So, what is cyber security and why did the world suddenly wake up to the needs of cyber security. Let’s start it this way, cyber security is securing your assets from potential cyber criminals who will be lurking on the cyber space. Delving a bit deeper, Information Technology has taken the world by storm, creating new opportunities, improvising the business processes, and creating a special set of professionals to do these jobs.
In about a decade, Information Technology integrated with human life to the extent that an altogether new space called “cyber space” has been created. This new space has brought with it ample opportunities, connecting the world into one place, speeding up businesses, improving economies, creating employment and a lot more. However, on the other side of the coin the workforce is not amply trained as per the increasing sophistication of technology, an increasing skill gap, and an advanced level of crime - cybercrime.
The recent years saw the industry majors suffer huge setbacks due to cybercrime with financial losses and reputational stakes. Worldwide financial losses amount to around USD 400 billion* due to cybercrime alone. This whopping figure of financial loss has woken up Management Boards and governments around the world with a start. With growing increase in the incidence of cybercrime businesses and governments have understood the requirement for cyber security professionals across industry verticals. This created an unprecedented increase in the demand for cyber security professionals.
In the current scenario, cyber security professionals are the most sought after with the demand requirement from all sectors of the industry. According to Michael Brown, CEO, Symantec globally the demand for cyber security professionals is going to be around 6 million with a projected shortfall of 1.5 million work force by 2019.
The analysis by Bureau of Labor Statistics further adds to this, in the United States alone, there are about 209,000 unfilled cyber security jobs and the job postings are up by 74% over the past five years. According to Cybrary’s Cyber Security Job Trends Survey 2016, some of the major reasons for not being able to fill the cyber security jobs were lack of qualified work force to suit the jobs, lack of resources to find and attract talent, and location issues. With the threat landscape constantly evolving, companies are always on the lookout to identify and retain the right talent.
However, with the governments pulling up the sleeve to reduce the skill gap, exclusive cyber security courses are being offered by Universities and educational institutes. For students who want to pursue a career in cyber security, EC-Council University offers exclusive Bachelor’s and Master’s degree programmes on Cyber Security. For professionals who are looking to switch career to cyber security, they can pursue certification courses like CEH, CHFI, CCISO and etc. which are in great demand in the market.
For more information on cyber security related courses visit: www.eccouncil.org and www.eccu.edu
For any queries write to us at [email protected]
Depending on the size of the organisation, cyber security work environment differs strategically and categorically. Traditionally, Information Security and Cyber Security are under the Information Technology umbrella. However, the job role of a cyber security professional differs to a large extent from an Information Technology professional.
A cyber security job includes but is not limited to risk analysis, risk mitigation, vulnerability management, analysis of policies, cyber security trends, cyber intelligence and etc. A successful cyber security professional possesses not only comprehensive IT skills but also analytical and management skills.
The cyber security work environment is dynamic creating learning experiences for the incumbents at every juncture. While the work is exciting with an agile working domain, competitive salaries, increasing responsibilities and increasing opportunities it is often complained that cyber security professionals hinder the creative process. There are many different areas in which cyber security enthusiasts can find lucrative jobs. From a cyber security analyst to a chief information security officer, cyber security domain offers a plethora of opportunities to the enthusiasts.
Cyber Security jobs are often not the conventional 9 to 5 jobs. Again depending on the organisation structure, it is extremely important for a cyber security professional to be vigilant all the time. In case of a breach or a potential attack, cyber security professionals will have to work in an informal atmosphere at odd hours performing a variety of activities in different work locations; quickly responding and overwhelming the adversary in every move. On an average day, the cyber security professional is expected to be vigilant all the time monitoring the organisation’s infrastructure and every transaction in the network. On the whole, it can be said that there is no average performance day in a cyber security professional’s work schedule. It is either a high performance schedule or an exemplary performance schedule.
With the surge in cyber-crime, the demand for cyber security professionals is at an all-time high with more and more companies opening up cyber security jobs in their organisations. One great advantage of this field is that cyber security is a recession proof and a domain with high growth rate.
