The key to cybersecurity is in the hands of women, but how can we make it appealing to them?

Everyone should contribute to cyber hygiene in today’s smart world. And yet, the reality tends to be different: we have a lot of cybersecurity experts, but we still have a lot of vulnerabilities. We don’t have to look far for the reason – the weakest link is always the person behind the computer.

According to Grete Kodi, Digital Adviser at the Estonian Office of the Nordic Council of Ministers Representation, one of the main organisers of the forum in Tartu, the goal of the forum is to create a network of experts to ensure that there are more talented cyber experts in the Nordic and Baltic countries to help make our region much more stable and secure. International cooperation is certainly one of the keys to success in making cyber education more agile and raising awareness.

Cyber attacks are on the rise – how can we protect ourselves?

Lauri Tankler, Head of R&D Coordination at the Estonian Information System Authority, concedes that in 2023, a particularly high number of distributed denial-of-service (DDoS) attacks have been made in Estonia, many of them targeting medical institutions. Millions of dollars have been lost to cyber crooks around the world due to ransomware attacks.

“Cybersecurity is seen as a computer problem,” says Tankler. “Although many of our everyday systems, even food production, health, education or transport, depend on IT solutions, people don’t think that cybersecurity is important, as if it were just a problem of the IT guys.” The reality is quite different, and so he advises companies to think about protection against cyber-attacks alongside fire or other disaster protection.

How could each of us contribute to cybersecurity? According to Tankler, a good place to start is by regularly updating the software on your devices, patching security vulnerabilities and investing in the security of your business correspondence.

We need a few million more specialists

David Olgart, Lieutenant Commander in the Naval Engineering Corps, reserve and Director of Cybercampus Sweden, says that more needs to be done in cybersecurity as there is a shortage of around four million cyber specialists worldwide and 300,000 in Europe. “People need to be educated more, we must invest more in innovation and research, so that we can successfully deal with all the complex threats and challenges,” says Olgart.

The reason there is a huge shortage of specialists, says Olgart, is that the sector is developing at such a frantic pace that we just cannot keep up.

As the situation with workforce in the field of cybersecurity is critical, the Estonian Office of the Nordic Council of Ministers, in cooperation with the Danish Happy 42 and Peer Heldgaard Kristensen, Director of the Security Tech Space in Aarhus, Denmark, launched the Nordic-Baltic Think Tank project, the goal of which is to cooperate with large companies and municipalities, to share cyber skills and find new talent in the Nordic and Baltic countries, and to make working in cybersecurity more attractive.

This alone, however, does not solve the problem of the shortage of workers. The solution seems to lie in women, in changing and improving the education system and in working with the private sector!

Shortage of women in cybersecurity

Speakers at the forum agree that there is a shortage of women in cybersecurity. Girls tend to think that the cyber area is not for them because it requires a very good knowledge of technology.

Kristensen admits that women should be attracted to the sector in order to maintain diversity and solve the workforce crisis. “If we can make this field attractive to women, we can significantly reduce the shortage of specialists,” says Kristensen. “After all, half the world’s population are women.”

The reason why cybersecurity has become a masculine field, he says, is that cyber issues are complex and perhaps not attractive enough to women. “Women will probably go to study medicine, psychology or something else,” says Kristensen.

Kriset Lisette Margareth Laiuste and Pilleriin Sillakivi, who study at Tartu Tamme Upper Secondary School, think that young children should already en educated about cyber issues. Photo: Jana Laigo, Barefoot Studio

David Olgart, Lieutenant Commander in the Naval Engineering Corps, reserve and Director of Cybercampus Sweden, says there is a shortage of around four million cyber specialists worldwide and 300,000 in Europe. Photo: Jana Laigo, Barefoot Studio

According to Lauri Tankler, Head of R&D Coordination at the Estonian Information System Authority, it is a misconception that cybersecurity is just a computer problem. Photo: Jana Laigo, Barefoot Studio

Women don’t have good role models in cybersecurity

In other words, according to the experts, one of the reasons is that cybersecurity can seem a bit nerdy and people often don’t understand what it really means. Moreover, we don’t have that many women to put on the podium as role models – who can attract girls into the world of cybersecurity.

According to Bodil Ellen Grødem, a teacher of basic cyber and information security, the women already working in this field are the ones who can convince girls that it’s not rocket science. “Why not set up study circles exclusively for girls – then they won’t be under pressure from boys,” says Grødem. “Until they give it a try, they won’t know that cybersecurity is actually really interesting.”

Tankler admits that less than a fifth of cybersecurity professionals at the Estonian Information System Authority are women. “In general, and not just when talking about women, there’s a shortage of specialists, and more and more of them are needed every year,” says Tankler.

