Metanav

Tag Archives | cyber attacks

Cyber Security Talent Shortage: How to Solve It

Solving Cyber Security Talent ShortageA recent report from Cybersecurity Ventures and Herjavec Group predicts that there will be 3.5 million unfilled cyber security jobs by 2021. (Forrest, 2017) While cyber security job openings continue to grow, there simply aren’t enough people who have the skills to do these jobs. This puts us all at risk, as cyber criminals become increasingly sophisticated and Internet of Things (IoT) devices proliferate. The need for security professionals is fast reaching a crisis point, and it is necessary for us to consider how to solve the cyber security talent shortage.

The diversity of the cyber security workforce is one area for focus. Currently, women make up only 11% of the cyber security workforce. Blacks, Hispanics, and Asians represent less than 12% of the cyber security workforce. This number needs to increase in order to meet the growing need for cyber security professionals, and to eliminate the cyber security talent shortage. In order for this to happen, a diverse group of young people must be encouraged to pursue STEM careers from a young age. (Eide, 2017) Girl Scouts of the USA has recently released a cyber security badge, which is one way to get girls interested. IEEE and Cricket Media, Inc. have also just announced a partnership called TryEngineering Together to encourage 3rd – 5th graders in under-resourced areas to consider STEM careers in the future.

Now is also an excellent time for those that wish to enter or re-enter the workforce to consider cyber security as a career choice. In order to address the cyber security talent shortage, many people will need to consider cyber security training in order to meet the growing needs of the field. IEEE, for example, offers training in both Cyber Security and Ethical Hacking, to help people gain the foundational skills they need to enter this growing market.

Most importantly, we must remove the stigma that states that computing is a male-only field. It is critical for the well-being of our networks, our devices, and our personal information that this cyber security talent shortage be addressed…and solved…before it become insurmountable.

Click here to view Cyber Security courses from IEEE.

 

Resources

Eide, N. (Oct 2017).  How the Cybersecurity Industry Can Close the Growing Skills Gap. CIO Dive.

Forrest, C. (Oct 2017). Shark Tank’s Herjavec tells how to get one of 3.5M cybersecurity jobs that will be open by 2021TechRepublic.

Continue Reading 0

Should the Government Regulate IoT Devices?

Should the government regulate IoT devices?As security concerns rise about Internet of Things (IoT) devices, so does the debate about the necessity of government regulations. Should the government regulate IoT? Many Internet of Things devices on the market today have little to no security built in, which can compromise the privacy and even personal security of consumers.

Many consumers today are not (yet) clamoring for more regulation. A lot of them do not realize that their smart devices may be compromising their privacy in significant ways. Yet there is a growing concern from those in government and industry that something must be done. The question is, however, whether more secure devices will arise through government regulations imposed by governments that are often hacked themselves, or by the Internet of Things industry itself.

Should the government regulate IoT?

Proponents of government regulations see the following benefits to having the government regulate IoT devices:

  • Standards applied to every device that help to protect the security of consumers
  • Requirements for patches that take new security concerns into account

Opponents take a different view. Should the government regulate IoT devices, they are concerned about:

  • Regulation and bureaucracy stifling innovation
  • Expensive regulations eliminating smaller companies, reducing consumer choice and competition
  • The government lacks the expertise to effectively regulate these devices

What are lawmakers doing today?

Several countries are already proposing regulations related to this issue. For example, in Australia, lawmakers have proposed a certification for IoT devices with requirements such as:

  • Changeable, non-guessable, non-default passwords
  • Not to expose ports to the wider internet
  • Software updates to fix known vulnerabilities

In the United States, lawmakers are working on a bill related to devices purchased by the federal government that includes requirements such as:

  • Devices must be patchable, rely on industry standard protocols, and be built without hard-coded passwords and known security vulnerabilities
  • Alternative network-level security requirements for devices with limited data processing and software functionality
  • Cybersecurity coordinated vulnerability disclosure policies will be required of all contractors that provide connected devices to the U.S. Government

It is essential that Internet of Things devices become more secure in order to protect consumers, governments, and organizations alike, while complying with international data privacy regulations. Whether that is done through government regulation or industry self-regulation remains to be seen. Likely it will be a combination of both. As consumers and organizations alike become more aware of the security risks of IoT devices, the market demand for more secure devices will grow, increasing the supply in a market-driven economy. Likely we will see the government regulate IoT devices, while the market demand increases.

