Now that more companies are relying on digital platforms, cybersecurity teams are not just an asset—they’re a necessity. PRIME’s Cybersecurity Supervisor Ed Penn emphasizes that these teams are essential in risk management, now that numerous cyber attackers are striking left and right. Without proper cybersecurity professionals and systems in place, attackers can launch multiple threats and infiltrate organizations. Even the biggest companies in the world are vulnerable to these attacks, as illustrated by the following two incidents:
US, UK, Australia Cryptojacking
In early 2018, various government websites from the US, Australia, and the UK were subject to an attack involving cryptojacking malware. Security researcher Scott Helme blew the whistle on the attack, and discovered that it was executed through a third-party plugin called Browsealoud. The plugin was designed to help those visually impaired browse websites. But due to the incident, all the websites that used the plugin were immediately compromised. Helme pointed out that cyber attackers often target websites that others rely on. In order to avoid this the government should have done greater testing to ensure their plug-in was completely secure. In order to make technology more accessible to users, governments and companies must be careful they don’t make it more accessible to hackers.
Google Plus Forced Shutdown
Google – being the tech giant that it is – has been the subject of various significant attacks in recent years. In May 2017, an email phishing scheme nearly exposed sensitive data from millions of users. A year later, Google’s own self-regulating mechanisms allowed them to spot a bug in the developer API of Google Plus, which could potentially expose sensitive data belonging to its more than 50 million users. TechCrunch's report on the incident reveals that there is currently no evidence that a third party has taken advantage of the data exposure. However, Google has responded to these incidents by expediting the shutdown of their Google Plus APIs rather than potentially exposing users to any risk. This pre-emptive measure may cause Google time and money, but it’s necessary to protect their users.
The Future of the Industry
Given the inadmissible growth of cybercrime in recent years, one very fine silver lining is that this directly translates to a higher demand for cybersecurity experts who specialize in pre-emptive measures. To fill in the gaps, plenty of institutions are establishing cybersecurity programs that provide aspiring cybersecurity professionals with an effective digital training ground. In particular, post-secondary institutions have been doubling down on cybersecurity degrees. The University of Hawaii unveiled new cybersecurity internships, while Benedict College and LaGuardia Community College extended their current cybersecurity programs to include postgraduate options. Meanwhile, Maryville University’s online master's in cybersecurity is not only taught 100% remotely, it teaches post-grad students how to build defensive and preventive strategies. Aspiring cybersecurity professionals are also trained in a Virtual Lab giving them vital real world experience in a safe environment. Together these universities are ensuring that more companies and governments are better able to protect themselves.
Since top cybersecurity specialists can be difficult to find, the Wall Street Journal points out that the median salary of corporate cybersecurity chiefs has risen to $509,000 this year. Omar Khawaja, a CISO himself, stated that numerous high-profile ransomware attacks have pushed big companies to invest more in their cybersecurity teams.
As cyber attacks sweep over hospitals, governments, and big companies, competent cybersecurity experts with the necessary experience are more important than ever. Organizations and cybersecurity experts have to work closely to take on pre-emptive measures based not just on estimates, but also on the massive amount of breach-related data available to companies today.
*The views and opinions expressed in the Public Risk Management Association (PRIMA) blogs are those of each respective author. The views and opinions do not necessarily reflect the official policy or position of PRIMA.*
By: Reanan Jannie
Freelance IT Consultant and Blogger
Summary of Qualifications
Reanan likes to keep herself busy, so she's a woman who wears many hats. Since she loves the challenge of problem-solving, she has worked as an IT consultant for many years now. She believes that her strongest suit in the field of IT is her skill in cybersecurity. Due to the rising demand for cybersecurity professionals, Reanan also decided to share her IT knowledge through writing. She primarily writes about cybersecurity, but she also loves the challenge of writing about different topics.
BA, Computer Science
You Might Also Be Interested In
Confidence, Culture & Conversations: Inspired Risk Leadership
Some of the greatest risks for public entities involve the data that is stored, especially with regards to personally identifiable information, health records, the length of time records have to be maintained and reliance on third party vendors.
Mitigating Risks with Your Government Solicitations
A sound solicitation, with an accompanying sound evaluation process, will not only help your agency identify the right vendor and service or commodity solution, it will also allow your agency to mitigate potential risks before entering into a contract.