Typical Work week for an Information Security Analyst
For more information on cyber security related courses visit: www.eccouncil.org and www.eccu.edu
For any queries write to us at [email protected]
The United Kingdom is one of the most developed nations in the world with its economy being the fifth largest*. According to a study, the UK is the most cyber-dependent nation of the G20 countries* with almost 74% of the adult population being online and spending around GBP 91 million. These figures tell us the need for being cyber secure and cyber resilient in the UK.
While organisations are competing to create value by altering their operating models using innovative and sophisticated technologies like Big Data, Cloud Computing and etc., the risk of operating business functions using these techniques increase the risk manifold. It becomes imperative to protect the same and to create a function head who will be responsible for the overall security of the Organisation. In most of the organisations, there is no distinct job role of a CISO, Chief Information Security Officer. In most cases it is either included in the job role of a CTO or a CIO with rare instances of it being included as the CEO’s responsibility.
An understanding of the following graphs will give us a glimpse of the current cyber security threat landscape and the need for a CISO. According to the Cyber Security Breaches 2016 by the Government of UK, 65% of large organisations have detected a breach in the past year of which 25% continue to detect a breach every month with the average cost of a breach being GBP 36,500. While most organisations are following the basic criteria for containing cyber threat, the weakest link of the supply chain – the human link, is still a major threat. Of the small, medium and large organisations, only a meagre 22% of the organisations have enrolled in a cyber security training, the figure remains a bleak 38% for medium sized organisations and 62% for large organisations. These figures again bring to the fore the major question of responsibility. While most of the senior management do agree that there is a need for a senior executive to overlook the cyber security of the organisation, the lack of talent is marring the intention.
The dearth of cyber security professionals at all levels of the hierarchy has created a turmoil not only in the IT industry but also in the related industries as well. With a dearth of security leaders like CISOs, the situation seems to be worsening with cyber criminals and cyber crime syndicates being equipped with latest state of the art technologies leading to an incident. Some of the cyber security majors like EC-Council and others have been doing a commendable job in developing this skill and creating cyber security leaders with some of the coveted programmes like the C|CISO which is an overhaul of the current cyber security scenario and transforms professionals into leaders.
For more information on the C|CISO programme please contact https://ciso.eccouncil.org/
Contact Person: Ipsita Chatterjee
Contact Email: [email protected]
South Africa is the second largest economy of the African continent after Nigeria in terms of GDP. Natural enough, South Africa is the first target for cyber-crime syndicates and cyber-criminals. According to studies by Norton, around 8.8 million South Africans were cyber-crime victims in 2015 alone. This figure emphasises the gravity of the situation and the importance of cyber space in South Africa.
According to another study by Control Risks Cyber Threat Intelligence, South Africa is one of the five African countries with increased presence of malicious IP addresses. The major concern in cyber-crime scenario of South Africa is that, the perpetrators are both internal and external actors.
The threat landscape for South African businesses is moderate with focus on only organisations plying in a select few sectors like manufacturing and agriculture. Some of the key factors motivating cyber-crime are:
Air India passengers were in for a surprise when they saw that their accumulated air miles were all redeemed without their notice. In the recent cyber security incident involving the Indian aviation player Air India, the accumulated air miles of most of its genuine travelers had been redeemed and 170 air tickets worth INR 16 lakhs have been sold on the basis of the air miles. Investigation report says that around 20 email addresses were created by the perpetrators for getting access to the accounts.
The issue was brought to the fore when Driving License of one of the passenger has been approved as an identity proof.
However, Air India does not recognize Driving License as a valid identity proof, this adds to the suspicion of insider involvement in the entire incident. Further probe into the issue has added that around twenty accounts have gained illegal access to passenger accounts which is almost 20 lakh strong according to Air India. The suspicion of a possible insider involvement gains ground as the operational procedures were not halted at any point of the operation though regulations were not adhered to. Though officials claim only sixteen lakhs worth points, however there is scope that this figure might increase in the future.
This incident brings into focus, the increasing need for a beef up in cyber security regulations in the aviation industry which primarily depends on the Internet for providing services to the clientele. A collaborative effort between the involved entities such as the carrier, the airport, the air navigation service provider will ensure a hassle free travel to the end customer. Any breach in any of these entities can be lethal to the governments, to the customers and to the airlines itself.
