Predictions for Cyber Security in 2020

Reading Time: 5 minutes

The dynamic world of cyber security is prompting a new shift in focus for security execs and frontline defenders as we head into a new year in 2020. Given the rapid pace by which enterprises have adopted Cloud computing services to improve operations, the frequency of threats and attack methods, and the widening skills gap facing many industries, we expect 2020 will finally be the Year of Preparedness & Cyber Proactivity—from the CISO, to the Director of Risk Management, to the Network Analyst professional—and we’ll tell you why.

A recent report from ICS2 noted that the cyber security industry now faces an estimated shortfall of 4.07 million cyber professionals. In the U.S. alone, the industry is expected to have more than 490,000 unfilled cyber positions in the coming years. While the great debate continues as to whether we really have a “skills gap” problem or if we need to loosen the reins on job requirements and lower candidate qualification expectations, one thing is for sure—today’s (and tomorrow’s) cyber professionals will need help in combatting imminent threats to harden cyber security in 2020. To facilitate their preparedness strategy, we envision proactive tools and resources will become more mainstream to help professionals do their jobs with greater efficiency leveraging automation, to support expanding security provisions, compliance requirements, and minimize the widening attack surfaces.

Automation will become the preferred way to support security operations

Whether a security manager has 1,000 defenders on their cyber team or one, automating certain administrative tasks for these individuals will be a goal focus in 2020. Directors, managers and cyber team leads understand that threats are getting so sophisticated that network defenders and security analysts need as much help as possible.

Our own Battle Room Design Team Lead Matt Suprenant anticipates enterprises will be finding ways to “automate responses to detections” observing at the Microsoft Ignite event in Nov. 2019 that Microsoft toolsets on display were designed with automation in mind.

“As we think about the future of cyber, we will see a combination of things start working together as we learn more about AI, SOAR, and other mechanisms by which we can augment today’s workforce.” ~ Battle Room Design Team Lead, Matt Suprenant

Cloud adoption will be growing across all security sectors

In 2019, we predicted more enterprises would shift to the cloud for a more seamless and elastic security experience. Reports indicate that about 90% of businesses today are using the cloud to conduct operations from simple file storage to sales transactions in the cloud. So what’s next? Security divisions will be leveraging the cloud to train their professionals on the latest cyber threats and attacks in 2020. Cyber training in the cloud will likely become one of the new ways Cloud computing will be leveraged in 2020 since teams need persistent and always-on access to training (moving away from the one-and-done on-site classroom-based training offerings of today). The future of cyber training will occur in the cloud.

Don’t believe us? Hear the benefits of training in the Cloud in our webinar.

Renewed focus on security awareness training for all employees

Human resource managers and risk and compliance managers will work more closely together to design their own security training programs to nurture incoming talent and existing staff. Another cyber security prediction in 2020 will indeed be around this topic, as HR managers and Risk and Compliance managers identify new ways to educate all employees (not just the IT staff) on cyber risks, attack methods, and how to spot suspicious emails (phishing attacks), links, website, and other digital assets related to endpoint security.

“I hope the prioritization of training and education continues to increase; I hope the prioritization of security as a pillar of someone’s organization continues to get recognition. I think we’re coming out of a phase where organization’s felt that could just ignore the elephant that’s stomping around their data center. I’m hopeful we’re moving into this position that people are being more generally aware [of their digital activity online], not just on paper, but that [cyber security readiness and training] needs funding and collaboration…The industry is moving toward recognition that this is where priorities lie.” ~ Megan Daudelin, Team Lead, Curriculum Development

Election Security will dominate discussions

Years ago, ballot fidelity was the issue to solve but now, election security is the hot ticket item to address in cyber security in 2020. The breadth and diversity of counties means election security isn’t managed the same way, putting all elections at greater risk of interference. Russian cyber criminals have been able to gain access to voting systems around the country, most notably in the 2016 election. As we head into an election year, election security pros will be understanding vulnerabilities in voting machines and (ideally) replacing such machines using congressional funds, which granted $380 million to upgrade old voting systems.

We also anticipate both election volunteers and frontline election security tally monitors and processors will desire more cyber training and education to ensure they’re doing their part to stay vigilant against any suspicious activity that comes in their purview.

