In today’s hyperconnected world, every click, code commit, and cloud deployment carries risk. Whether you’re an engineer, developer, technical leader, or staff member, cyber security is part of your job description.

October marks Cyber Security Awareness Month, a global initiative to raise public awareness and encourage individuals and organizations to protect themselves in the digital world. But cyber security isn’t seasonal. It’s an ongoing responsibility that must be embedded into our daily habits, professional practices, and organizational culture.

The Rising Stakes of Cyber Security

The digital transformation of industries has unlocked innovation, efficiency, and global collaboration. But it has also exposed critical vulnerabilities. As our reliance on digital systems deepens, so does our exposure to cyber threats.

Cybercrime is projected to cost businesses up to US$10.5 trillion globally in 2025, with estimates reaching US$15.63 trillion by 2029.

These figures reflect not just financial losses, but also reputational damage, operational disruption, and erosion of public trust.

Industries most frequently targeted include:

  • Manufacturing: due to complex supply chains and legacy systems
  • Healthcare: where sensitive patient data is a prime target
  • Finance & Insurance: where breaches can have immediate monetary consequences

Cyber security is not just for tech teams. It plays a vital role across every job function and every sector.

Cyber Security Starts With You

While headlines often focus on sophisticated hacks and zero-day exploits, the reality is that up to 98% of cyberattacks involve social engineering. That means attackers are exploiting human behavior such as phishing emails, fake login pages, and deceptive messages to gain access.

This underscores a critical truth. Cyber security is not just a technical challenge, it’s a human one.

Actions Every Professional Should Take

Cyber threats don’t wait for IT teams to respond. Every role has a part to play in keeping systems safe and resilient. Here are foundational steps every professional should take:

  • Embed Multifactor Authentication (MFA)
    Add an extra layer of protection by requiring a second form of verification beyond passwords.
  • Build Secure by Design
    Prioritize security from the start of any project or system development, not as an afterthought.
  • Maintain Regular Updates and Patch Management
    Keep software current to close known vulnerabilities and reduce exposure to threats.
  • Promote Phishing Awareness
    Train teams to recognize and report suspicious emails, links, and messages before they cause harm.
  • Apply Least Privilege Access
    Limit user permissions to only what’s necessary for their role to minimize risk.

These practices may seem basic, but they form a strong base for cyber safety.

Cyber Security Trends to Watch

As digital threats evolve, so do the strategies and priorities shaping the future of cyber security. Here are five threats professionals should keep on their radar:

  1. AI-driven attacks and defenses are becoming more sophisticated with machine learning powering both offensive tactics and protective technologies.
  2. Zero Trust Architecture is gaining traction as organizations shift toward models that verify every user and device, without assumptions or shortcuts. 
  3. Global governance efforts are accelerating, as nations and institutions collaborate to establish unified standards for cyber resilience. 
  4. Ethical considerations are moving to the forefront with transparency, fairness, and accountability becoming essential components of secure systems. 
  5. Workforce development remains critical as the global demand for  skilled cyber security professionals continues to outpace supply.

Technical professionals must stay ahead of these trends in an effort to not just to protect systems, but to shape the future of secure innovation.

Get the Training You Need With IEEE

Amid the growing threat of cyber incidents, continuous learning is essential. The IEEE Learning Network (ILN) offers a wide range of cyber security-related course programs designed for engineers and technical professionals.

In honor of Cyber Security Awareness Month, ILN is offering a 25% discount on select courses. Use promo code CSM25 at checkout before 31 October 2025 to claim your discount.

Featured courses include:

Completion earns you professional development credit and a shareable digital badge, making it easy to showcase your commitment to safe, responsible practices.

Invest in the skills that will protect you and your organization!

Could your organization be the next victim of a cyber attack? Few other technological advancements have been adopted by so many people in such a short period of time as the Internet of Things (IoT). Originally used by governments as a means of sharing information, IoT was first rolled out for mainstream commercial and consumer use in the early-to-mid 1990s. Just three decades later, it’s currently amassed 5.19 billion users globally— nearly two-thirds of the world’s population.

Defined as a global computer network enabling access to and communication with the world’s wealth of information, people, and devices, data industry expert Sean Mallon recently referred to IoT as “the most important development of the 21st century.”