The vulnerabilities increase manifold in case of the aviation industry as the slightest mistake can lead to disastrous results costing lives. Some of the major vulnerable areas can be, taking over of aircraft-to-ground communications, data breach of customer information, document frauds to mention a few. Also, cyber security experts assert that it is impossible to route cybercrime completely and the easiest way to prevent hacking is to be prepared. A regular upgrade of the cyber security measures, stringent policies and laws on cyber security and a proper incident reporting structure will help mitigate the risk to a certain extent.
Since carriers ply around the world, it is of extreme importance that the governments of the world countries coordinate and collaborate to create a single approach for risk management and mitigate the threat scenario in the aviation industry.
In the wake of the recent cyber heists in the Standard Bank and the ongoing fraudulent activities in the East African countries banks, it is time that the African banks take a stand on mitigating cyber risks; embracing technologies which will contain the movements of cyber criminals.
The recent months saw the Standard Bank lose USD 13million to cyber heisting through fraudulent ATM transactions in Japan.
Ana analysis of the heist brings to the fore the major loopholes which aided in the heist. Cyber-crime syndicates chose to perpetrate the Standard Bank ATM network in Japan as the country is considered low fraud risk by the banks. Accordingly, the syndicate found the ATM network vulnerable perpetrating which, they could siphon off an exaggerating USD 13million. Also, a point of mention is that the fraud analytics software which was used could not block the fraudulent transactions showcasing vulnerability.
With the IoT technology fast spreading, gone are the days when any bank transaction had to be done in the bank itself. With increase in mobile technology, more than industry analysts predict that number of smartphone subscribers in Africa will rise to 550 million by 2019*. To increase the customer base, banks are offering customer centric services like social banking (combining banking with social media) where prospects get loans based on their credibility in the social media applications like Facebook, Twitter and etc.* , mobile banking and etc. However, the point of interest here is that, the level of security in each of the domains differs greatly. While Social media needs security upto a certain level to protect individual privacy, banking is a critical domain where security and privacy play a crucial role. Combining the securities of both these domains mars the other domains interests greatly.
As the year progresses further, there are increasing cases of cyber-attacks, mostly insider attacks, breaches, social engineering insecurities and etc. Analysts predict more sophisticated attacks from the perpetrators in the near future. According to the Kenya Cyber Security Report 2015, Kenyan government is losing around USD 50 million annually to cybercrime. Another estimate states that South African banks lose USD 65 million* annually to cyber-crime. SWIFT is another.
Understanding the international cyber-crime scenario and the continent’s adoption of cyber security strategies, it is time that the African banks up their sleeves to combat cyber-crime protecting their valuable assets. According to research reports, the human factor still continues to be the weakest link in the Information Security chain. Training and educating the human resources on cyber security is the easiest and the apt way of mitigating cyber threats to a large extent. As the leader in cyber security training and certification, EC-Council has to its credit training of over 200,000 professionals on cyber security education and certifying over 120,000 professionals and students across the world. Through its partner network of over 700 members, EC-Council has trained professionals from the Pentagon in USA to the cyber security enthusiast in the remote corner of the world.
For more information about EC-Council, please see www.eccouncil.org.
In what seems to be the biggest cyber heist in the history of banking sector, USD 81 million has been siphoned off from the Bangladesh Bank’s account with Federal Reserve Bank of New York. While the attempt to siphon of fund amounting to USD 1 billion has been the actual target of the perpetrators, they have been successful in stealing USD 81 million. This incident brings to the fore, once again the burning issue of cyber security and risk management. While the other industry verticals have an edge over the BFSI sector,
the organisations operating in the BFSI sector are always under the Damocles Sword.
With reputation, customer interests and customer trust at stake, it is vital for this sector to act with alacrity amidst the increasing cyber surface area and the attack surface.