Increased Attacks on IT/OT automated systems, state local governments

Municipal ransomware attacks on cities was a big occurrence in 2019 and we don’t envision it’s going to stop in 2020. A CNN news article reported that over 140 local governments, police stations and hospitals were held hostage by ransomware attacks in 2019. As more entities run by and are funded/informed by state and local government organizations, automated operations of network security will be more prevalent to streamline workforces and workloads, thus, increasing the chances of cyber attacks occurring on those systems. To prevent data breaches and make cyber readiness a top priority, live fire cyber exercises will be leveraged to bring together cyber security experts across departments and teams, divisions and functional areas of critical infrastructure and government operations.

We will continue to see a rise in targeted ransomware attacks, especially against small to medium size public entities like utilities, governments, and hospitals. Too many are just paying the ransom because it is far cheaper to do that than fix it, even if you have backups. ~ Paul Ellis, Senior Product Manager

What do we do to harden cyber security in 2020?

Educate, educate, educate. Train. Train. Train.

That is our recommendation for security leaders, managers, and frontline defenders who are heading into 2020 trying their best to anticipate the next threat vector or patch a vulnerability.

The more companies can educate their non-technical staff about cyber issues and suspicious activity while IT teams and security divisions regularly train/upskill their defenders the better off enterprises will be.

It’s important to remember that cyber security in 2020 and beyond is not a “do this thing and you’re secure” effort. Cyber security and hardening posture is a JOURNEY, not to be taken lightly or without concern.

For enterprise security teams who want to understand more about how Project Ares can support cyber learning in mission scenarios that address election security, ICS/SCADA systems, and experience learning against automated adversaries in the Cloud, schedule a demonstration of Project Ares today.

For HR managers and Risk and Compliance directors seeking ways to implement a company-wide security awareness training program using gamification, check out our inCyt platform (Available soon).

 

Photo by Ramón Salinero on Unsplash
Photo by Shahadat Rahman on Unsplash

Rethinking cyber learning—consider gamification

Reading Time: 1 minute

This post originally appeared on Microsoft’s Security Blog, authored by Mark McIntyre, Executive Security Advisor, Enterprise Cybersecurity Group

Cyber Monday and Black Friday Cyber Security Safety Tips to Prevent Holiday Hacks  

Reading Time: 3 minutes

If you’re anything like me, you get really excited when the holidays roll around. The music is cheerful (the Hallmark Channel is on 24/7–high five!), the fireplace is roaring, and I can curl up with my blanket and mobile phone to SHOP ONLINE (of course). Ah, the spirit of the holidays…But the bah humbug part about the scene I’ve just set, is I’m not the only one feeling “festive.” Cybercriminals LOVE when surges in online shopping occur because people are looking for the best deals on gifts, bargain hunting, and planning for the biggest online shopping days of the year: Black Friday and Cyber Monday. This means adversaries can more easily manipulate our holiday spirits with cyberattack methods like phishing and social engineering, credit card fraud, and more.

So while you prepare your winter festivities and “add to cart,” consider these 12 tips to keep your “digital dwelling” safe and warm during Cyber Monday and Black Friday, especially.

Shop from websites you know and trust. 

Don’t click on those flashy “hot deals” that are likely too good to be true. Scammers deliver ads based on your interests, offering sweet discounts or great deals to get the click. Now is NOT the time to experiment with new retail websites and apps.

Don’t go “public.” 

Avoid public Wi-Fi when using the Internet, especially when accessing sensitive data like your bank account balance or emails. Your personal information isn’t a “gift” you want to give a hacker this holiday season.

Update your operating systems. 

With a little more downtime during the holidays, take a merry minute to keep your operating systems as current as possible. This also goes for apps on your phone.

Refresh your passwords.

Enter into the New Year with stronger, more secure passwords—something that will keep a criminal out of your personal property and prevent identity theft. Things like symbols and numbers to replace letters add a layer of complexity that make passwords harder to crack. Consider using a password manager to store all your different passwords so you don’t forget them!

To ensure you are protected from any precocious cyber predator, check our security awareness game inCyt, a fun way to learn cyber concepts and attack methods while cozying up on your couch with a hot toddy. You can practice proactive cyber readiness during the holidays—and year-round with this sweet resource. 

Don’t click on suspicious links. 

Scammers, like the Grinch, will impersonate real online retailers and stores to get you to open an email and click on links while you are holiday shopping. Don’t! This phishing email tactic opens the door for them to install malware on your computer and before you know it, your data is stolen and compromised.

