Ignorance has never been bliss, but it is even less so today. Cybercriminals are always looking for vulnerabilities to exploit. This is why Bob Mueller said over a decade ago that there are only two types of companies in America: those that have been hacked and those that will be hacked. A decade later that sentiment is still true, except that many have been hacked numerous times. Many cybercriminals attack on a daily basis. Their target is your information.
Sadly, in the decade since Mueller made his statement we’ve made little progress in the war waged against us by cybercriminals. For the most part, our technical efforts -- while impressive -- have been reactionary.
How do we begin to combat such a threat? It begins with education.
For example, audiences at conferences, workshops and employee training sessions are still amazed when I speak to them of password cracking software, the need for updates, and simple tips on staying safe. Most viruses are still delivered via email and most passwords are still too simplistic. It is astounding that with all the articles, jokes, and anecdotal emphasis on password complexity, the most popular password in America is still some form of “Password” (P@ssw0rd, Password 123, Password 123!, etc.). This is why all companies should regularly emphasize cyber awareness training for all their employees. It seems logical that if you shrink the target, you will also shrink the cybercrime industry. Training in antivirus technology, update and password management, and education seem to be a no-brainer. This could easily and inexpensively be done through community colleges and different types of IT education programs.
The boom in cybercrime has created a corresponding increase in cybersecurity jobs. Yet the industry of cybersecurity is reported to have currently over 1.5 million positions going unfilled -- and an expected three million by 2021 -- because there are not enough educated and qualified people to fill the positions. Only recently have colleges and universities begun to offer an emphasis in cybersecurity, with only a few offering a degree in it, despite the fact that the IT industry allows stackable credentials (A+, N+ or S+).
The education industry needs to work with government and business to establish regional cybersecurity operational centers (CSOCs). Students would receive real world training to accompany their academic training (using certificates like COMPTIA’s as the final exams in classes like networking—N+). These students could work alongside experienced professionals at the CSOCs, and, as interns, work at organizations (SMBs, non-profits, government) that will also benefit from added emphasis on cybersecurity. Educational institutions would be able to market cyber awareness to the consumer while also benefiting from relationships with the organizations where they have placed interns. This idea is win-win. Education wins with increased student populations and more fully developed community relationships. Government, business, and NGOs benefit from improved security and better
educated employees. And everyone becomes less of a target for cybercrimes. The battle will always be engaged, but at least we won’t be in full surrender.
By: Ron Bush
President, Ron Bush Consulting, Inc.
Ron Bush is an accomplished Senior Executive and Consultant with 14 years of success within the information security industry across a range of sectors including healthcare, financial services, education, manufacturing, retail and local government. Leveraging extensive experience guiding clients on how to best secure their data, he is a valuable asset for organizations working on information security issues. His broad areas of expertise include IT security, social engineering protection , security and data breach risk assessments, information security policy and procedures, identity protection, and data storage.
Ron hold s degrees in Human Resources Management and Education. He is author of Staying Safe in a Ve1y Dangerous World: Think Before You Click, and hosts a weekly radio show, The Information Playground on WVLP out of Valparaiso, Indiana, which is also available on iTunes Podcast. He has been an adjunct professor at two Indiana universities and writes for various publications. He regularly speaks on information security at national and international events.