The threat of cybercrime is increasing, more experts are needed.
(Photo: Image)
Oldenburg More than ten million parcels are sent every day in Germany, and the recipient now receives an email for almost every one. In the best case scenario, anyone who clicks on the tracking number can follow live where their package is. In the worst case, he loses control of his IT system – and a lot of money.
Internet criminals are increasingly forging e-mails from online senders, banks or parcel services. A careless click on the attached link and the user downloads malware that spies on passwords, sends spam messages or encrypts all data and only releases it again in exchange for payment of a ransom.
Cyber attacks cost the German economy 220 billion euros annually, according to the industry association Bitkom. Strong upward trend. The Federal Office for Information Security (BSI) registered 144 million new malware variants last year alone.
Lack of cybersecurity experts large
Many companies are not armed against this danger – also because there is a lack of skilled workers. The market value of IT security experts is correspondingly high. Alexander Lawall, Professor of Cybersecurity at the International University IU based in Erfurt, sees tough competition for the coveted minds. “The companies try to get in touch with the students in the first semesters.” Good people can choose their jobs.
Top-Jobs des Tages
Find the best jobs now and
be notified by email.
According to Bitkom, 96,000 jobs for IT experts remained vacant in Germany last year. The shortage is particularly great in the area of IT security, says Lawall. After all, not every computer scientist takes the extra step after completing their studies and trains to become a security expert. It’s “one of the best-paid jobs in IT,” says the professor, who heads the bachelor’s and master’s degree courses in cybersecurity at IU.
Experts in IT security are a must for every company
The main reason for the boom in the labor market is the drastic increase in cybercrime. “No company or authority is safe from cyber attacks anymore,” says Sebastian Artz, Bitkom’s Head of Cyber and Information Security. The home office trend has exacerbated the problem. At the beginning of the corona pandemic, many companies did not have enough computers available, and some employees still use private devices to this day. “It comes with security risks that criminals anticipate and exploit,” says Artz. Experts in cybersecurity are a must for every company – either as external service providers or in-house employees with the appropriate specialist knowledge.
State-recognized certificates for IT security
This does not necessarily mean a new job: Testing companies such as Tüv and Dekra offer professional training in digital security as well as chambers of industry and commerce. However, comprehensive IT expertise and several years of professional experience are usually required. The situation is similar with certificate courses such as the Certified Information Systems Security Professional (CISSP). Interested parties can prepare for the extensive exams with the help of external training courses as well as through self-study.
Good salary through IT training
There is no prescribed training path for IT security experts. There are numerous further training formats from private providers, ranging from multi-year studies to online crash courses – sometimes with, sometimes without a final exam. Computer science professor Lawall recommends that you definitely choose further training with a final performance check and proof: “That definitely gives more in an application than just taking part without an exam.”
In practice, high-quality further education and training can even replace a degree. A study by the German Economic Institute from 2016 shows that a majority of the companies surveyed consider the career opportunities of advanced training graduates to be just as good as those of bachelor graduates. Accordingly, IT security staff without a university degree even earned around 25 percent more than the average academic.
Intensive courses in IT security often only last a few days, but can easily cost more than 2000 euros. In addition to the complete program, there are individual modules for those who want to continue their education in special disciplines such as network technology or cryptographic processes. “Even if there are few admission requirements, good specialist knowledge is usually expected,” says Lawall. “Beginners will not be able to take much away from such training courses.”
Bitkom calls for further training offensive in IT security
The more comprehensive alternative is a bachelor’s or master’s degree, as offered by IU. “The topic is still relatively young,” says Lawall. He is a computer scientist himself and came to IT security through his doctorate. There are also comparable courses at other universities, for example in Saarbrücken, Bonn or Bochum. In terms of content, a significant part is about computer science, and there is also the security aspect. “We train generalists to a certain extent,” says Lawall. “In order to understand everything, I need a very broad knowledge – not only in IT security, but in IT in general.”
According to Lawall, most students go to university directly after graduating from high school – or study online. However, the number of graduates is far from sufficient to close the huge staff gap. Sebastian Artz therefore calls for a further training offensive: “Pragmatism is required. Since there is a lack of specialists, we have to break new ground and start at different points,” says the Bitkom expert. He suggests creating training and further education opportunities for IT security officers in the short term. “Corresponding training only takes a few weeks and is a sensible first step.”
Phishing emails from security company as a warning
Experts also think it makes sense to offer so-called awareness training for all employees. Because the last hurdle that a criminal attacker has to overcome is usually the human being. It is usually an inexperienced employee who clicks on the link in a phishing e-mail – and in the worst case scenario, injects malware into the company’s IT system.
Only in the most favorable case does he end up on an information page of an IT security company like the CSX Academy from Oldenburg. In addition to cybersecurity training, the company also offers simulations in which it sends replica emails from parcel service providers to its clients’ employees, for example. These so-called penetration tests are also required by some insurers when companies want to take out cyber insurance. “Less than 15 percent of the employees should fail,” says sales manager Christoph Schultejahns. “But it is almost always more than 15 percent. Even in IT companies.”
Anyone who falls for a phishing email from the CSX Academy will receive a drastic warning that they have just compromised the security of their company – and hopefully will not fall for a real attack in the future. “If people are not sensitized, no technology in the world will help,” says Professor Lawall. Then it’s time to hope – for the cybersecurity experts.
More: Be trained as a programmer in nine weeks
First publication: 06/06/2022, 12:29 p.m.