Look for the lock. 

Secure websites will often have a lock icon in the browser address bar to indicate it is a secure connection.

Get creative with security questions. 

Your mother’s maiden name or favorite food can most likely be found online somewhere, so try getting creative with your security questions to access your accounts. Choose a motto you live by perhaps or choose an answer to a question that is completely opposite of what you would select.

Watch your bank and card activity.

Hackers can see your financial activity when you’re sleeping and when you’re awake if you’re not careful. Diligently monitor your bank account, online transactions, and card activity and notify your financial services provider if you observe any suspicious activity.

Disable auto-connect.

Some devices will auto-connect to available wireless networks. Ensure you are only connected to wireless and Bluetooth networks when devices are in use or about to be used. Unknowingly being connected is the opportune time for hackers to cause damage right under your nose.

Store devices when away. 

If you’re a busy traveler, criminals seek out meal times to check hotel rooms for unattended laptops and mobile devices. Be especially wary when attending conferences or trade shows as guest networks tend to be more vulnerable to attacks (and allows hackers to access lots of data from lots of people, who are all in one convenient location).

Activate double authentication. 

If you haven’t done so already, ensure all your apps have a double authentication factor so every time someone tries to log in to your online account, they need a code or key that is texted to your phone or sent to your email to gain access. That makes unintended access to things like social media accounts more difficult for cybercriminals.

Practice persistent protection.

Hackers aren’t just looking to exploit individual data, they also target businesses knowing many take extra time off this time of year to spend with loved ones. Ensure your company has a strong cybersecurity response plan in place and key members of your threat intelligence, analysis, and fraud teams are consistently practicing responding to threat scenarios. Our Project Ares platform runs on Microsoft Azure, so professionals can practice cyber offense and defense from anywhere, at any time on a gamified cyber range.

It’s important to practice safe online behavior all year-round but the holidays bring about an extra level of digital activity hackers love to exploit. Make sure you are taking proactive measures to ensure you are having the most wonderful online shopping day of the year—and cybercriminals aren’t.

 

 

Living our Mission Blog Series: How Tony Hammerling, Curriculum Developer, Orchestrates a Symphony of Cyber Learning at Circadence

Reading Time: 3 minutes

Circadence’s Curriculum Developer Tony Hammerling wasn’t always interested in a career in cyber—but he was certainly made for it. In fact, he initially wanted to be a musician! While his musical talents didn’t pan out for him early in his career, he quickly learned how to create unique harmonies using computers instead of instruments…After joining the Navy in 1995 as a Cryptologist and Morse Code operator, he transitioned to a Cryptologic Technician Networks professional where he performed network analysis and social network/persona analysis. It was there he learned more offensive and defensive strategies pertinent to cyber security and was introduced to network types and communication patterns. He moved to Maryland to do offensive analysis and then retired in Pensacola, Florida. The world of cyber grew on Tony and he enjoyed the digital accompaniment of the work it offered.

For the last few years, now settled in Pensacola, Florida, Tony is a critical part of Circadence’s Curriculum Team, working alongside colleagues to develop learning objectives and routes for players using platforms like inCyt, Project Ares, and other cyber games like NexAgent, Circadence’s immersive network exploration game. Currently, Tony and his team are focused on building out learning of network essentials in NexAgent, and “…are bridging the gap between what new IT professional’s learn in NexAgent and getting them onto more advanced learning pathways in Project Ares,” says Tony.

“We’re starting to introduce new content for [Project Ares] battle rooms so users coming out of NexAgent can have an understanding of the tools and techniques needed for more advanced learning of cyber defense—and actually apply those tools and techniques in realistic scenarios.”

As the technical subject matter expert for cyber curriculum, Tony digs into the details with his work—and that’s where he shines. Tony and his team ensure that user learning is reflective of today’s cyber attacks and vulnerabilities. In the next iteration of NexAgent, users will be able to focus on network segmentation using election security as the theme for game-play. From separating election polling servers to working with registration databases to designing networks to prevent election fraud, learning becomes much more interesting for the end-user.

The most exciting part about Tony’s job is the diversity of material he gets to work on every day. One day he could be helping end-users of Project Ares identify fraudulent IP addresses in a battle room and another day he could be working on a full-scale technical design of a SCADA system modeled after a cyber incident at a Ukrainian power plant.

