Cyberterrorism is considered a real threat by governments around the world, and many believe that future wars will be fought in this arena. With billions of people and objects connected through the Internet of Things, it is imperative that governments, businesses, and individuals are aware of these threats, and that they are trained to seek out the necessary protection.
With both the market and technology expanding, one of the careers in highest demand will be that of information-security specialists, who are presently in short supply. According to the 2019 International Information System Security Certification Consortium, or (ISC)2, Cybersecurity Workforce Study, the skills gap in the cybersecurity market was a shortage of more than four million professionals — a 145% gap when compared to the estimated number of cybersecurity professionals in the workforce then. The (ISC)2 is a nonprofit organization that specializes in training and certifications for cybersecurity professionals. The CSO (Chief Security Officer, who is responsible for companies’ cybersecurity) has become one of the most critical positions in the structure of any organization. Since many aspects of an IT structure are often outsourced, for example to telecom companies and Internet providers, MSSPs (managed security service providers) have started to show up on the lists of critical functions as well, and they are responsible for the monitoring and protection of their clients’ technology infrastructure.
Startups around the world are developing products to address this broad field in fraud prevention, automation, identity management, IIoT (Industrial Internet of Things), data confidentiality, development security, and social engineering, to name just a few sub-sectors. Crunchbase reported that almost $10 billion was invested in cybersecurity startups in 2019, compared to $4.2 billion in 2014.
Two sub-sectors merit a bit more detail.
Development security operations, or DevSecOps, was created to address attacks that occur on the same day as vulnerabilities in the code of a given system are found (a phenomenon known as zero-day exploit). To avoid this type of hack, teams specializing in cybersecurity work together with the software engineers during the development stages of a new system.
Social engineering aims to stop users from revealing their passwords in phishing schemes. Generally, these schemes are carried out through fake email messages that cause recipients to believe they are interacting with a legitimate company such as a bank, an e-commerce platform, or a large tech company; the messages trick unprepared users into giving their information to hackers. According to the 2018 Microsoft Security Intelligence Report, which analyzed nearly half a trillion emails, a 250% increase in instances of phishing had been verified over the previous year.
This type of attack concentrates not on technical vulnerabilities but on the way our brains work: believing, initially, that the sender of the message is legitimate. It is common for cases of phishing to increase after tragedies of a national or international scale — scam emails asking for donations for victims are sent out, aiming at extracting people’s financial information (such as credit card numbers) for future use. Social engineering and its impact on our lives online are our topic for next time. See you then.