The Dark Underbelly of IoT

While the Internet of Things has clearly transformed global communications, improved the speed and efficiency of information exchange for consumers and businesses alike, and impacted the fundamental way in which modern society interacts and operates, it has a dark side as well. This primarily takes the form of bad actors who capitalize on opportunities to use the technology for nefarious purposes.

Botnets

Take, for example, the use of botnets. Hackers infect these networks of private computers with malicious software. They then control the botnets remotely, directing each connected device to perform tasks without the network owners’ knowledge.

Within unsecured computers, bad actors can use botnets to deploy malware, steal personal information, and attack websites. For example, internet giants Cloudflare, Google, and Amazon Web Services narrowly avoided a disastrous attack in October 2023 when a botnet involving 20,000 computers attempted a record-large and unprecedented distributed denial-of-service (DDoS) attack on those three organizations’ websites and services.

Bad actors also use botnets as a key means of spreading misinformation. A real-life example of botnets proliferating in daily life and impacting a massive group of people was witnessed during the 2016 U.S. presidential election, when hackers used Twitter accounts to share inaccurate information that was made to appear factual and trustworthy in order to influence public opinion.

Malware

Malware– an umbrella term referring to any intrusive software that hackers develop to steal data and damage or destroy computers or systems– is yet another type of attack that can be perpetrated through IoT and any unsecured connected devices. It comes in various forms such as viruses, worms, spyware, adware, and ransomware.

Real-life examples of the threat posed by malware include what’s become known as “CovidLock,” a ransomware attack in 2020 that took advantage of people’s desire for more information on COVID to ultimately deny access to Android users’ devices unless they paid a “ransom” of US$100. In the business community, the famed “Emotet” virus in 2018 propagated financial theft of bank accounts and cryptocurrencies, resulting in damages of US$1 million to the city of Allentown, Pennsylvania and US$2 million to Chilean bank Consorcio. According to Statista, 5.5 billion malware attacks were detected globally in 2022. Experts fear that this number will only continue to grow worldwide with the proliferation of artificial intelligence (AI) tools.

Safeguard Your Company from IoT Cyber Threats

Given our global society’s ever-expanding use of the Internet of Things and connected devices, along with the growing sophistication of tools employed by hackers, is your organization adequately positioned to help prevent cyber attacks and the damage they can inflict on your company’s financial status, brand, and reputation?

All About IoT Security, an eLearning program from IEEE, is here to help you bolster your defense against this threat.

This online program recognizes that, as Internet devices and systems become increasingly commonplace in our interconnected and digitalized society, connected devices run the increasing risk of being targeted and abused as tools to facilitate other malicious activities.

Developed by IEEE Educational Activities with support from the IEEE Internet of Things Technical Community, this six-course program provides audience members with a broad overview of IoT security, starting with malware (botnet detection and malware analysis) followed by vulnerabilities, network monitoring, setting up of testbeds, and application of blockchain in IoT security.

Specifically, learners will receive instruction on challenges and opportunities in IoT security and how IoT botnets grow their networks as well as forensics of IoT malware, taxonomy when designing an IoT system for security purposes, and the application of blockchain to the IoT. The course program is ideal for engineers in the fields of product and design, communications systems, computers, software and security, artificial intelligence and machine learning.

Interested in access for yourself? To enroll in this course, visit the IEEE Learning Network.

Connect with an IEEE Content Specialist today to learn how to get access to this program for your organization today.

 

Resources

Petrosyan, Ani. (22 September 2023). Number of Internet and Social Media Users Worldwide as of July 2023. Statista.

Mallon, Sean. (14 May 2020). IoT is the Most Important Development of the 21st Century. SmartData Collective.

(5 December 2017). What is a Botnet?. Panda.

Temming, Maria. (20 November 2018). How Twitter Bots Get People to Spread Fake News. ScienceNews.

Starks, Tim and DiMolfetta, David. (11 October 2023). The Largest Cyberattack of its Kind Recently Happened. Here’s How. The Washington Post.

What is Malware? Cisco.

Privacy By Design. Deloitte.

(4 June 2021). 11 Real and Famous Cases of Malware Attacks. Gatefy.

Panduru, Diana. (9 August 2021). 10 Malware Examples: Most Famous And Devastating Cases In History. Attack Simulator.

Petrosyan, Ani. (31 August 2023). Malware – Statistics & Facts. Statista. 

Since 2020, waves of ransomware attacks have battered both private and government sectors. To combat this, the U.S. government has released a strategy aimed at pushing federal agencies to boost their cyber security efforts. 