The recent perpetration of the Bangladesh Bank has brought about an opportunity to learn for averting a critical risk situation. Delving deep into the incident, in the first week of February 2016 perpetrators attempted to divert funds from the Bangladesh Bank’s account with Federal Reserve Bank of New York. Perpetrators had a deep understanding of the operational procedures involved in international fund transfers. While the original transfers included amount worth USD 951 million, thirty of these transactions worth USD 851 million were cancelled by the system due to typo errors. However, the perpetrators managed to siphon off USD 81 million which were diverted to Philippines and USD 20 million which were diverted to Sri Lanka. By this time, authorities at the Pan Asia Bank and Deutsche Bank (a routing bank) suspected foul play and halted the transaction to Sri Lanka, due to which USD 20 million has been recovered. However, the transaction to Philippines could not meet a similar fate. The money transferred was deposited into five accounts of the Rizal Commercial Banking Corporation which were laundered through casinos in Philippines, hence could not be recovered. This is partly due to the lax in restrictions on the gambling industry in Philippines.
Further investigation into the breach has had some of the banking officials lose their jobs including the Chief Governor of Bangladesh Bank Mr. Atiur Rehman. Investigations by the forensics experts have brought to the light some very interesting facts about the breach. Malware was installed into the system of Bangladesh Bank to understand the procedures for international transactions. Cyber Security experts found footprints, also they have linked this heist to eleven other attacks. Cyber security experts are also of the opinion that there is all probability for this theft to be state sponsored alleging North Korea to be the sponsor.
The incident apart from bringing about financial losses and disrepute to the concerned players, also threatens to restore Philippines to the blacklist of countries making insufficient policies against money laundering by the Financial Action Task Force. Also, this incident is an eye opener of the lurking threat to government and private organisations from potential cyber criminals. An anatomy of the incident would bring to the fore the impeccable collaboration displayed by cyber criminals and the loopholes in the collaborative international banking system. It is high time that this situation reverses and cyber security becomes the DNA of the government and industry verticals.
Every human irrespective of their place of origin, residence are entitled to certain basic rights which are protected by the concerning States. According to the United Nations Human Rights Council, it is the duty of every State to honour and protect the Human Rights of every citizen. Basic rights such as right to life, right to freedom of expression, right to work, education, social security form some of the human rights. An advance in technology resulted in the innovation of a computer and the ARPANET.
These technologies paved way for an entirely new way of life and a new space running parallel to the physical space. The cyber space as it is called, has connected the world, reduced communication barriers between countries, helped in the exponential development of businesses thereby increasing opportunities and bringing in increased employment and a better standard of life to a majority section of the population.
While the International law specifically has a principle and a constitution about Human rights and protection of Human Rights in the physical space, the cyber space being seamless did not allow the comfort. A borderless cyber space does not fall under any country’s jurisdiction, does not fall under any legislation, no laws, no legal implications in case of a crime. Along with the various comforts offered, cyber space has brought with it, a new set of difficulties and crime. Cybercrime, the crime perpetrated on the cyberspace has brought to the fore the many loopholes in the system, which need to be plugged. With cybercrime acquiring mammoth proportions, world countries have to come together to create a set of rules and regulations to secure themselves from the cyber criminals. An estimated 40% of the world population has access to the Internet. According to the United Nations Human Rights Council, “the right to freedom of expression and right to information include freedom to receive and communicate information, ideas and opinions through the Internet.”* An important clause also states that the rights are to be exercised along with the special duties and responsibilities such as respect for the rights of others, reputation, national security, public order, public health and morals.*
The regulations and the laws made bring to the fore, the core question “whether right to freedom of expression, right to information is being truly respected on the cyber space”. The answer however is in the negative, with massive surveillance on netizens at all levels all the time. Governments can only try to protect individuals from perpetrators of crime; however, there is no guaranteeing of privacy and security for any user. However, with cyber criminals prowling everywhere over the Internet waiting for an ambush attack, Governments find no other solution except continuous massive surveillance.
