared with the same period in 2016. More than 200,000 mobile phones have been affected by ransomware Trojans, 10 times the number in the first quarter of last year.
Unfortunately, antivirus software may not be able to protect your computer and mobile phone completely from attack. Symantec, the developer of Norton, once the best antivirus solution, announced the "death" of antivirus software as it is difficult to shut the virus out.
Cybellum, an Israeli network security company, recently announced that it found a virus that specializes in attacking antivirus software and named it DoubleAgent. Instead of hiding and running away from the antivirus, attackers now directly assault, hijack and gain control over the antivirus, turning it into a malicious agent.
As antivirus is considered a trusted entity, any malicious operation done by it would be considered legitimate, giving the attacker the ability to bypass all the security products in the organization. In other words, antivirus software is unlikely to defend us against network attack programs and ransomware.
We need to actively train more professionals to increase the defense against network attacks. That's why public and private organizations, as well as government departments are in urgent need to train the required personnel to improve their defense capability.
The study examines, in particular, the participation of women in cybersecurity. The proportion of women working in the information technology industry is low, and in the network security sector, the situation is even worse.
For example, women in the US account for nearly 50 percent of the labor force, but only 14 percent are in network security. It is already the highest in the world. In Asia, it's 8 percent, Europe 7 percent and the global average is only 11 percent.
At the same time, the study points out that there is a huge difference in promotion opportunities for men and women in the sector — men are nine times more likely than women to be promoted to manager grade; they are more than four times more likely to hold corporate senior positions, or the so-called C-suite posts, such as chief technology officer (CTO), thus, women have been kept back in terms of promotion opportunities, according to statistics.
While half of the female practitioners are below managerial level, they are not paid as much as men in these junior positions. This year in North America, the salary gap between men and women can be as high as US$5,000 (HK$39,000) per annum.
Women in this sector is a "minority group", but they are highly educated. The study shows that more than half of women in this sector have a master's degree or above, in contrast to 45 percent of men attaining similar education. Therefore, we should not underestimate the potential contribution of women in this sector.
The study also shows that there is a serious shortage of manpower in the industry, with vacancies reaching 1.8 million by 2022, an increase of over 20 percent compared with two years ago.
At present, there is no immediate solution to the shortage of talent and underutilization of women in the cybersecurity sector as it involves many intricate social factors.
I believe education is the only way forward. Training of young people, in particular, young women in computer programming and network security work is important. Besides, it is imperative for primary and secondary schools to promote STEM (science, technology, engineering and mathematics) education, and the government should speed up the relevant training and education. After all, there is no shortcut to bringing up qualified industry workers.
There is opportunity in every crisis. I hope that the new generation of young people, especially girls, can grasp the opportunity as soon as possible to reinforce our network security while at the same time achieving their career goals.
Dr. Winnie Tang
Honorary Professor, Department of Computer Science, The University of Hong Kong