According to CNN, the plan aims to integrate a “zero-trust” approach to cyber security, a philosophy which dictates that a network should trust nothing outside its confines. Under this approach, federal employees will have to go through numerous layers of security to sign into agency networks. It will also require organizations to keep a complete inventory of electronic devices on their networks.

The plan, announced in a memo by the Office of Management and Budget at the end of January, comes on the heels of a cyber security executive order signed by U.S. President Joe Biden in May 2021. Agencies will have until the end of 2024 to meet these requirements. 

The U.S. government is also taking steps to secure the country’s water supply, which, according to The Washington Post, spans 150,000 water utilities. As reported by ZDNet, the Industrial Control Systems Cybersecurity Initiative — Water and Wastewater Sector Action Plan will set up a leadership task force from across the water utility industry, launch incident monitoring pilot programs, enhance information sharing, and offer technical support to water systems that need assistance. 

Survey Finds Three Major “Perception” Gaps Between Security-Focused Executives

The private sector is also taking steps to prioritize cyber security. However, according to the Global Cybersecurity Outlook 2022, which surveyed more than 120 global cyber leaders, there are some differences in how security-focused executives perceive cyber security matters within their organizations. According to the World Economic Forum, these “perception gaps” include: 

1. How much cyber security is prioritized in business decisions:
While 92% of surveyed business executives thought cyber security is “integrated into enterprise risk management strategies,” only 55% of security-focused executives agreed.

2. Obtaining cyber security support from leadership:
While 84% of respondents said cyber resilience is seen as a business priority in their organization that is supported and directed by leadership, only 68% saw it as a major component of their risk management. Many leaders charged with cyber security reported they were not being consulted on business decisions. This disconnect could become a problem that could detrimentally affect security. 

3. Recruiting and retaining cyber security professionals:
59% of respondents said it would be challenging to respond to a cyber security incident due to their teams lacking skills. As such, most respondents saw recruiting and maintaining talent as their biggest challenge. However, business executives seemed “less acutely aware” of the gap between the skills possessed by staff and the skills needed. 

Given these findings, executives should take steps to ensure they are incorporating the perspectives of their cyber security leadership in business decisions, and should also ensure they are prioritizing cyber security in all aspects of their decision making. 

Improving Cyber Security in Your Organization

Are you facing perception gaps that are hindering your cyber security practices? What are your cyber security resolutions for the coming year and beyond? Having the proper tools and systems in place can prevent data breaches and cyber crimes. As the world becomes more automated, it’s crucial for your organization to understand available cyber security measures to protect its data and devices. Cyber Security Tools for Today’s Environment, an online 11-course program from IEEE, helps businesses improve their security techniques.

Contact an IEEE Account Specialist today to get access to the course program for your organization.

Interested in learning about getting access to the course for yourself? Visit the IEEE Learning Network to learn more.

Resources

Lyngaas, Sean. (26 January 2022). White House attempts to strengthen federal cybersecurity after major hacks. CNN.

Bissell, Kelly and Pipikaite, Algirde. (18 January 2022). What you need to know about cybersecurity in 2022. World Economic Forum.

The Centre for Strategic and International Studies recently conducted a survey of IT managers and discovered that 82% of employers believe they lack cyber security skills in their organization. Out of those surveyed, 71% feel that this under preparedness causes harm to their organizations. Leveraging the latest technology might help reduce this damage. However, making sure employees understand how to protect sensitive information is key to closing the cyber security skills gap. After all, cyber security breaches can affect the company as a whole–from the company’s supply chain to the customer.

Cyber Security Shifts

As the world becomes more digital, the risk of cyber attacks increases. Organizations need to remain alert in order to avoid data breaches, distributed denial-of-service (DDoS) attacks, and ransomware. Many companies also view cyber security as a competitive advantage as consumers grow more aware of the threats their private information is facing. People want to protect their personal data, so it is crucial for organizations to make their customers feel secure when giving their information.

According to Gartner, spending on security products and services will increase to $124 billion in 2019, which is 8.7% higher than spending in the year prior. The more a company invests in cyber security, the more trustworthy they generally become in the eyes of consumers. As cyber attacks become more frequent, the demand for companies to be able to resist these attacks increases–as does the need for employees properly versed in cyber security best practices.

Cyber Security Talent Shortage

What can a company do if they currently do not have strong cyber security mechanisms in place?