According to Tankler, the sentence heard at the forum – “as the people in the field of cybersecurity are mostly men, all of our systems and policies are shaped by them, which is also kind of a risk” – could indeed suggest that cybersecurity will once again be discussed by five men when the panel discussions of the next generations will be held.

This makes women feel that their place is not in this field. “When we start designing a system, we always impart our own view onto them,” says Tankler. “We certainly need people with different points of view, different experiences, who see a different picture.”

Tankler says that although no attention is given to gender, and skills matter in the Estonian Information System Authority, women are welcome to join the team. “This way, we may be able to encourage girls to take more interest in cybersecurity and IT,” he adds. “Maybe even steer them towards studying this specialty.”

Kristensen encourages parents to let their daughters play on the computer too. “Tell the girls it’s very OK. Encourage them to join hobby groups where boys and girls get to know about IT, and later on you can also guide them in their education towards cybersecurity.”

Should we start teaching cybersecurity in schools?

Cybercation’s focus this year was on playful cyberlearning, which has already undergone a significant change. And yet, the school curricula of Estonia and many other countries do not include the computer subjects that interest children.

“Cybersecurity was something I hadn’t even heard of before secondary school,” said Pilleriin Sillakivi, student of Tartu Tamme Upper Secondary School. “I don’t know what needs to be done to get girls more interested in cybersecurity. But if we could try to get more people interested in this, there would also be more girls among them.”

The young girl, who has an interest in IT, got to know cybersecurity when she started studying at secondary school. “I came from a rural school where I wasn’t really offered any particular outlet in that respect,” she recalls. “But in secondary school, a teacher advised us to enter a cyber competition and that was really cool.”

Kriset Lisette Margareth Laiuste, who also studies at Tamme Upper Secondary School in Tartu, recalls that the importance of passwords was discussed at school, but that was about as far as cybersecurity went.

Laiuste and Sillakivi both grew up with computers. Their interest in IT has also led these young women to take part in cyber competitions such as Küberpuuring. “I like to solve problems,” explains Laiuste. “The competitions were also structured in such a way that there are problems and you have to look into them to figure out exactly what to do and how to do it in order to solve the problem.”

Unfortunately, cybersecurity is not taught to children in schools, although it has been tried in Norway. “Actually, we need to address this and young people must be educated so that they grow up to be good citizens," says Bodil Ellen Grødem, a teacher of basic cyber and information security. Cybersecurity should not be a hobby that students do in their spare time, but should be on the curriculum.

Experience has shown that the best way to teach children about cybersecurity is through play. “Emphasising the theoretical side of things doesn’t have the same effect as giving children the opportunity to solve problems through play,” says Grødem.

Tankler, who has worked as a teacher, believes that cybersecurity education should start with the development of cyber hygiene skills.

In order to give children a good cyber education, Grødem is leading a pilot project on cyber security in Norwegian secondary schools, “How to design a training course framework for vocational teachers and tutors”. The main topics it focuses on are the importance of passwords and the vulnerability of individuals and businesses in the cyber world.

The sooner the better!

How old should children be when you start telling them about cybersecurity? It’s not uncommon for parents to put a smart device in the hands of their 5-year-old to watch cartoons or videos.

“I believe that children as young as 10 can be taught about cyber security,” says Grødem. “Our project is aimed at 16 year-olds, but it’s important to talk to younger people about cyber security as well. In some places in the US, children as young as 12 are taught how to break code, solve problems. Kids are very smart, they can do it.”

In Sillakivi’s opinion, cybersecurity could be introduced to even younger children, because children go online and parents may not always have full control over what their children do or see online.

“This should be taught through games where you solve problems, where you learn why you need to be safe,” muses Sillakivi. “After all, you can learn from someone else’s example.”

Mihkel Tikk, Deputy Commander at Estonian Defence Forces Cyber Command, advises young people interested in cybersecurity to join military service, where they can focus on this field. Cyber service has been available in Estonia since 2012.

“Young people start with some existing knowledge that will be developed, and by the end of their service they are already specialists in certain fields,” says Tikk, explaining why cyber service is the perfect place for young people to start their career in cybersecurity.

Typically, only a few girls a year apply to join the cyber force, and this number could increase. “The first two months, when people learn the usual skills of soldiers, are not too hard and provide experience and knowledge that will definitely come in handy later in life,” Tikk added.

You can view the Cybercation – Nordic-Baltic Educators’ Forum 2023 on YouTube.

Cybercation was a side event of the Telia Cyber Battle of Nordic-Baltic 2023, organised by the Estonian Office of the Nordic Council of Ministers and CTF Tech.