Tech
The grey door: Solving the UK’s self-inflicted skills shortage | Computer Weekly
The UK’s technology sector has had, and continues to have, a significant demographic challenge. As the nation grapples with an ageing population, the UK government has responded with fiscal policies designed to extend the working lives of its citizens, predominantly through the incremental raising of the state pension age.
Simultaneously, the IT sector, the vanguard of the modern British economy, continues to operate within a cultural and structural framework that systematically marginalises older professionals.
The premise of the current UK economic strategy is built on the assumption of “fuller working lives”. With the state pension age having risen to 66 and legislated to reach 67 between 2026 and 2028, the expectation is that workers will remain economically productive well into their late 60s.
For many sectors, this transition, while challenging, is operationally feasible. However, in the technology sector, a “grey door” appears to descend significantly earlier, often as early as age 50, creating a demographic anomaly where the industry most vital to the UK’s future is the least representative of its present population demographic.
The most definitive metric of ageism is the representation gap – the difference between the proportion of older workers in the general economy versus their proportion in the IT sector. According to the BCS diversity report 2024: “There were 446,000 IT specialists in the UK aged 50 and above during 2023, and at 22%, the level of representation for this group was much lower than that recorded amongst the wider workforce (i.e. 30%).”
The report adds: “If the level of representation for older workers in IT specialist positions was equal to that amongst the working-age population as a whole, there would have been 594,000 older IT specialists in the UK during 2023, i.e. approximately 148,000 more than the number recorded.”
This shortfall represents a significant loss of experience, leadership and technical capability, which is particularly ironic in a sector chronically complaining of skills shortages. Beyond the operational strain of the skills shortage, the structural exclusion of 148,000 experienced professionals represents a critical public policy failure, stripping the UK economy of an estimated £1.6bn in lost tax revenue and directly undermining the government’s fiscal agenda for “fuller working lives”.
According to a survey conducted by CW Jobs, “Over a third (41%) of IT and tech sector workers said they have encountered age discrimination in the workplace, whereas only 27% across other UK industries had experienced old ageism.”
The Stop the bias report 2024 from Tribepad shows similar trends.
The presented trend lines offer little comfort. Despite broader societal trends towards longer careers, the level of representation for older workers in IT roles has remained stagnant over the past five years. While the general employment rate for the “50 to 64” demographic has historically trended upward, the IT sector appears resistant to this shift, maintaining a younger demographic profile as the pool of available young talent shrinks relative to the ageing population.
To resolve the conflict between an ageing demographic and a youth-centric technology sector, stakeholders must move beyond passive acknowledgement of the “grey door” to enact structural reform. When artificial intelligence (AI) tools inadvertently assert human bias, such as ageism, it threatens to turn the government’s “fuller working lives” policy into a driver of inequality.
To prevent the IT sector from becoming a closed shop to the over-50s, the following three recommendations are essential.
1. Mandate algorithmic auditing and glass box transparency
Organisations must treat AI recruitment tools as high-risk systems requiring rigorous safety checks. Companies should implement regular algorithmic audits using counterfactual testing, running identical CVs with different age markers to detect bias.
Furthermore, employers should demand transparency from software vendors regarding how their models handle proxy variables such as formatting and vocabulary, ensuring that years of experience are considered an asset rather than a liability.
2. Institutionalise and scale returnerships
While government initiatives like “returnerships” and “skills bootcamps” provide a framework, the industry must lead the execution. Tech companies should formalise corporate returner programmes as a standard recruitment channel, distinct from entry-level intakes.
These programmes should be designed to bridge the confidence and technical gaps for experienced professionals returning from career breaks, validating their transferable skills rather than forcing them to compete directly with graduates for junior roles.
3. Shift from culture fit to skills-based
The nebulous concept of “culture fit” often serves as a smokescreen for affinity bias, allowing hiring managers to reject older workers who don’t match the prevailing demographic.
Recruitment strategies must pivot to a skills-first taxonomy, where candidates are evaluated strictly on their competencies and potential contribution, rather than social similarity. This requires training human recruiters to recognise and override automation bias, ensuring they do not simply rubber-stamp the rejection of older candidates suggested by flawed AI models.
From tinned fish to baked goodies, you can deliver the best-tasting treats to their door—even if you don’t live close by.
Source link
Fouch knew automated sensors could help by, for example, identifying the environmental culprits of the hole-punching issues, but with so many potential options to try he didn’t know where to start. “The worst thing you can do, in a smaller business especially, is muddle through pilot purgatory, hoping to find a viable product,” he says. “When someone else has done it before, they know the viable path, and they can save you the time and the expense.”
That’s just what three directors and managers from Apple’s engineering and operations teams offered when Fouch and Quinn Shanahan, who oversees Polygon’s medical device production and special products, visited the manufacturing academy in October and November, respectively. Over what Fouch estimates was five hours, the Apple employees evaluated Polygon’s challenges and applied the industrial engineering equation of Little’s Law—which can identify capacity bottlenecks—to devise solutions.
The result was a detailed strategy mapping out sensors and software that could affordably track production and alert about anomalies. Polygon can now count the number of passes the tube makes through the grinder, and it will soon be able to understand whether an overheated motor or other factors could explain the botched hole punching, Shanahan says.
If all goes as planned, Polygon will have implemented a working system to address its most significant bottlenecks for no more than $50,000 compared to the $500,000 that an automation consultancy may have charged, according to Fouch. The Apple team is working on visiting Polygon to talk through other upgrades. “They have walked these paths before,” Fouch says. “Without their help, it’s going to take us much longer.”
Apple’s Herrera says giving small manufacturers a sense of the benefits of automation and other technologies could eventually lead them to work with consultants and invest in more expensive systems.
