Treating datacentres as Critical National Infrastructure on a par with hospitals, highways and power plants is the right move. Datacentres are home to a huge amount of highly sensitive personal data, from health records to bank details and home addresses. This is all extremely valuable to a cybercriminal, hence the government’s push to increase datacentres’ status and security. But even with the best intentions, this policy will be redundant if the datacentre industry doesn’t have the skills to actually build resilience.
The impact of cyberattacks and other datacentre failures linger months after the fact. For instance, patients are still struggling to book vital treatments following June’s ransomware attack on the NHS. This shows that our most critical infrastructure is lacking the capability to both repel and respond quicky to attacks.
The skills gap for cybersecurity alone stands at 4 million people globally, let alone other factors that guarantee resilience. For the government’s goals to become a reality, we need to address this gulf in both the short and long term.
In the short-term, educating workers needs to start immediately. This will help to shore up defences now and increase confidence moving forwards. In the long-term, industries need to do everything in their power to dispel the myth that resilience demands highly specialised, technical skills. Diversifying hiring practices and looking at relevant cybersecurity skills rather than industry experience will be critical. For instance, a finance career could impart valuable and highly transferrable risk analysis skills, but those will go undiscovered if government and industry are looking in the wrong direction.