By understanding corporate demands for new content, Tony and his team have more direction to build out cyber learning curriculum that aligns to customer’s needs. He believes the technical training he’s able to support with learning material in Circadence’s platforms complements traditional cyber learning paths like obtaining certifications and attending off-site classes. The variety of learning options for users of all cyber ability levels (both technical and non-technical), gives professionals the opportunity to be more thoughtful in their day-to-day lives, more critical and discerning of vulnerabilities and systems, and more creative in how they address threats.

“Knowing that people are able to come into a Circadence product and learn something that they didn’t know before or refine specific knowledge into an application/skill-based path is exciting. I don’t think too much of the greater impact my work provides—but perhaps 10 years down the line when we can say ‘we were the first to gamify and scale cyber training,’ it will mean so much more.”

We are grateful for the unique talents Tony brings to the Circadence family of products and how he’s able to craft learning “chords” that when orchestrated, provide a symphonic concerto of cyber learning activity—empowering cyber professionals across the globe with relevant, persistent, and scalable cyber training options to suit their security needs.

Photo by Marius Masalar on Unsplash

Photo by Alphacolor on Unsplash

 

8 Tips to Keep Your Small Business Cyber Safe this Holiday Season

Reading Time: 3 minutes

The holiday season is a time of giving, however, for hackers it can be a time of swindling. We are all susceptible to cyberattacks, but small businesses can hurt the most from the fall out. With limited staff numbers, small IT departments (if any at all), and no money allocated toward remediation, it is of the utmost importance to protect your small business, especially over the holidays. So, what can you do to protect yourself?

  1. Understand your vulnerability by industry – While every industry can be targeted by scammers, there are some more at risk than others. Specifically, retail, automotive, manufacturing, and financial. Not only do these industries process a lot of sensitive data and large quantities of money, but they also use automated process and many interconnected devices which are vulnerable to cyber attacks. Assessing your risk is the first step in preventing it.
  2. Adopt a cyber security policy – Whether you’re a sole proprietor or a company with 5,000 employees, cyber criminals are targeting your business. Smaller businesses may not have controls, processes, or policies in place for cyber security defense and offense. There are several options for securing a comprehensive cyber security plan such as a managed service provider (MSP), a systems integrator or security system provider, or a cyber security consultant. Take the time to put together a comprehensive policy for your employees to learn and reference.
  3. Educate employees on cyber risks and prevention – It won’t do you any good to adopt a cyber policy if you don’t train your employees on risk awareness and staying safe online while working. Ensure you utilize persistent, hands-on learning, such as a cyber range, to keep employees abreast of the latest threats while building confidence in their abilities to recognize threats and suspicious activity.
  4. Beware of popular scam tactics used against small businesses – From overpayment scams to phishing emails, hackers will try just about anything to get to your money and sensitive information. Be wary of anything that looks or sounds suspicious such as calls from unknown persons, pop-ups, and unfamiliar websites, only open emails from trusted sources, and NEVER give your credit card or personal information to anyone you don’t know whether over the phone, by email, or in person.
  5. Secure WiFi Networks – These days all businesses require WiFi to operate, so you need to ensure your network is safe. Hide your network, which you can do by googling instructions or working with your internet provider, so that your router does not broadcast the network name (or SSID) and ensure that a password is required for access. Be sure you change the administrative password that was on the device when first purchased as well to a complex password only you will remember. Setting up a private network for employees and offering a guest network to customers is a great way to keep customers happy while ensuring your cyber safety.
  6. Make backup copies of important information – Regularly back up data on every computer used in your business including documents, spreadsheets, financial and personnel files, and more. You can do this through many channels from uploading files to an external hardrive, USB, the cloud, or using a paid data storage site.
  7. Install and update antivirus software – Every device you use for your business needs to be protected with antivirus, antispyware, and antimalware software. You will need to purchase this software either online or from a retail store and will need to assess your specific needs based on a variety of factors, such as the type of operating system you use (mac or PC) and your budget. Here is a handy guide for things to consider before purchasing antivirus software. Be sure you install and update antivirus software regularly to ensure the newest and best iteration is at work protecting your sensitive information.
  8. Install a VPN – A virtual private network (VPN) is a software that enables a mobile device to connect to another secure network via the internet and send and receive data safely. If you regularly use your smartphone to access secure information for your small business, it can be technology that is well worth investing in. Setting up a VPN is a simple task but depends on what operating system you use. Check out this great article that guides you through VPN set up for various systems.