Cyber security measures are employed to protect the information that netizens (includes Governments and businesses) store on the Internet. This can include confidential data of the State (WikiLeaks), confidential data related to businesses (Sony Hack, Target attack), critical infrastructure breach (Stuxnet attack on Natanz nuclear facility, Iran) and breach of individual privacy. Understanding the criticality of cyber-crime and the consequences of a potential breach, some of the developed nations have included cyber-crime as a national threat on par with terrorism and other acts of mass destruction. To mitigate this issue, some countries have brought about implemented policies seeking international cooperation with an emphasis on human rights as declared in the “Universal Declaration of Human Rights” while some countries have executed overarching policies violating human rights. The Cyber Strategy of the European Union is an example of the former which states “an open, safe and secure cyber space” emphasizing on protecting freedom of expression and privacy in its core principles.
However, it is time that States around the world come together to draft and execute legislations with international jurisdiction. This is easier said than done with Human Rights policies differing from country to country. It is the responsibility of governments to ensure that a balance is achieved in respecting Human Rights policies while at the same time safe guarding the seamless cyberspace.
Cyber Security jobs are here to stay, at least until as long as we try and develop flawless designs and programs which will have zero vulnerability. In this section, let’s talk about why we need cyber security professionals in every walk of life and ponder over the reasons as to why cyber security jobs will remain hot for the next few years. Let’s discuss the latest developments in the major sectors across the world and their impact on security. As all of us know, Artificial Intelligence is one of the major breakthroughs of our decade with almost all of the major sectors using AI to increase productivity and thereby profits.
Artificial intelligence has been used extensively in developing “Olli” the latest self-drive bus powered by IBM’s Watson. According to John B. Rogers, CEO, Local Motors, Olli offers a lot of features including smart, safe and sustainable transportation solution. However, imagine a hypothetical situation where the preprogrammed self-driven Olli’s program is corrupted. How do we ensure the safety of the passengers inside? It is here that a cyber security professional comes to our aide. Aided with the right kind of skill set, it is the cyber security professional who will avert the danger to the passengers.
The Banking sector is one of the major sectors using Artificial Intelligence extensively. Nina web assistant of Swedbank, Sweden, Luvo of RBS are some of the examples. These systems can be used for offering personalized financial services to customers, for making data driven management decisions, for reducing fraud by assessing data patterns to mention a few. However, in case AI fails or attacked, or data tampered with could bring devastating results to the concerned organisations. Here again, the cyber security professional comes into picture. Continuous monitoring of the program and immediate counter measure tactics in case of a compromise will ensure that the AI systems are used for the relevant purpose.
Information Technology (IT) has simplified our lives. Object Oriented Programming, DevOps models, continual delivery practices, service oriented architecture, cloud computing and the like are all AI systems not recognized as AI systems due to their consumerization. However, in the past couple of years, the world has already witnessed the devastating consequences of a corrupt program in the system, a malware attack, a DDoS and etc. According to Gartner, by 2018 20% of the smart buildings will suffer from digital vandalism. It is to mitigate these risks and protect data from falling into evil hands that cyber security professionals are hired at every stage. From a secure coder who mitigates the amount of vulnerabilities in the code to the network administrator who ensures the safety of the network, all of them play a vital role in mitigating cyber-crime to the best possible extent.
Technology and Artificial Intelligence has made great strides in the healthcare and medical field. Some of the systems such as Da Vinci Si HD Surgical System, Cyber Knife Radiosurgery systems, HAL 5 (Hybrid Assistive Limb), therapeutic robots have all brought about a drastic reduction in the mortality rate of the patients, reduced medical costs, pain and trauma. Taking into consideration these facts, maintaining these machines is equally important for them to assist doctors. Maintenance of these sophisticated machines and correcting them in case of any program corruptions is the responsibility of a cyber security professional.
Today, AI is used in every aspect of manufacturing from Planning to Design to Production. It is imperative that manufacturing is the only sector with maximum dependence on AI. Many of the issues such as human resource shortage, accidents, decision complexities and etc. are all resolved by the use of Artificial Intelligence. Last year, Volkswagen, Germany was all in news as one of the stationery robot killed one of the workers in the production plants. These kinds of incidents can be averted by proper maintenance by a cyber security professional.
All these and more are the reasons why cyber security jobs are hot in the market and there is an increasing need for cyber security professionals across the world.