What do you think?

Should governments regulate Internet of Things devices? Or can the industry self-regulate? Please share your thoughts in the comments.

And if you’d like to learn more about the Internet of Things, check out our newest course program: IEEE Guide to the Internet of Things.

 

References:

List, J. (2017, 16 Oct). Aussies Propose Crackdown on Insecure IoT Devices. Hackaday.

Corsec. (2017, 27 Sept). IoT Security Facing Government Regulation. Corsec blog.

Thierer, A. and O’Sullivan, A. (2017, 12 June). Leave the Internet of Things Alone. US News & World Report.

Thomson, I. (2017, 15 Feb). You Know IoT Security is Bad when Libertarians Call for Strict RegulationsThe Register.

Continue Reading 0

Corporate Hacking: Are You a Target?

Corporate Hacking: Are you at risk?Corporate hacking stories are a staple of the news. Whether a small business or large international corporation, if you use the internet to do business, you are susceptible to having your network hacked, customers compromised, and your reputation ruined.  How can you protect yourself from being a target of corporate hacking? Sometimes it is just about being proactive, and thinking smart.

Here are five strategies to defend against corporate hacking:

  • First, Think Passwords: Are yours strong and unique? Do you change them often? Usually, a hacker steals passwords. By regularly changing yours, you make it harder for hackers to use stolen data. If the hacker doesn’t have access to stolen passwords, they will try combinations of easily guessable alternatives.   There are ways to make cracking your passwords more difficult, including using spaces and characters in your password and increasing the length. And whenever possible, use Two-Factor Authentication, which adds another layer of security. (2017, Symantec)
  • Second, Look at web URLs:   Your information is not encrypted if you do not see an “s” after the “http.”  Encryption is necessary for any business, especially when financial transactions, credit card information, or other critical data is shared.
  • Third, Software Updates:   Keep abreast of the updates pushed out by software providers.  They are created to counter software flaws.  Updates, also known as patches, are developed and pushed to users for upload.  It is important to keep up with the updates in order to stay ahead of malicious hackers who could use the flaws to hijack your system.
  • Fourth, Encrypt, Encrypt, Encrypt:  Use road blocks to make it difficult for your corporate information to be collected and shared.  Encrypting data is key to this process. Learn more about how to encrypt files in this post from Lifehacker.
  • Fifth, Employ White Hat Hackers:   Sometime you need to have someone on the inside working to find the cracks in your armor.  Employing cyber security specialists, or training your existing employees in ethical hacking techniques, can wind up saving your company money in the long run. After all, cyber attacks can be incredibly expensive. Finding and patching the vulnerabilities yourself costs a lot less.

These are just a few of the many steps your company can take to make doing business more secure in the digital age and help build a defense against corporate hacking.   One last tip: education.  Stay ahead of trends by constantly educating your employees on best practices.

Why not learn more about cyber security and ethical hacking?

Check out the IEEE online course programs: Cyber Security for Today’s Environment and Hacking Your Company: Ethical Solutions to Defeat Cyber Attacks. These courses provide you and your employees with the foundation you need to put a sensible cyber security strategy in place for your organization.

 

Resources

Nixon, Sam. (2017, September 8). Are you an easy hacking target? Cybersecurity tips for small business. The Guardian.

Symantec. (2017). How to Choose a Secure Password. Norton Security Center.

Continue Reading 0

Tips for Cyber Security Awareness Month

Are you #CyberAware? Cyber Security Awareness MonthAre you #CyberAware? October is Cyber Security Awareness Month. It’s a great time to review the online security practices you use at home, as well as at school or at work. When we all work together to prevent cyber attack, the internet as a whole can get safer.

Individuals can protect their computers and networks by following some of these simple tips:

  • Apply patches and updates as soon as they are available. Sure, it can be annoying to continually run updates on your computer. But take a lesson from the massive WannaCry attack. It took advantage of a system vulnerability in the Windows operating system. Updating Windows prevented the attack. Yet many outdated computers were affected for lack of an upgrade. (2017, Saito)
  • Never click on links that seem suspicious. Sometimes the email may be from someone you know. But if it doesn’t feel right, it probably isn’t. When in doubt, reach out to the person who sent you the link another way to make sure the link is legitimate before clicking.
  • Practice good password hygiene. Make sure your passwords are long, use a combination of symbols and letters, and are changed frequently.

