Cyber security is a growing problem, and there are not enough trained professionals to protect Massachusetts’ computer systems, experts say.
“We have a severe talent gap in the cyber industry,” Dr. Carol Leary said Wednesday at a hearing on cyber security held by the Legislature’s House Committee on Technology and Intergovernmental Affairs and Joint Committee on Public Safety and Homeland Security.
Leary is president of Bay Path University in Longmeadow, a leader in training students in cyber security.
The hearing comes amid national concern about cyber security, in the wake of the hacking of the Democratic National Committee and allegations of Russian meddling in the 2016 elections. There have been high-profile data breaches at the credit monitoring service Equifax and other private companies.
Cyber security also has real local implications.
Rep. Harold Naughton, D-Clinton, chairman of the Joint Committee on Public Safety and Homeland Security, said he was a victim of a cyberattack at the company he owns. “I realized I don’t have money in my budget to pay for anything beyond Norton or McAfee,” Naughton said, referring to commercial virus protection software.
Delcie Bean, founder and CEO of Hadley-based information technology consulting firm Paragus IT, said small businesses in Western Massachusetts struggle with cyber security.
Bean said small businesses do not have the resources to keep up with government regulations or with the requirements of their larger clients. Bean said two of his clients went out of business because audits found they were unable to keep up with information technology requirements established by their customers. Businesses that have data breaches are at risk of bankruptcy, due to the resulting financial expenses and bad public relations.
Bean said the inability for businesses to keep up with cyber security also has serious ramifications for local residents.
“Massachusetts residents’ data is easy to be stolen from small businesses,” Bean said.
Richard Sullivan, president and CEO of the Economic Development Council of Western Massachusetts, said 80 percent of information breaches originate in a company’s supply chain — in small and medium size companies, particularly manufacturers. Precision manufacturing is particularly vulnerable because companies work in sectors like aviation, medical devices and defense.
Sullivan worried that if breaches continue, larger companies will take over these functions, and smaller companies will go out of business.
Bay Path University and the Economic Development Council of Western Massachusetts are proposing a study to develop a set of cyber security standards to create an audit tool that suppliers could use to measure their security. “If you don’t address it today, there is a real risk of these jobs,” Sullivan said.
A report from Cybersecurity Ventures estimated that by 2021, there will be 3.5 million unfilled cyber security jobs, up from 1 million openings in 2016, Leary said. Leary, who is a member of a U.S. Department of Homeland Security Advisory Council, said LinkedIn currently lists over 750 Cyber Security positions open within Route 128 in Massachusetts.
Bay Path University was one of the first universities to offer a degree in cyber security and the first to focus on training women.
Leary said there are few entry-level jobs in cyber security, because companies want experienced candidates. At the same time, as larger businesses and the U.S. government vie for trained workers, smaller businesses and state governments find it hard to hire experts.
Leary suggested creating more internships and virtual internships could help people enter the field. She said community colleges and universities need to teach cyber security. Companies should provide mentorship, leadership opportunities and equal pay policies to female professionals.
Today, the rate of women in the field is 11 percent globally and 14 percent in North America. “We need to encourage more women to enter the profession because it will shrink the workforce gap,” Leary said.
Bean said the state should provide money for regional trainings for business staff on cyber security. Lawrence Snyder, director of Bay Path’s cyber security program, said someone also needs to work with businesses to help them figure out what types of professionals they need and what credentials are realistic.