Accurate as of 17/04/2017.
Accurate as of 17/04/2017.
There are likely as many cyber security threats as there are devices and people. We have highlighted some of the top ones here.
Cloud Based Cyber Attacks
Cloud domains are up against many of the same challenges as standard company networks. Cloud providers are subject to significant security problems because they maintain enormous amounts of data archived to cloud servers, thereby becoming an attractive target. It makes logical sense that the more data, there is, the greater the chance of a cyber attack.
The seriousness of the exposure depends on the type of data. For example, hacking of personal data of any kind, particularly medical or financial, can quickly can find its way into the news quickly. Trade secrets, copyrights, inventions, patents, and trademarks are serious data collections as well that certainly can be exposed.
Because all of legal ramifications, when data is compromised, companies can suffer serious financial ramifications such as fines, or they may be sued. Criminal charges could also be brought. Investigating violations and letting customers know about them and funding and publicizing incentives to continue patronizing the company can amount to large expenditures. The tainting of a company’s brand can hurt it in such a way it might never recover, or at least hurt an organization for a long time.
What many companies do not realize is that while cloud vendors typically utilize security controls to protect themselves and their clients’ data. However, it’s the clients themselves that bear the responsibility for taking care of their own information. The Cloud Security Alliance (CSA) endorses encryption as well of the use of multiple ways of identification to protect against data theft authentication.
Distributed Denial of Services (DDoS) has become another big area when the cloud is under attack. This can slow data retrieval down and waiting can be costly.
Nation-State Cyber Attacks
The alleged interference by Russia in the 2016 United States (US) presidential election could have or have had the power to change the world. Regardless, Nation-State cyber violations refer to one government attacking another’s infrastructure, commerce, and/or government.
Nation-State assaults are only going to grow in number and technological sophistication and countries will continue to devote resources to cyber wars, for reasons as unique as the countries themselves.
Ransomware, Malware, Blastware, Ghostware, Etc.
No matter what it is called, the proliferation of unwanted, or non-compliant, or outdated software is rampant. Attacks which steal patches are well underway. An increase in ransomware attacks each day was reported by the U.S. Computer Emergency Readiness Team (US-CERT) at approximately 4,000 for 2016, compared to the 2015 level which was about four times less.
Astonishingly, Ransomware as a Service (RaaS) creates great revenue and is prolifically available on the so called “dark web,” thus allowing more less technically talented mischief-makers and criminals to attack data in this manner.
The process involves the RaaS user downloading malware for free (or at least a low cost), and shares the resulting money with the software creator. And then come the worms. Ransom Worms re-create themselves easily and prolifically and in other computers, too.
The Internet of Things (IoT)
The Internet of Things’ (IoT) exponential grown has already given hackers chances for greater invasiveness. For example, one 2016 attack was accomplished by a “botnet” which went after multiple devices.
Basically, IoT is defined as a way to connect everyday things that operate in a digital configuration and become fair game to virtually any user. Even your cell phone, even your WiFi, even, you name it…
The concept of IoT can be and is overlooked by many users because it seems on the surface to be so impossible. However, it is advised to “think big” about this growing issue. Can you imagine the harm that could be done by a well-schooled online violator who can get into peripherals at a bank? Pick a printer in the area as you converse with someone in the personal banking department. As they print information about your transaction(s), think about your data. At least for a period of time, it is in that printer’s memory. What about cameras on smart devices that can grab audio/visual information that its users think is behind “closed doors.” It is critical that concomitant to the fast paced evolution of the IoT brings an almost unlimited convenience in our contemporary lives. It is imperative that both users and manufacturers continue to develop solutions on their ends of their device(s)’s lifetime to say nothing of compliance officers and their overseers.
Social Engineering and Human Error
Unfortunately, it seems that WE are the biggest culprits when it comes to the vulnerability of our cyber world, according to security professionals. This does not mean, however, that we do anything on purpose to cause problems. However, we have to own the fact that it is humans who create the situations that cause security breaches. Such violations be caused by the actions of a hacker just as easily as employee mistakes can be. the result of a single employee. It needs to also be considered that a disgruntled employee could be looking for revenge by knowingly causing data theft or other damage.
One way in which employees inadvertently cause data issues is because they consider themselves adequately knowledgeable about software and hardware they use. For example, take scamming. Many employees think they can easily ferret out spam texts and emails that want money.
However, the instigators are becoming more and more savvy on how they try to get to you. The detailed form of phishing, called spear phishing, can be immensely successful because the perpetrator has spent a lot of time “making” you. Let’s say you are on a lot of social media. Let’s say you are on dating websites, and your Facebook page indicates you are single and looking. It is worth a hacker’s time if you succumb to the spear by opening an email, or an attachment about dating while you are at work. What is one little open on your break? My boss will never notice, right?
Only if you are not attacked.
But you can do simple things to protect your company. Make your passwords stronger. Use different ones for different devices. Do not allow inappropriate access possibilities by giving someone your password. No matter what, don’t let them sit at your computer after you have logged in without them using THEIR password.
While great strides have been made to give hackers far less admission to critical data, nevertheless there is still a lot that technology can and must do to minimize fallibility in human beings. At this time, we all will be a great cyber security threat from this moment forward and, unfortunately, well beyond.
