Coventry University is training the cyber-security experts of the future in its ethical hacking laboratory. Danny Palmer speaks to senior lecturer Dr Siraj Shaikh to find out how
Part of that change of mind-set comes from taking into account the fact that it's impossible to defend against every single cyber-attack, which means systems need to be built in a way that allows data to be recovered post-attack, and with a means to track the cybercriminals who broke in.
"What needs to happen is we need to design our systems in a way we can at least salvage sensitive data, salvage some level of service and then be able to track back to attackers or sources of compromise so we can then address that," Shaikh argued.
"And that just requires, once again, a lot of good, skilled people to think about good design, good monitoring systems, and good forensics in order to allow us to be able to prosecute people who are responsible for this."
One of the biggest challenges facing those tasked with tackling cybercrime is that it's ever-changing, with hackers able to break into systems using new techniques with alarming regularity. But according to Shaikh, the University of Coventry takes this into account and he even uses real-world case studies to demonstrate the need for students to develop their skills.
"In terms of our teaching methods, we do two things; the first is we do a lot case study analysis from the real world and ask students to delve into that in terms of the technology and policy," he explained.
"Not a week goes by without a story about privacy or security, which is fantastic for me because I can take those news stories - and a lot of the technological details that emerge from that - to students and say ‘Look, this is what's happened recently, out in the in the real world, it's having real impact'.
"That's very useful, we need to get students from very early on to focus on problems in the real world," he added.
Shaikh also points out that the "ethical" nature of ethical hacking forms a hugely important focus, with students required to take in other factors aside from just security itself.
"We have a focus on multi-disciplining on aspects of security. I always say this to my students, in ethical hacking for example, the ethical element comes first. The idea is to acknowledge our policy, legal, economic factors that affect security," he explained, adding that in that way, there's already change coming in the industry.
"And so the idea is for students to know how we respond to this. And I think that's changed as well; there's a call by the industry for better policy, better legislation, and I think as students see a lot of these emerging cases, they'll be able to appreciate the current trends and the recent issues that are there in the industry."
The answer to the conundrum of how to train and recruit more cyber-security experts, Shaikh told Computing, is just down to giving it a high profile, making people conscious of the fact cyber-security is about more than just everyday products like PCs and tablets.
"We need to make people aware that computing, computer science, and technology generally, is not just about mobile phones and consumer gadgets. It's about critical infrastructure, transport, for example, power grids, healthcare, where there's a big use and redesigning of how electronics, data and so on are used.
"We need to grow awareness around a lot of these roles in future - whether it's civil engineers, doctors, agriculturalists and farmers - they would have to be aware around issues to do with privacy and security."