By following these tips and tricks, you can ensure that your business stays protected and profitable. Cyber security is an ever-changing field, and businesses must continually adapt to new attack methods and be able to defend themselves. Keep the latest in cyber training at your fingertips with Circadence’s inCyt security awareness game of strategy and if you have a small security team/IT professional, consider our flagship immersive, gamified cyber learning platform, Project Ares for advanced cyber training. We wish you a safe and happy holiday season!

Photo by Aryan Dhiman on Unsplash
Photo by You X Ventures on Unsplash

 

Operation Gratitude: 5 Reasons to Give Thanks for Cyber Security

Reading Time: 3 minutes

With daily breaches impacting business operations and security, it’s easy to forget about the good ways that cyber security keeps us safe behind the scenes. This holiday season, we’re giving thanks to cyber security and all that it does to make our lives easier and more secure with what we’re calling Operation Gratitude (inspired by our Project Ares missions, uniquely titled “Operation Goatherd” or “Operation Desert Whale”). #OperationGratitude is a rally cry for security professionals and business leaders to remember the positive aspects of cyber security and share those positive thoughts with each other. Too often we live in fear from cyber attacks and persistent threats, and while, there is always cause for concern, we must remember how advances in the field have equally made aspects of our digital life easier. We’re thankful for these advances in cyber security:

  1. Two-factor authentication – This tool helps to keep you secure by requiring two different credentials before allowing you to gain access to sensitive information online. One example of this would be when you log in to check your bank statements and it prompts you to not only enter your username and password, but also to check your phone and enter a verification code that was texted to you. You will normally see this security precaution used when logging into an account from a new device. The great part about it is, it’s widely known and used by everyone from CISOs to high school kids.
  2. HTTP(S) – You’ve likely seen this appear when visiting a URL online, usually showing up just before the “www” and website name. Http means HyperText Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web, which defines how messages are formatted and transmitted, and what actions web servers and browsers should take in response to various commands. The “S” is for security, and this little letter means that all communication between your browser and your website is encrypted for your protection. This means that sites utilizing https are prioritizing your safety while performing sensitive transactions online!
  3. Personal digital responsibility – These days the average consumer is more connected than ever. With our lives relying on smartphones, computers, tablets, and a multitude of IoT devices, we are entrenched in cyber every single day. This reliance requires us to practice personal digital responsibility, or often called digital citizenship—that is, the ability to participate safely, intelligently, productively, and responsibly in the digital world. Just because we are more connected does not necessarily mean that we are more aware of cyber risks, however, initiatives such as Cyber Security Awareness Month (in October) are helping to increase awareness by promoting cyber citizenship and education. Circadence is proud to contribute to the security awareness and digital responsibility effort with the soon-to-be-available inCyt, a security awareness game of strategy that helps bring cyber safe practices into the workplace and cultivates good cyber hygiene for all (and you don’t have to be a technical expert to use it).
  4. Corporate security awareness trainings – Given that 25% of all data breaches in the U.S in 2018 were due to carelessness or user error, it is critical for companies of all sizes to engage their employees in persistent cyber training. Thank goodness there is an increase in organizations such as the National Cyber Security Alliance (NCSA) that provide risk assessments and security training to organizations across the U.S.
  5. Increased security collaboration – With more than 4,000 ransomware attacks alone occurring daily, no one business can mitigate the increasing amount of cyber risks present in today’s threatscape. It is more important than ever for businesses to share knowledge from breaches they have experienced and stand together to fight cyber crime, which is exactly what they’re doing! Nowadays these partnerships are being formed not only to share information, but to conduct live fire cyber readiness exercises. One such initiative is DHS’s National Cybersecurity and Communications Integration Center(NCCIC) – a 24/7 cyber situational awareness, management and response center serving as a national nexus of cyber and communications integration for the federal government, intelligence community, and law enforcement. The NCCIC also shares information among public and private sector partners to build awareness of vulnerabilities, incidents, and mitigations.

So, as you prepare your Thanksgiving meal from recipes pulled up on your tablet, with holiday music playing from your smart phone, and timers set by Alexa to ensure the juiciest turkey and tastiest pies, remember to give thanks for cyber security. We certainly are!