  • Grow internally. Companies can improve cyber security by hiring experts or buying software to improve the company’s system. While this approach may be more difficult because of budgeting, it is often an easy way for a company to make progress more quickly toward closing their cyber security skills gap.
  • Educate. Cyber security is a team effort. All employees should be involved and educated on reducing infiltration and data breaches. The education of employees must be comprehensive and refreshed as new cyber threats are created. It is vital that companies make sure their employees are knowledgeable in how to protect the data.

A cyber attack can cost an organization up to $13 million USD. Training and education is a smart investment that requires company-wide engagement.

Improving Cyber Security at Your Organization

Having the right tools and systems in place can prevent data breaches and cyber crimes. As the world becomes more automated, it’s crucial for your organization to understand the available cyber security measures to protect its data and devices. Cyber Security Tools for Today’s Environment, an online 11-course program from IEEE, helps businesses improve their security techniques.

Contact a specialist today to get access to the course program for your organization.

Interested in learning about getting access to the course for yourself? Visit the IEEE Learning Network to learn more.

 

Resources

Smerdon, Sandra. (21 January 2020). How business leaders can close their cyber security skills gap. World Economic Forum.

cloud-security-storage-risks-cyber-attacks

Cloud security threats come in many different forms including data breaches, hijacked accounts, data loss, denial of service, and system vulnerabilities. As organizations and individuals continue to adopt the cloud, securing all of the stored information is a top priority. Companies must be aware of the risks and solutions in order to prevent serious damage.

Security Risks to Cloud Data

Data Breaches

Any data stored in the cloud is at risk for cyber-attack. From phishing to security scams, hackers are constantly developing new ways of gaining access to sensitive information. This type of attack can damage a company’s reputation and affect its market position. Furthermore, it can also lead to legal issues if customers’ personal information was released.

Access Management

Without multi-factor authentication and strong passwords, cyber criminals can easily gain access to accounts. Once they’ve hacked into one account, unauthorized users can access private information. Depending on the hacked account’s permissions, bad actors could cause a sizable data breach.

Insecure interfaces

Because your company’s API and UI are exposed to the public, having strict authentication can help ensure that cyber criminals cannot gain access. However, inadequate security leaves your interfaces vulnerable to attack. Possible consequences include jeopardized confidentiality, accountability, integrity, and availability.

Data Loss

Although many cloud providers heavily focus on security, not all attacks can be prevented. Should hackers gain access to your system, it’s possible that they could erase all of your data with the intention of ransoming it. If no backup storage is in place, your organization could face a permanent loss of data.

Hijacking

Account hijacking is a form of identity theft that involves cyber criminals using stolen information in their attacks. When this occurs, your organization can lose control of its account, data, functions, business logic, and any other dependable applications on the account. A breach of this form should be taken very seriously. It can lead to large data leaks and damage to the company’s reputation.

Insiders

While outside hackers may be the first party that comes to mind, they are not the only threat to your cloud’s security. Current or former employees also pose a risk. Because they already have access to the company’s sensitive information, a malicious insider could expose or sell proprietary information. To minimize the risk of an internal attack, it’s vital to ensure user permissions are kept up to date based on employment status.

Best Practices for Cloud Security

As more people store their information in the cloud, the risk of cyber attacks increases. With a larger pool of potential targets, bad actors are furthered incentivized to develop new schemes. Despite this, the cloud is still a worthwhile storage option.

Steps you should take to secure your information include:

  • Encrypting data
  • Using two-factor authentication
  • Understanding open API frameworks
  • Making sure everyone uses hard-to-crack passwords
  • Restricting accessibility to sensitive information

Protect your business

Having the right tools and systems in place can prevent data breaches and cyber crimes. As the world becomes more automated, it’s crucial for your organization to understand the available cyber security measures to protect its data and devices. Cyber Security Tools for Today’s Environment, an online 11-course program from IEEE, helps businesses improve their security techniques.

Contact a specialist today to get access to the course program for your organization.

Interested in learning about getting access to the course for yourself? Visit the IEEE Learning Network to learn more.

 

Resources

Nailwal, Mukesh. (14 October 2019). CLOUD SECURITY BASICS: HOW TO ENSURE THAT YOUR DATA IS SAFE. Techgenix.

Soni, Rakesh. (11 October 2019). The Rise of Cloud Computing Threats: How to protect your cloud customers from security risks. Customer Think.