Cyber Security is at the forefront offering an expanse of opportunities. In today’s world of Internet and networks, cyber security holds a prominent position; forming the backbone for any sector or industry to succeed. An increase in cyber surface area has also increased the attack surface area elucidating the need for skilled professionals. However, this domain being relatively new, there is still a lag in forming formal education degrees which would help students choose cyber security as a career path.
Bachelors in Cyber Security or a Masters in Cyber Security are the courses which offer in depth knowledge about Cyber Security. These programs will train students on the various methods to protect national and industry’s online assets while at the same time containing the adversary.
As with all the other skills, cyber security skills also have to be upgraded on a continuous basis. With the threat landscape evolving constantly and becoming increasingly sophisticated, cyber security enthusiasts have to continuously upgrade their knowledge along with technology. While education does provide the basic skill set essential to enter into the cyber security domain, hands-on experience will increase the prospects of landing in the dream job. Hence, it is imperative that enthusiasts who are looking for entering into a cyber security job need to get formal education on the subject to get an edge over others. A Bachelor’s Degree in Security Science will be apt for a cyber security enthusiast.
On the basis of the job profile, the challenges offered and the salary packages, listed below are some of the very interesting cyber security job functions*:
Basic Degree: Bachelors in Computer Science or related degree
Job Profile: Maintaining and deploying training programs for organisation; develop security related aspects of application programs; excellent communication skills; soft skills an added advantage
Average Salary: $233,333
Basic Degree: Bachelors degree in Computer Science + Certifications (C|CISO, CEH, ECSA)
Job Profile: Prepare organisation to counter existing and evolving threats, draft and maintain cyber security policies, monitor effectiveness of security measures.
Average Salary: $225,000
Basic Degree: Organisation dependant + working knowledge of industry regulations
Job Profile: Project Manager of Cyber Security projects, leading the Incident response team
Average Salary: $200,000
Basic Degree: Experienced with working knowledge of industry regulations + Certifications (C|CISO, CEH, ECSA) + solid communication skills
Job Profile: Devise cyber security strategies, recommend cyber security best practices and procedures
Average Salary: $198,909
Basic Degree: Experienced with working knowledge of industry regulations + Certifications (C|CISO) + Excellent communication skills
Job Profile: Protect organisation’s data assets; devise policies to handle breaches and disaster recovery programmes
Average Salary: $192,500
Basic Degree: Experienced with working knowledge + Certifications (C|CISO) + Excellent communication skills
Job Profile: Risk mitigation strategies; maintain security procedures
Average Salary: $178,333
Basic Degree: Bachelor’s degree in Security Science + Certifications (CEH, ECSA would be an added advantage)
Job Profile: Evaluate organisation’s infrastructure; vulnerability detection; attack detection
Average Salary: $175,000
Basic Degree: Bachelor’s degree in Computer Science + Certifications (ECSP Java, ECSP .NET, CEH, ECSA would be an added advantage)
Job Profile: Securing the operating environments; review code and procedures; detect vulnerabilities; implementing security tools in the organisation
Average Salary: $174,375
Basic Degree: Bachelor’s degree in Security Science + Certifications (CEH, ECSA would be an added advantage)
Job Profile: Penetration testing; implementing cyber security tools
Average Salary: $170,000
Basic Degree: Bachelor’s degree in Computer Science + Certifications (ECSP Java, ECSP .NET would be an added advantage)
Job Profile: Responsible for ensuring that all the apps produced or used by the organisation meet the organisation’s security and privacy policies and standards
Average Salary: $165,000
A Bachelor’s degree in Security Science helps students understand the various aspects such as Computer Hardware, Network Security, Information Security, Vulnerability assessment, Disaster Recovery, Forensics, and Incident Handling. Besides these, the course discusses on criminal investigation, containing cyber criminals and the prevention of cybercrime. With the world becoming increasingly dependent on Internet and computers, cybercrime is here to stay, and with cybercrime – cyber security experts are always in demand.
For more information on cyber security related courses and certifications visit us at www.eccouncil.org and www.eccu.edu