Based upon some information from some Information Technology (IT) professionals, coupled with information from some key training companies, we have put together some of the best certifications for 2017. While salary was the main consideration, there were other factors such as the number of people holding a certification which has a bearing on demand and so on. Also, what is on the horizon for other certifications based on employer demand?
1. Certified in Risk and Information Systems Control (CRISC)
The Certified in Risk and Information Systems (CRISC) certification was created on behalf of IT professionals, including project managers and others. This focuses on all those who identify and manage business risks in IT. The CRISC certification allows the professional to travel through a project’s steps covering the entire life cycle, from beginning to end and continuing on to the maintenance portion in support of the result.
Demand is great for this certification, and even though 20,000+ IT professionals have earned it all over the world, and nearly 100% keep it current, that is not enough. Therefore, evidence gathered shows that the CRISC is one of the highest paid 2017 certifications, earning an average of $125,000+.
To become CRISC certified, you must have significant experience, including three years’ worth in a couple of areas covered by the certification and the take the exam, which is offered during three eight week timeframes. There are no exceptions to this as there are with other certifications.
The CRISC has to be maintained by achieving Continuing Professional Education (CPE) credits. It is expected to grow in popularity because of the demand for professionals holding the CRISC, but also because of the exponential growth of cloud information management and protection.
2. Certified Information Security Manager (CISM)
Directed toward management, particularly in the areas of strategy as well as making judgments as to the quality and viability of existing systems and directives, ISACA also created is the Certified Information Security Manager (CISM) certification. It’s aimed at management and focuses on security strategy and assessing the systems and policies in place.
Over the course of more than 15 years, nearly 35,000 people, the demand still exceeds supply in terms of career opportunities in these area covered by CISM certification.
Like the CRISC, the exam is offered across three different eight week periods, and, in this case, a minimum of five years as an Information Security (IS) professional is required. For three of the five years you must have served in a management capacity and these qualifications must be met within ten years prior to the exam or five years after you pass it.
There is some flexibility in the area of experience requirement. CPEs are required annually to keep the certification.
3. AWS Certified Solutions Architect
The Amazon Web Services (AWS) Certified Solutions Architect — Associate, is an associate-level exam that attests to designing and employing system expertise on this cloud computing platform. The exam is an indicator of the taker’s skill level in designing and deploying scalable systems on these AWS disciplines. The need for AWS Certificate holders is not surprising due to the huge demand for qualified workers for this platform.
The next step up would be the AWS Certified Solutions Architect – Professional certification. In total, there are five AWS certifications available.
With salaries being reported starting on the low end at $100,000, certification on AWS should be well worth it as there are only just over 10,000 professionals certified. This is a small amount of certified workers given the overall growth in both positions and salaries of AWS.
To receive your certification, six months’ or greater experience directly with AWS is needed. However, there are courses you can take to get ready. This Associate certification exam will feature such things on AWS as: designing on it; selecting the appropriate services for a given situation; data traffic to and from the environment; cost estimating; and discovering cost controlling measures.
4. Certified Information Systems Security Professional (CISSP)
Created with the cooperation of the United States (US) National Security Agency (NSA), and brought forth by the International Information Systems Security Certification Consortium (ISC)2, the Certified Information Systems Security Professional (CISSP) is designed to prove security expertise in a vendor-neutral setting. As you would expect by now, the need for CISSP professionals is high with no end in sight. This one has an interesting twist, however, because an associate certification can be gained as you work on your experience. If you are trying to break into the security field, this is a good one for which to earn.
Just like in the other situations discussed above, the 110,000+ certified workers worldwide do not nearly satisfy the need for this credential.
It requires at least five years’ IS experience, with at least three of those in security management. Your experience must be within the 10 years before taking the exam or five years after passing it; however, unlike the CRISC for which there are no exceptions to the experience requirement, there are some alternatives to the experience specification for this certification (like the CISM).
If you are going for your CISSP, you must have a minimum of five years of full-time, paid experience in at least two of the eight testing areas. Without the on-the-job experience, you can still pass the test(s) while becoming certified during a six year time frame.
As mentioned above, eight areas in computer security are tested, including: security and risk management; communications and network security; software development security; asset security; security engineering; identity and access management; security assessment and testing; and security operations. To remain certified, CISSPs must earn Continuous Professional Education (CPE) credits every year.
5. Project Management Professional (PMP®)
Another great and well-paid for certification is Project Management Professional (PMP®).
Just because there are nearly 730,000 active PMP®s worldwide, that doesn’t mean there isn’t still a great need and that those certified as PMPs® aren’t well paid. Quite the contrary.
The PMP® exam encompasses five areas relating to the process of a project: initiating, planning, executing, monitoring and controlling, and closing. Regardless of industry, PMP® certification underwrites your expertise running any kind of project.
Professionals wishing to become certified must have 35 hours of PMP®-related training. In addition, while those who have a bachelor’s degree need just 4,500 of experience with project management, those sporting less than a bachelor’s degree must have 7,500 hours. You need to apply at the PMI® website, and when you are approved, you can register for the exam.
To keep your PMP® certification, 60 professional development units (PDUs), very much like the CPEs in other certifications, are required every three years. It is worth obtaining the PMP® certification even though it requires years of planning and effort.