 

Photo by Simon Maage on Unsplash
Photo by Pro Church Media on Unsplash

28 Bits and Bytes About Cybersecurity Careers You (Probably) Didn’t Know

Reading Time: 3 minutes

According to a report from ProtectWise and Enterprise Strategy Group, only 9% of millennials said they are interested in pursuing a cybersecurity career at some point in their lives. Much of the reasoning behind the low percentage of cybersecurity professionals is due to lack of awareness around cyber. Many are aware of other computer-related fields including video gaming, engineering and IT but “cyber” never quite rises to the top of the list during career path conversations with aspiring professionals.

To bring cybersecurity to the surface as a strong and lucrative career option for young professionals, we’ve taken the liberty to share some fast facts and fun things about the industry.

Fast Facts About the Cybersecurity Industry

·     The market is expected to grow to over $300 billion by 2024 according to a report from Global Market Insights

·     The demand to fill cyber jobs is great – over 300,000 cyber positions are available in the U.S alone

·     There are 33 distinct areas of cybersecurity work according to NIST/NICE

·     The national average career salary is $93,000 (on the low end) for a security-related position in the U.S. according to the Robert Half Technology’s 2019 Salary Guide

·     Earning cyber certifications like CompTIA Security + Certification and Certified Information System Security Professional is highly regarded and respected amongst prospective employers (impress the hiring manager and prove your value)

·     Information security jobs are expected to increase by 32% through 2028 according to the Bureau of Labor Statistics

Technical Abilities and Knowledge Needed for the Cybersecurity Industry

·     IT fundamentals like system and web application administration

·     Coding skills (C, C++, Java, Python, Ruby, Perl, PHP)

·     Understanding network architecture, administration and operating system functionality, policies, performance, and features

·     Database knowledge from permissions access to structure to storage security

·     Understanding of how attackers operate and function

·     Foundational understandings of things like risk management, networking basics, toolkit maintenance and situational awareness of what’s happening in the industry today

Professional Skills Needed for the Cybersecurity Industry

·     Leadership – Call the shots alongside a team of cyber pros to build decision-making skills

·     Communication – Articulate what and how threats need to be mitigated to teams

·     Analytical thinking – Reflect and continuously learn the hacker mindset to grow your understanding of why and how attacks happen

·     Passion for learning and developing skills – Learning never stops as long as technology keeps advancing. You’ll find new ways to secure assets and data with every keystroke and software update

·     Determination – You’ll want to protect critical assets just as your own PII is at stake (imagine having your own bank account hacked and wanting to do something proactive about it)

·     Collaborative – You’ll likely work alongside a crew of cyber enthusiasts, and will need to work in harmony in order to keep security posture hardened

·     Writing – Developing reports to roll up to your security and business supervisor will require stellar writing skills so they can understand the technical jargon in laymen’s terms

The Benefits of a Cybersecurity Career

·     You’re never bored—there’s always an attacker to stop or a vulnerability to assess

·     You get to learn about and use cutting-edge technology

·     There’s always a new challenge to tackle (and if you’re a problem-solver, this is fun!)

·     You’ve likely got job security as positions like information security analysts and penetration testers are in demand in every industry

·     You can advance in your expertise as a professional (there’s no limits to moving up the ladder or laterally across it to grow in knowledge and abilities)

·     Remote work in cybersecurity is prevalent as cloud-based services and VPNs are expected parts of how companies operate today—you can live and work anywhere

·     A cyber career straddles both public and private sectors, so you can have the benefits either division brings based on your professional preference

·     Increasing your value in cyber is easy with persistent training platforms like Project Ares that can complement degree programs and virtual, online courses

·     Recruiters will look for candidates on LinkedIn so if you think you’ll have a sweet gig out of college or your school training, just wait. Google might call. No, seriously.

Getting a job in cybersecurity doesn’t have to be an intimidating process. If you haven’t been taught the basics and/or are looking to change careers for something different, launching a cybersecurity career can start with basic learnings that lead to more formal training, certifications, and skills development. And there are several online resources for developing security competencies that are free or at minimal cost. These can be complemented with cyber range training to expedite learning to land the cybersecurity job you want.

