In the fairly recent past, some companies treated cyber security like a buzzword and didn’t take it seriously enough. Multinational corporations might have viewed their existing security resources and their overall scope as too big to fail. And on the other end of the spectrum, smaller businesses may have thought they were too small to gain the attention of black-hat hackers or identity thieves.
However, events of the last several years have made it clear that neither of those conclusions is true – not as a matter of course. Cyberattacks have proven more crippling to businesses than early hackers likely ever imagined. As such, organizations are maneuvering to bolster their defenses against these threats, albeit somewhat too little too late in certain cases. In today’s technologically forward environment, it may be difficult to conduct business without the advanced interconnectedness provided by cloud computing and the internet of things, making protective measures all the more essential.
The considerable – and likely increasing – necessity of cyber security tools and solutions means there’s a concurrent, consistent need for expert professionals to oversee these tools. Such demand will foster intense competition for sector jobs as well as spots in cyber security master’s degree programs. Those considering a career move into the field will benefit from understanding the current state of corporate cyber security around the globe.
Dealing with misconceptions
More than a few companies are only recently diving into cyber security because they had serious misconceptions about it in the past. According to Forbes contributor and information security expert William Saito, computer-based threats were viewed by many as an almost esoteric risk. This belief posited that cyberthreats were something for IT departments to manage and had little importance beyond that.
This could not be further from the truth, as catastrophic organizational breaches – to Target, Yahoo, Anthem, Banner Health and other major corporations – have shown. All of those hacks, and many others of their ilk, affected aspects of these companies ranging from brand integrity to bottom-line revenue and profits. In the case of breached health insurance providers, the resultant threat to consumers is massive – their information can be spread throughout the black market and end up leading to any number of thefts and instances of fraud.
Other common misconceptions and mistaken practices Saito named included:
- Directly or indirectly stated assumptions of “immunity” to hacks (as noted above).
- Excessive trust in the internet of things’ inherent security.
- Thinking that anti-virus software is sufficient protection.
- Believing that your organization will be fully protected by its own cyber security measures when flaws in partner businesses and third-party vendors could end up damaging all involved, including you.
To varying degrees, the numerous high-profile hacks during the last five years have brought sobering reality crashing down on the erroneous assumptions of business leaders, and a significant number of them have in turn prompted their organizations to adopt robust security measures. According to the PricewaterhouseCoopers Global State of Information Security Survey 2017, 51 percent of those queried stated that their companies were actively engaged in monitoring security-related business intelligence. Less than half, though, conducted regular penetration tests (44 percent) or vulnerability assessments to get a real-time perspective of their risk.
Cyber security threats in 2017 and beyond
A March 2016 article in The Washington Post pointed out that cyberattackers had begun to target health care more than any other sector. By the year’s end, IBM confirmed this story in findings from its X-Force Cyber security Intelligence Index, finding that the field had knocked financial services providers out of the No. 1 spot that it held the previous year.
In addition to the considerable value of stolen personal information that allows for the commission of identity theft and resulting theft, black-hat hackers are compromising individuals’ health insurance data and selling it to the highest extralegal bidder. Doing so facilitates a type of flimflam even more damaging to the victim – medical fraud. This crime is harder to detect than straightforward theft and can be particularly lucrative for the actor. As such, it stands to reason that health care will bear an even greater cyber security risk in 2017 and the years that follow, and insurers, hospitals, clinics and other care providers will all need cyber security platforms capable of meeting hackers’ challenges head on.
Beyond dangers to certain sectors, entire channels are at risk – such as mobile. PwC’s survey noted 28 percent of its respondents experiencing cyber security breaches via mobile. Additionally, Forbes reported that in the remaining months of 2017, malicious cyber-based actors see two-factor authentication, touted of late as a major consumer-level security advance, as the next frontier for them to seize, with additional interest in exploiting near-field communications systems.
As previously stated, the need for talented cyber security professionals is great now and likely to be greater soon. But ISACA’s latest report on the status of the field found that these open positions aren’t being filled. On average, respondents to the study reported six-month searches to fill single postings, and many applicants are unqualified for the work they’re seeking. With this in mind, consider that job-seekers with a master’s degree in cyber security are liable to have a leg up on the competition and get their foot in the door of an expanding trade.