In search of cybersecurity deputies
Cybersecurity jobs are in high demand in the Badger State, and a workforce shortage coupled with increased cyberthreats ensures they will be for some time.
(page 2 of 2)
Hacking in the early ’90s was often done “for sport,” or as hacktivism, notes Koziol. Sensitive data was largely stored offline, so the rewards of a successful hack were much lower. We also had far fewer news sources in the ‘90s, he says. Today, large volumes of sensitive data are stored online and there are many more news sites reporting these incidents. “While we are certainly hearing about more breaches today, it’s likely just as many breaches are undetected (or unreported).”
Koziol explains large-scale breaches usually occur due to three factors: malicious or criminal attacks (47%), system glitches (25%), and human error (28%). While most large companies have strong security protocols in place, the challenge lies in fighting the ever-evolving security threatscape. “With new malware emerging every 4.2 seconds, it’s essential companies regularly audit and update their defenses. We also recommend workforce security awareness training to help educate staff on how to avoid security threats like phishing and malware.”
One of the best things we can do to protect our information is to stay educated about security threats, adds Koziol. “This may sound overly simple, but 28% of security breaches result from human actions like clicking a link or downloading malware. Hackers know it’s much easier to hack a human than a network — this is why 60% of hackers list phishing as their preferred hacking method. Organizations should also prepare to be hacked. IT professionals should keep sensitive data encrypted, backed up, and have a good business continuity program in place in the event of a breach.”
Beyond security awareness education, machine learning is emerging as one of the most promising upcoming security defense tools, notes Koziol. Computers can analyze an overwhelming amount of user behavioral data in real time. They can look for trends and spot deviations to identify intruders. They can also register and scan for new or evolved threats instantly to keep networks secure. Still, computers aren’t a replacement for warm bodies.
“Like in any other industry, the tech industry needs qualified candidates for a variety of positions — not just the help desk and networking roles we are all familiar with,” says Koziol. “Information security is a top concern for even C-level management, so both hard and soft skills are needed to not only implement security protocols, but also communicate ramifications of security breaches and mitigate security risks.”
Koziol also notes the increased participation of law enforcement agencies in combatting cyber issues from a criminal standpoint. “As cybercrime continues to increase, we can expect to see more involvement from law enforcement. One of local law enforcement’s greatest challenges is that cybercrime often crosses jurisdictional lines. This means that a local official may generate the report, but the investigation will be under the jurisdiction of a national organization (FBI). We can expect to see growing cooperation between local and national agencies to help combat cybercrime.
“The information security industry has developed certification and training programs focused on aiding cybercrime investigations,” Koziol adds. “The IACRB Certified Computer Forensics Examiner and IACRB Certified Mobile Forensics Examiner are two relatively new certifications designed to teach professionals how to investigate cybercrime. The challenge is that cybercrime is a moving target, so educational methods must be nimble to keep up the cyber threatscape.”
Click here to sign up for the free IB ezine — your twice-weekly resource for local business news, analysis, voices, and the names you need to know. If you are not already a subscriber to In Business magazine, be sure to sign up for our monthly print edition here.