In addition to your own search about how to start a cyber career, NIST/NICE is kicking off National Cybersecurity Career Awareness Week (November 11-16, 2019) by asking for commitments from businesses and professionals: commitments to promote the awareness and exploration of cybersecurity careers via event hosting, sharing materials on social media or distributing creative assets. Be on the lookout for these businesses sharing important details about job postings, hiring in their own company or distributing materials and advice to help career searchers learn, grow, discover, and thrive in this dynamic industry.

Happy cyber career searching!

Photo by Danial RiCaRoS on Unsplash
Photo by Fabian Grohs on Unsplash

Will Artificial Intelligence Replace Cyber Security Jobs?

Reading Time: 2 minutes

The cyber security workforce gap continues to grow, and the availability of qualified cyber professionals is predicted to decrease in the coming years. In fact, a Cyber Security Workforce Study from the International Information System Security Certification Consortium predicts a shortfall of 1.8 million cyber security workers by 2022. Some resources claim upwards of 3.5 million within the next two years too. While this can feel like impending doom and gloom for the industry, AI, or artificial intelligence, can help to quell the concerns while empowering existing cyber workers.

While many other industries have seen robotic systems replacing the need for human workers, this doesn’t appear to be the case in cyber security. Humans are able to accomplish more when supported by the right set of tools. Allowing AI to support and react to human behavior allows cyber professionals to focus on critical tasks, utilize their expertise to analyze potential threats, and to make informed decisions when rectifying a breach.

How? AI can do the legwork of processing and analyzing data in order to help inform human decision making. If we were to rely completely on AI to manage security risks, it could lead to more vulnerabilities because such systems have high risks for things like program biases, exploitation, and yielding false data. Nevertheless, if utilize and deployed correctly for cyber teams, AI has the ability to automate routine tasks for processionals and augment their responsibilities to lighten the workload.

Learn more about AI’s role in cyber security professional training in our on-demand webinar!

So, is AI going to take over the jobs of seasoned cyber pros? The answer is no; however, AI will drastically change the kinds of work cyber engineers are doing. In order for IT teams to successfully implement AI technologies, they will need a new category of experts to train the AI technology, run it, and analyze the results. While AI may be great for processing large amounts of data or replacing autonomous manual tasks, it will never be able to replace a security analyst’s insights or understanding of the field. There are some data points that require a level of interpretation that even computers and algorithms can’t quite support yet.

AI can help to fill the workforce gap in the cyber security sector, although it may create a need for new skillsets to be learned by humans in the industry. AI and the human workforce are not in conflict with one another in this field, in fact, they complement each other. Thefuture is bright for AI and humans to work in tandem at the front lines of cyber defense.

For more information, check out our white paper on AI and gamification!

 

DOWNLOAD WHITEPAPER

Photo by

Christian Wiediger on Unsplash
Photo by Mimi Thian on Unsplash

 

Why Cyber Security is Important for Higher Education Institutions

Reading Time: 3 minutes

It might surprise you to know that the education industry is a prime target for malicious hackers. While threats in this sector are on the rise, many education institutions are not prepared for a cyber attack nor do they know how to recover from one. In fact, there were 122 cyber attacks last year at 119 K-12 public education institutions, averaging out to an attack every three days. A 2018 Education Cyber Security Report published by SecurityScorecard also found that of 17 industries, the education sector ranked dead last in total cyber security safety. Schools are leaving themselves open to student and faculty identity theft, stolen intellectual property, and extremely high cost data breach reconciliation. In fact, a study done by the Ponemon Institute shows the average cost of a data breach in the education sector is $141 per record leaked.

This industry faces some unique cyber security challenges:

  • Historically, this industry is based on the free exchange of information, i.e the philosophy that information should be readily available to all. The use of computers and internet in education has allowed information to be stored and accessed in many different ways, creating vulnerabilities in storage, network security, and user error which leaves systems susceptible to hacks.
  • Students and staff may have limited technical skills and prowess to know how to stay safe online.
  • Online education systems are highly distributed across multiple schools in a district or across state lines, making it easier to infect one system to gain access to all.
  • Computer systems used by schools often lack a single application, or “source of truth” to safely manage student and employee identities.
  • There’s a significant change in the user population every year due to students graduating and new students enrolling, making it difficult to track who is using certain resources and who has access to them.
  • Remote access is often required, with students and parents accessing systems from home computers and smartphones. When you access an online resource repeatedly from potentially vulnerable or unsecure networks, it creates more opportunity for hacks.

