3 Cyber Security Trends Tech Pros Need to Know
By Hannah Meinke on 10/21/2019
New stories about major data breaches and cyber attacks seem to pop up daily, and it’s clear that cyber crime is a much more serious topic than jokes about Nigerian prince email scams would seem to let on. With millions in damages accruing and billions of sensitive records potentially being exposed, there’s clearly a lot at stake.
Perhaps even more concerning, however, is that cyber criminals are constantly looking for ways to evade the security measures used to stop them. All of this might have you considering a life off the grid, but the optimist in you knows that opportunity knocks when problems arise.
But before we get into the silver lining, let’s take a closer look at some of the high-profile developments in cyber crime and attacks in recent years.
3 Trends cyber security professionals should know
Looking to get a pulse on the latest happenings in the cyber security world? Look no further. Learn more about three trends worth paying attention to.
1. A focus being placed on governmental targets
Cyber attacks aren’t just a concern for banks and other large businesses—they’re also a fact of life for government agencies and the contractors that work closely with them.
In May 2019, a contractor of the U.S. Customs and Border Protection agency, Perceptics, was compromised by hackers. This surveillance company’s security lapse left sensitive information about their hardware and approximately 100,000 facial recognition photos and license plates exposed and posted to the dark web.
Another prominent example occurred in August 2019, as 22 small towns in Texas were hit by a coordinated ransomware attack, temporarily crippling some government departments’ ability to process utility payments or access important records.
These are just two examples of many. Little is known about the motivations behind these attacks as authorities continue to investigate—some could be the work of state-sponsored hackers while others could just be opportunists seeking out valuable targets with less-developed defenses. No matter the motivation, know that it’s not just businesses that are at risk, and money isn’t the only motivator for cyber crime.
2. Software supply chain attacks are on the rise
One of the most recognizable vehicles of cyber attack are those suspicious looking phishing emails. You know the ones—your bank wants you to “confirm your account information,” or you were selected to “claim a prize.” Email providers and businesses have developed a variety of security filters and systems to help combat the surprisingly effective scourge of phishing emails in recent years, but they still remain an issue.
But like a virus that adapts to its antibiotic, cyber crime has evolved. One recent development has seen hackers working further up the “software supply chain” to create more effective and widespread avenues of intrusion.
If sending a phish-y email to a batch of employees is toward the end of the chain, then going back to the installation or update of a software is toward the beginning. The idea is that since direct contact is becoming such a recognized method, hackers are embedding malware in a more trusted vehicle—like a company-wide software update. This method of attack is called a “software supply chain attack” and these attacks can be devastating.
One of the most famous examples of this comes from 2017 when a group of what’s believed to be Russian hackers infiltrated a popular piece of Ukrainian accounting software, which was used to then spread a data-destroying malware called NotPetya.
In more recent news, ASUS acknowledged a massive supply chain attack. A server used for the company’s Live Update tool was compromised and then used to push malware on almost 1 million customers. To the end users, this malware just looked like a routine software update.
Not only are cyber criminals zeroing in on new targets, but they are finding new ways to make their attacks effective.
3. Companies are investing more in cyber security professionals
With the rise of cyber crime, the need for expert cyber security professionals has also skyrocketed. The position of Chief Information Security Officer (CISO) has become one of the more sought-after and lucrative positions in many companies. Unfortunately, there do not seem to be enough qualified candidates to go around.
One 2018 report estimates there will be 3.5 million unfilled cyber security job openings from 2018 through 2021.1 While schools and organizations are clearly working to train employees to meet this need for cyber security professionals at all levels, experienced workers with top-level expertise aren’t easy to find. As a result, companies are placing a premium on attracting talent. According to a Bloomberg News article, a top firm offered an annual salary of $650,000 to attract a chief information security officer.2 At the time, this figure was about as lucrative as it gets, but now the stakes are higher as Bloomberg reports some companies are willing to offer as much as $6.5 million in compensation to keep a cyber security expert around.2 It’s true these compensation figures are not the norm for rank-and-file cyber security professionals, but it does illustrate a significant shift in priorities for some organizations.
While this may seem like an enormous amount of money, the financial damage from information security failures can be potentially spectacular as well.
Marriott International paid $126 million for a 2018 breach on one of their reservation databases. Equifax paid $700 million in 2017 toward settlements for a breach to sensitive customer data. Cyber attacks like this can costs exponentially more in lawsuits, stock prices and damage to public reputation. A Herjavec Group report predicts cyber crime to cost the global economy $6 trillion by 2021—making it one of the greatest economic and political threats worldwide.3
Getting started in cyber security
Information security is clearly growing in importance for many organizations, and these cyber security trends might have you wondering what it takes to get started in this field. Given that the discipline of cyber security is relatively new, employer requirements for these positions aren’t often uniform. That being said, our analysis of over 153,000 cyber security job postings found that 88 percent were seeking candidates with a Bachelor’s degree or higher.4 This analysis also found these roles were typically seeking experienced candidates, with 67 percent of job postings looking for candidates with 3 to 8 years of relevant experience.4
Many information security professionals start out in more generalized information technology roles while learning the ins-and-outs of network and systems administration before branching out into roles more strictly focused on information security. For those who already have a solid IT career started with an Associate’s degree but lack the education level employers prefer, a Cyber Security Bachelor’s degree can help for reaching employers’ desired mix of experience and education.
Is a cyber security career in your future?
Keeping up on cyber security news and trends can certainly be a mixed-bag. Threats are evolving and the potential risks can be downright scary. But with pressing concerns come a pressing need for qualified cyber security professionals to help keep these threats at bay and any potential damage minimized. If you’re considering a career in cyber security, check out our article, “8 Signs You’re Wired for Working in a Cyber Security Career” to get a better idea of whether or not you’re a natural fit.
1Herjavec Group, Cyber Security Jobs Report 2018-2021 Edition, [accessed September 2019] https://www.herjavecgroup.com/wp-content/uploads/2018/11/HG-and-CV-Cybersecurity-Jobs-Report-2018.pdf
2Bloomberg News, Bloomberg Cybersecurity, Cybersecurity Pros Name Their Price as Hacker Attacks Swell, [accessed September 2019] https://www.bloomberg.com/news/articles/2019-08-07/cybersecurity-pros-name-their-price-as-hacker-attacks-multiply
3Herjavec Group, The 2019 Official Annual Cybercrime Report, [accessed September 2019] https://www.herjavecgroup.com/the-2019-official-annual-cybercrime-report/
4Burning-Glass.com (analysis of 153,516 cyber security job postings, September 1, 2018 – August 31, 2019)