Two other academy participants tell WIRED that they have not received extensive assistance from Apple—Herrera says it comes down to which companies have prepared a “problem statement” that Apple can help with—but they are working to bring what they learned to their factories. Jack Kosloski, a project engineer at Blue Lake, a plastic-free packaging startup, says it was eye-opening for him to hear about the depth of Apple’s product testing.
So-called ClickFix or ClearFake attacks that bypass security controls and use unwitting victims to execute a cyber attack of their own accord are surging at the end of 2025, even outpacing phishing or clickjacking attacks, according to NCC Group’s latest monthly threat report.
First identified a couple of years ago, ClickFix attacks flooded the threat landscape during 2024, and their volume surged by over 500% in the first six months of 2025, said NCC.
Rather than relying on automated exploits or malicious attachments, ClickFix attacks exploit human fallibility by convincing their targets to manually execute attacks using tools like PowerShell, Windows Run box, or other shell utilities after luring them to compromised websites promising fake prompts that instruct them to copy a command into their Run dialogue or PowerShell window.
NCC said such attacks represent a marked shift in social engineering because the victims are acting entirely voluntarily – this is in contrast to phishing attacks in which the deception ends once credentials have been submitted, or clickjacking, where victims unknowingly engage.
“This shift challenges traditional detection models as the command originates from a trusted user process, rather than an untrusted download or exploit chain,” wrote the NCC team.
“Understanding and mitigating ClickFix attacks is crucial because it can bypass conventional defences,” they said. “Email filters, sandboxing and automated URL analysers cannot always flag a malicious action that is conducted manually by an end user. Once the payload is executed, attackers can deploy RATs, enabling persistence, credential harvesting and eventual ransomware deployment.”
Financially motivated cyber criminals have been quick to climb on board the ClickFix wagon, many of them operating in larger access broker ecosystems to sell on compromised endpoints to ransomware gangs.
The report details a number of such targeted ClickFix operations. One campaign, active from April 2025 until just a couple of months ago, targeted the hospitality sector and duped employees into spreading infostealer malware across multiple hotel chains. This campaign used the PureRAT remote access trojan (RAT) to steal the hotels’ Booking.com credentials and conduct downstream email and WhatsApp phishing attacks against guests.
Another campaign, run by Kimsuky, a North Korean state threat actor, prompted its victims to copy and paste bogus authentication codes into PowerShell after posing as a US national security aide trying to set up meetings on South Korean issues.
Defending against ClickFix attacks is largely a matter of attempting to cut down on an organisation’s exposure to malicious lures and deceptive landing sites by incorporating tools such as URL filtering, domain reputation controls, web-filtering and sandboxing. Tightening endpoint execution environments is also a must, as is strengthening user awareness and instructing all employees to treat any unsolicited copy-paste instruction as an attempted cyber attack.
Ransomware stats
The growth in ClickFix attacks came amid a plateauing of general cyber attack volumes during the past few weeks, with tracked ransomware hits falling 2% in November, NCC found.
The Qilin operation held firm as the most active gang observed in NCC’s telemetry, accounting for 101 attacks, followed by Cl0p with 98, Akira with 81, and INC Ransom with 49.
Additionally notable in November was the DragonForce gang – NCC attributed 19 attacks to it during the period, although it has claimed many more itself – which became one of the more prominent active cyber gangs this year thanks to its reliance on collaboration with highly skilled affiliates, among them Scattered Spider, the hacking collective that hit Marks & Spencer, among many others.
Although collaboration between threat actors is nothing new, NCC said that DragonForce’s activity showed how gangs can maximise such strategies to strengthen their capabilities.
This said, at the same time, DragonForce has also taken something of a sledgehammer to the concept of honour among thieves. In May, it was observed hacking and defacing the data leak sites of rival gangs, and at one point initiated a hostile takeover bid of the RansomHub crew.
NCC said this competitiveness may reflect the lowering of technical barriers to participation in the cyber criminal ecosystem. Attacking competitors, it suggested, may form part of a deterrence strategy to keep newcomers from establishing themselves.
Don’t be complacent
“Business leaders cannot afford to become complacent,” said Matt Hull, NCC global head of threat intel. “Threat groups are rapidly evolving, sharing tools and techniques, and already exploiting the festive period, when vigilance often drops.
“With the new Cyber Security and Resilience Bill and high-profile breaches at M&S, Co-op and JLR [Jaguar Land Rover] this year, organisations are under growing scrutiny to prove they have robust defences and incident response plans in place,” he added.
“As the holidays approach, staying alert to suspicious activity and strengthening security posture is as important as ever.”
Nick Reiner, Rob Reiner’s son, to appear in court on 2 counts of murder in killing of his parents
EC approves ~$477.36m Spanish scheme for industrial decarbonisation
WBD tells shareholders Netflix deal is superior to Paramount offer: ‘It was not a hard choice,’ chairman tells CNBC
-
Politics7 days agoTrump launches gold card programme for expedited visas with a $1m price tag
-
Business7 days agoRivian turns to AI, autonomy to woo investors as EV sales stall
-
Business4 days agoHitting The ‘High Notes’ In Ties: Nepal Set To Lift Ban On Indian Bills Above ₹100
-
Tech1 week agoJennifer Lewis ScD ’91: “Can we make tissues that are made from you, for you?”
-
Sports7 days agoPolice detain Michigan head football coach Sherrone Moore after firing, salacious details emerge: report
-
Sports7 days agoU.S. House passes bill to combat stadium drones
-
Fashion7 days agoTommy Hilfiger appoints Sergio Pérez as global menswear ambassador
-
Tech7 days agoGoogle DeepMind partners with UK government to deliver AI | Computer Weekly