In addition to the above tips, businesses should also keep in mind the NIST Security Framework. This framework includes:

  • Identify
  • Protect
  • Detect
  • Respond
  • Recover

Learn more about the framework, and how to apply each of these steps for your business, at StaySafeOnline, powered by the National Cyber Security Alliance.

Everyone needs to do their part to prevent cyber attacks, and Cyber Security Awareness Month is a great time to start. The number one key is to educate yourself on the tricks cyber criminals use, so you can defend against these attacks.

Ready to learn more about cyber security, or even considering a cyber security or ethical hacking career? Check out the IEEE online course programs: Cyber Security for Today’s Environment and Hacking Your Company: Ethical Solutions to Defeat Cyber Attacks. These courses will give you a solid foundation in the basics of cyber security to prepare you to defend your company’s network from cyber attack.

How do you defend against cyber attack? Please share your tips in the comments below.

 

References

Saito, W. (2017, May 18). 9 Ways to Stay Safe from Cyber Attacks.  World Economic Forum.

Stay Safe Online powered by the National Cyber Security Alliance. (2017) https://staysafeonline.org/

Continue Reading 0

Medical Device Cyber Security is Essential

medical device cyber security

No one wants to imagine that their pacemaker or insulin pump can be hacked when their life depends on the proper functioning of these medical devices. However, a recent Ponemon Institute survey discovered that 67 percent of medical device manufacturers and 56% percent of Healthcare Delivery Organizations (HDOs) think an attack on a medical device in use is likely to occur over the next 12 months (2017 Trip Wire). That information provides an added layer of anxiety for patients, medical providers, and manufacturers, and makes medical device cyber security more important than ever.

There is good news, though. In the last 5 years, healthcare providers and manufacturers have made an effort to include cyber attacks in their contingency plans, and put into place resources to mitigate a potential breach. (2017 TripWire)

These well designed security plans for medical device cyber security include:

  • Dedicated budget for cyber security
  • Cyber security professionals included in the staffing headcount
  • Risk assessments regularly performed by healthcare providers
  • Regularly conduct penetration testing
  • Security awareness and training programs made available
  • And much more…

The US Food and Drug Administration has been making inroads to mitigate any potential attacks with updates to security measures and by seeking to formalize guidelines. As with all guidelines, they do not have to be followed. However, if a provider adopts the recommendations, medical device cyber security can be improved, making the industry and the patient less apprehensive. (2017 TripWire) Not to mention the fact that the provider can use these security measures as a competitive advantage.

Want to learn more about cyber security and how it can affect the healthcare industry? IEEE offers both cyber security and ethical hacking training to help corporations prepare. Learn more about institutional pricing and request a quote here.

References

Newman, L. (2017, March 2) Medical Devices Are the Next Security Nightmare. Wired

(2017, August 27) Highs & Lows of Cyber Security in Healthcare. TripWire

Continue Reading 0

10 of the Largest Corporate Hacks in Recent History

Corporate hacks and cyber attacks directed at organizations large and small have increased in both frequency and severity over the past few years, affecting billions of consumer accounts and costing companies from tens to hundreds of millions of dollars. Yet while the news continues to provide a steady stream of coverage detailing large-scale corporate hacks across all industries, cyber security remains underfunded by many organizations.

The timeline below highlights 10 major organizations hit by significant data breaches over the past five years. Although by no means an exhaustive list, these attacks serve as stark reminders of the importance of preventative measures to ensure cyber security.

10 of the Largest Corporate Hacks in History Infographic

Is your organization prepared to handle a cyber attack? Are you looking for ways to strengthen your organization’s cyber security? IEEE offers both cyber security and ethical hacking training to help organizations prepare. Learn more about organization pricing and request a quote here.

Reference:

Roberts, J. & Lashinsky, A. (2017, June 22). Hacked: How Business Is Fighting Back Against the Explosion in Cybercrime. Fortune.

Continue Reading 0

Easy Ways to Improve Your Organization’s Cyber Security

Easy Ways to Improve Cyber Security from IEEEThe Internet touches almost all aspects of everyone’s daily life, according to the US Department of Homeland Security. However, with access to so much information comes an increase in cyber-attacks that can affect people and companies on a global scale. In 2016, there was a 38% increase in phishing security attacks year over year according to a report produced by PricewaterhouseCoopers. The techniques that attackers use is also evolving, with attacks that continue to affect more computers and devices than ever before. (2017 Revision Legal) Every organization wants to improve cyber security, but the prospect can sometimes seem overwhelming.