So how can educational institutions better protect themselves against looming cyber threats?

  • Shift the focus to prevention instead of mitigation – by making the focus on securing data before an attack happens rather than after, organizations will be better prepared to protect students and staff against a breach.
    • IT directors and security operators within educational institutions would be wise to consider persistent training solutions for their teams to optimize existing cyber skills so they don’t go “stale” after a period of time.
    • Likewise, perform a security audit and work across departments to understand all the digital systems in place (financial, teacher, student portals, etc.) and where vulnerabilities might exist.
    • HR departments of institutions should consider updating or adopting employee security awareness training to ensure every education-employed professional working on a computer understands the basics of cyber security and how to stay safe online.
  • Minimize internal threats – Verizon’s 2019 Data Breach Investigations Report found that nearly 32% of breaches involved phishing and that human error was the causation in 21% of breaches. Proper and continued training and awareness around security issues is key in preventing possible attacks.
  • Make cyber security a priority in IT budgeting – Schools and other educational institutions need to recognize the growing cyber threatscape and prioritize allocating funds to training tools, IT teams, and continued education for internal staff.

Circadence is here to help. Our immersive, gamified cyber learning platform, Project Ares, can help ensure that your cyber team is ready to defend against malicious attacks, and our inCyt product (coming soon!) will keep everyone else in your organization up to snuff on cyber defense and offense. We pair gamification with prolonged learning methods to make learning and retaining cyber security tactics simple and fun for all. Don’t let your institution and students be next in line for a breach–think inCyt, and Project Ares when you think cyber security for the education sector!

If you’re still looking for more information on education and cyber security, check out these handy references:

DOWNLOAD WHITEPAPER

Photo by Vasily Koloda on Unsplash

Trick or Cyber Treat? How Quickly Hackers Use Your Information

Reading Time: 2 minutes

We’re getting in the Halloween spirit (with a cyber security spin of course)! We started wondering about the mysterious (or not-so-mysterious) world of hacking.  We wondered just how frightfully easy it might be to gather intel from social platforms with minimal prerequisite knowledge.

To that end, we did a little experiment in an attempt to understand the hacking process. We asked ourselves…

  • What details can hackers find about us online?
  • Are there enough details out there for a hacker to really manipulate us?

Are we “sharing too much” as a population committed to living our lives on social media?

To answer these questions and learn if we’re just asking to be tricked or if what hackers can find out about us is really their treat to exploit…[insert gloomy music here], we simulated an online  “stalking” exercise.

<< See this cool graphic to your left or read below for the simple steps we took to find personal details of someone online.

  • Identify a known person you want to learn more about
  • Go to the ol’ Google to dig up articles and social profiles about that person
    1. Easily obtain properties like their full name, interests, employer, etc.
  • Search their social accounts in greater depth to find:
    1. Their interests and passions
    2. Their work history
    3. Education level
    4. Birthday
    5. Previous co-workers and friends
    6. Geographic residence
    7. Links to their Instagram profile (for visual data)
    8. Pet’s name
    9. Marital status
  • Search through their friend list on Facebook, connections on LinkedIn, or followers on Twitter to isolate any missing social profiles or details on the person
    1. Find their hometown, family members, and political/religious views

So gosh.  This turned out to be a frighteningly straightforward path to take to find intel on someone….even if some of their social accounts are private!  And, you might be shocked to know that it took us less than an hour to discover enough information about a random person.

So what might a hacker do with the intel like what we just dug up? They use the information to manipulate us and make us vulnerable to an attack.

  • A hacker might craft a Twitter message asking about this person’s pet or commenting on the weather in her place of residence to start a conversation.
  • A hacker might name drop her former co-worker as a “friend” of ours and thereby “established a connection.”
  • A hacker might have contacted the persons parents or a friend claiming we were associated with individual’s previous employer to get his/her phone number to call them.
  • The TRICKS are endless!

And it can happen fairly quickly. Are you surprised?

There’s good news here though. While we did learn from this exercise that what we each choose to share online is, indeed, asking to be tricked by hacker, the fact is WE have some control of what information is “out there”.  Hackers LOVE any data they can use about our interests and personal information to gain access to something they want (e.g. bank accounts, social security numbers, credit cards, etc.); but we can limit our personal information and lock down our profiles to minimize how much intel is out there to start with.

Photo by Ehud Neuhaus on Unsplash