With global tensions on the rise, the U.S. needs to protect itself from various national security threats which could target our security forces and even election results. The Government Accountability Office (GAO) released a report outlining key cybersecurity challenges, along with various proposed steps to be taken for risk reduction and management.
Since technology and connectivity has permeated every aspect of our lives, IT professionals have a crucial role in providing cybersecurity in this highly technological, digitized world. One of the main problems: We now face a shortage of qualified cybersecurity professionals.
The build-up to the situation we face today:
Digital Security threats are proving that hackers worldwide are moving faster, becoming bolder and more sophisticated, while there is reasonable proof that they are often state backed. Some examples of these recent threats include:
Russian Grid Hacking
In 2017, there were several high-profile Russian hacking incidents in the U.S. The first one is the NotPetya ransomware attack, which wiped data from the networks of banks, senior government officials, and an airport. It soon became evident that the perpetrators had even hacked some power companies and the control systems of one of these.
Nine Iranian hackers were recently indicted for infiltrating the systems of 144 U.S. universities and 176 others worldwide. They also managed to infiltrate 47 companies, the United Nations, the US Federal Energy Regulatory Commission, and the systems of the states of Hawaii and Indiana. They stole 31 terabytes of data, estimated to be worth $3 billion in intellectual property. They targeted 100,000 accounts using “spearphishing” emails to trick the users into clicking on malicious links with their login details and managed to get the credentials of 3,768 people in the U.S. The suspicions that the hackers had ties to Iran’s Islamic Revolutionary Guard Corps have caused an increased rise in tensions between Iran and the US.
Another Russian hacking campaign that is believed to have impacted more than 500,000 routers worldwide is known as the VPNFilter. It is spread in order to create a huge botnet while it can also spy and manipulate any web activity on the compromised routers. The attack does not target one specific brand of routers.
ATM Cashout threat
In August 2018, the FBI alerted banks around the world about a threat of an “ATM cash out” that involved cloned cards, together with a hack on what was believed to be on a bank or payment processor.
US China Trade Wars and Hacking
Until recently, U.S. complaints about Chinese hacking focused on espionage and intellectual property theft which is believed to have been going on for decades by state-coordinated efforts. A few weeks back a senior U.S. intelligence official said that the Chinese are now targeting crucial infrastructure. These attacks are aimed at the US energy, financial, transportation, and healthcare sectors.
China repeatedly denies these allegations, but U.S. prosecutors are bringing charges against some Chinese nationals who were involved in a cyber espionage operation, targeting technology service providers and their customers.
The two countries sat down to negotiate in Beijing after a meltdown of global markets over Christmas but even though President Trump tried to calm investors with claims that the talks were fruitful, some present at the discussions feel that little progress was achieved.
The issues around Intellectual Property are proving to be thorny as the U.S. tries to justify the $250 billion tariffs imposed on Chinese goods, with the Chinese denying any wrongdoing and insisting on seeing the proof.
The U.S. has demanded that China remove specific policies and practices linked to technology transfer, stop government sponsored cyber theft, and strengthen Intellectual Property enforcement. Another demand is that China end government support of industries included in the Made in China 2025 plan.
The talks are to continue at the end of the month and many U.S. industries believe that a short-term deal will help de-escalate tensions, while the administration in Beijing also seems to want to appease the U.S. government.
Careers in cybersecurity
Due to these international threats and the rising wave of cybercrime, the U.S. alone currently faces a deficit of approximately 300,000 cybersecurity specialists (the worldwide shortage is estimated to be 3 million), leaving organizations short staffed and more vulnerable to hacking.
In order to attract more students into this field of study, high school scholars will need to be prepared with extra courses in order to get college entrance credits. These courses will also spark their interest in a sector that they might never have thought of entering.
Unfortunately, there is still no national program toward this type of training, but the Homeland Security and Commerce report has made recommendations, while many privately driven small online training courses are being made available to schools in far-to-reach communities.
An undergraduate degree in cybersecurity opens up many career opportunities in a worldwide security market which is predicted to reach $170 billion by 2020 from a mere $3.5 billion in 2004 (figures given by Anglia Ruskin University). These career opportunities offer well-paid jobs globally in a wide range of industries, including manufacturing, healthcare, education, and government.
Some careers of a cybersecurity graduate include penetration tester, cybersecurity analyst, support engineer, cloud security engineer, digital forensics analyst, auditor, and network administrator. Filling in the talent gap should not be difficult since these jobs pay well (on average anything between $90,000 and $150,000) depending on the position held.
We are starting to see employers being more pragmatic with entry-level requirements for cybersecurity jobs. Standards have not lowered, but the intense demand and shortage mean that now many people without a degree will obtain an industry recognized qualification, such as the CompTIA Security+ certification. These candidates will then enter the job market alongside others with formal degrees to help combat this rising threat.
Image source: GOA
Updates on this developing story:
According to the Bureau of Labor Statistics, cybersecurity professionals reported an average salary of $116,000, or approximately $55.77 per hour. While this is nearly three times the national median income for full-time wage and salary workers, it is now estimated that this figure could be much higher. The reason is that companies regularly rotate external providers to conduct independent penetration testing – on invoice. It is well known that companies like Tesla, for example, pay up to $2000 for a test. This puts cybersecurity professionals in the same bracket as top medical professionals.