The news in 2017 has been equally daunting with reports of serious cyber breaches that effect individuals and companies. Some of the more serious instances include a recent security breach to credit-reporting agency Equifax, a Gmail phishing campaign, US IRS data breach, and the British health system shutdown that affected administering medical attention to patients all over the UK.

With such widespread attacks, how do you protect yourself? How do you protect your company?

Sometimes it is the most basic steps that will improve cyber security for your organization, and make it harder for the hackers to be successful. (2017 Wired)

  • Training
    • Stay sharp on techniques hackers are using. Training will help you identify and avoid the traps and improve cyber security.
  • Always Think Before Clicking
    • Sometimes it is as simple as trust your gut. Many times, we notice something that bothers us, but we cannot identify what it is. Always trust your instincts. If it does not feel right, do not click on the link or open that email.
  • Consider the Source
    • Have you received information from this sender before? Is the offer too good to be true? Sometimes taking a few moments to read the full email address or researching who the sender is will help you sidestep a pitfall.
  • Use Security Back-Ups
    • Take advantage of security options when available like enabling multi-factor authentication on accounts, using a password manager or other system to help in maintaining strong passwords, and backing up your data.

October is National Cyber Security Awareness Month. Why not use this as an opportunity to have your staff become more aware of their cyber surroundings and in turn protect themselves and the company as you improve cyber security throughout the organization.

Does your organization need cyber security training? IEEE offers both cyber security and ethical hacking training to help organizations prepare. Learn more about organization pricing and request a quote here.

References

(2017, Aug 11) National Cyber Security Awareness Month. US Department of Homeland Security.

Newman, L. (2017, Mar 19) Phishing Scams Even Fool Tech Nerds—Here’s How to Avoid Them. Wired.

DiGiacomo, J. (2017, Jun 21) 2017 Security Breaches: Frequency and Severity on the Rise. JD Supra.

Continue Reading 0

The Prescription Healthcare Needs Now: Stronger Cyber Security

The Prescription Healthcare Needs Now: Stronger Cyber Security from IEEE Educational ActivitiesIf anyone in healthcare technology was feeling sleepy earlier this year, now they must be wide awake. The WannaCry and NotPetya attacks that struck multiple hospitals and healthcare systems within the past few months serve as glaring warnings of the growing cyber threat landscape, along with the costs at stake. While cyber threats are not new, they are not diminishing either. Instead, cyber attackers are working relentlessly to stay ahead of the cyber security curve, eager to thwart hospitals’ defenses by exploiting some weakness that has yet to be patched.

Why is the healthcare industry such a prized target? According to IBM, cyber criminals can use the vast amount of personal information within health records for medical identity theft and fraud, and most healthcare systems are slow to update their cyber security (Zorabedian, 2016). Sophos found in their survey that less than a third of healthcare organizations reported extensive use of encryption, and about a fifth don’t use encryption at all. Yet the hospitals lacking encryption are not the only ones that need to shape up; they share the responsibility with doctors’ offices, insurance companies, and even private employers, who have also been guilty of not encrypting employees’ or clients’ private healthcare information (Zorabedian, 2016).

Aside from implementing more widespread encryption, hospitals need to bolster their defenses by increasing cyber security awareness, adopting more advanced technology, and securing shared networks (Alton, n.d.). These solutions are not without challenges, however, as most hospitals have limited financial resources to dedicate to more personnel or cyber security tools (Calyptix, 2017). Nevertheless, all healthcare staff has a role to play in strengthening their organization’s cyber security. With lives at stake, the risks of lax cyber security are far too great to ignore.

Interested in cyber security training for your organization’s technical professionals? Check out IEEE’s course, Cyber Security Tools for Today’s Environment.

References:

Alton, L. (n.d.). Why the healthcare industry is behind on cyber security. ISACA.

Calyptix. (2017, Jun 13). 10 biggest problems in healthcare cybersecurity. Calyptix Security.

Zorabedian, J. (2016, Apr 26). Why cybercriminals attack healthcare more than any other industry. Naked Security by Sophos.

Continue Reading 1

Three Reasons Why Latin America is Under Cyber Attack

Three Reasons why Latin America is under Cyber Attack from IEEE Innovation at Work

Latin America is under cyber attack. Cyber attacks are on the rise globally, but Latin America is seeing more than its fair share.

According to an Eset Latin American Security Report (2017), the number of reported ransomware cases grew 131% in 2016. In Brazil alone, cyber attacks increased 197% in 2015, and a survey of Brazilian companies revealed that one-third had experienced a cybercrime (Trend Micro).

Why is Latin America experiencing such a significant jump in cyber attacks? Like the rest of the world, the number of people gaining access to Internet-connected devices in Latin America is growing. Unlike the rest of the world, however, several particular issues have been hampering the development of Latin America’s cyber security defenses (Lavinder, 2016). Below are three main reasons:

  1. There are few coordinated defense mechanisms. Many Latin American countries are beginning to develop Cyber Emergency Response Teams (CERTs) and Computer Security Incident Response Teams (CSIRTs) to handle attacks, but few countries have been found to have an intermediate level of preparedness.
  2. Public awareness is lacking. Many Latin American countries have not yet publicized the dangers of the Internet. Private industries also frequently believe that they are not targets, so they have not made preventative programs a high priority (Lemieux). Several countries have recently adopted national strategies on cyber security to improve public awareness though, and several others are making progress.
  3. There is a disconnect between public and private industries. According to leading cyber security experts, stakeholders have yet to develop enough trust to collaborate, and most Latin American countries are missing reputable clearinghouses or brokers of authoritative information to allow the establishment of formal information-sharing mechanisms. Businesses also often fear that reporting cyber attacks to the government will lead to penalties of a loss of consumer confidence (Contreras).

It is increasingly clear that Latin America is under cyber attack. The need for Latin America to address these issues and build up cyber security defenses is now more urgent than ever. Despite the existing challenges, a comprehensive approach to cyber security, including training for every network engineer, can help to protect organizations from cyber attack.

IEEE can help meet this need: click here to learn more about cyber security training from IEEE.

References:

Lavinder, K. (2016, April 29). Latin America: The New Frontier for Cyber Attacks. The Cipher Brief.

McAfee report Net Losses: Estimating the Global Cost of Cybercrime.

Inter-American Development Bank, Organization of American States, Global Cyber Security Capacity Centre at the University of Oxford. (2016). Cybersecurity: Are We Ready in Latin America and the Caribbean?

Continue Reading 0

How to Strengthen Your Organization’s Cyber Security

Strengthen cyber security for your organization with cyber security training from IEEE

How prepared is your organization to manage a cyber attack? Do you need to strengthen cyber security for your organization?

According to a recent report from ISACA, a professional association focused on IT governance, many security leaders anticipate a cyber attack on their organization in the near future, but few feel prepared enough to handle it because of constantly evolving threats (Van Wagenen, 2017). The report notes that dwindling resources, slow budget growth, increasingly hostile threats, the evolution of the Internet of Things, and expanding ransomware are major reasons why it is becoming more difficult to keep up with the changing threat landscape. Such reasons highlight the need for strong leadership and resource commitments to cyber security.

Do you want to strengthen your organization’s cyber security? Kevin Goodman makes the following suggestions in this article:

  • Develop and implement incident management, threat audit assessment, and potentially even “war games” or table-top exercises.
  • Search for vulnerabilities, focusing on what is available and valuable to hackers.
  • Run regular scanning and penetration tests on network.
  • Review and practice social engineering policies.
  • Know which branches of law enforcement to contact should you suspect an issue.

Also, to strengthen cyber security, make sure your basics are covered with zero tolerance firewall, intrusion detection/protection, anti-virus, VPN, encryption, password hygiene and dual authentication access control. Other technologies and tools are available to support efforts in cyber defense such as predictive analytics, threat intelligence, and connecting with a Security Operation Center as well. Avoid costly technical investigation and brand damage that a data breach will likely bring by learning how to prevent and quickly detect potential threats.

For more up-to-date information on how to strengthen cyber security and protect enterprise networks from potential threats, check out IEEE’s new course, Cyber Security Tools for Today’s Environment.

Read more about ISACA’s Cyber Security report in Juliet Van Wagenen’s article here.

References:

Goodman, K. (2017, April 17). Cyber maturity will help ensure cyber security. Crain’s Cleveland Business.

Van Wagenen, J. (2017, June 7). 5 key takeaways from ISACA’s cybersecurity report. Associations Now.

Continue Reading 0