Category: Uncategorized

Cybersecurity Salary And Job Outlook – Forbes Advisor  Forbes
source

Share
Kellie Cowan reports
TAMPA, Fla. – Courtney Jackson could have picked just about any city to launch her cybersecurity business three years ago, but for her, Tampa had a lot to love about it.
"The weather, the fact that it's a tax-free state, and we just wanted somewhere different," said Jackson, the founder and CEO of Paragon Cyber Solutions. 
A Navy veteran, Jackson left the defense contract-heavy D.C. area in 2019 and took a leap of faith in Tampa. So far, she said, it's paid off. Her startup has expanded to eight full-time employees, all veterans like her, and she recently landed her first major contract with MacDill Air Force Base. 
"There are a lot of organizations that are very supportive of small businesses here," said Jackson. "The Chamber of Commerce is very active and very helpful. The mayor's office, different organizations with the military, like Hiring Our Heroes. Those organizations exist in other places but for me, coming from the D.C. area, I think Tampa is a different level of support." 
In 2021, Forbes ranked Tampa the No. 1 emerging tech city in the country. 
It's an industry that's expanded rapidly. Tech now rivals the finance sector as the city's top industry, according to Tampa Bay's Economic Development Council (TBEDC).
In the last decade companies in the IT sector have doubled in the Tampa Bay Area. According to JobsEQ data, 3,686 computer and software companies were registered in the region in 2021 versus 1,821 in 2011. At the same time, more than 24,000 tech industry jobs were added in Tampa Bay. 
READ: Mobile training unit helps Tampa companies combat cyberattacks
That's thanks in large part to the TBEDC, which said it's zeroed in on the tech industry.  
"It's an important sector, because they provide quality jobs," Steve Morey, senior vice president of economic development at the TBEDC.  "It's an industry that's here to stay and will lead to longer term success for this community."  
The TBEDC's courting of tech businesses is paying off. The region has seen an uptick in the number of technology companies relocating to the area in recent years. 
In 2021 three major companies set up headquarters in Tampa: Suzuki Marine, Signode, the packaging division of Crown Holdings, relocated from Chicago, and OPSWAT, a cybersecurity company, relocated from San Francisco.
Startups and new companies have also relocated or established their headquarters here, including NuMedTechs, HSP Group and Shufflrr.
This year, AFC Logistics relocated its HQ from Chicago to Tampa, and UK-based Clarify established its U.S. operations in Tampa as well. Other companies announcing expansions to Tampa include Avanade, Branch, and CoinFlip.
Jackson said she's regularly contacted by industry peers about her choice to build her business in Tampa. 
"I get those questions a lot," said Jackson. "Tampa is an amazing place to start a business. I think it's a new tech hub now." 
The city has also become a training hub for tech workers.  Both the University of Tampa and the University of South Florida have rapidly expanded their technology and cybersecurity degree programs.  
"The University of South Florida offers the most certificate and degree programs specific to cybersecurity in the state," said Katie Whitaker, associate director of cyber outreach for Cyber Florida at USF.  
The University of Tampa is currently building a six-story, 105,000 square foot building to house all of its information technology related programs. 
Technology degrees have become extremely popular areas of study at both universities. 
"We don't have a problem filling seats, that's for sure, because it is a very lucrative industry," said Whitaker. "A lot of students, even at the bachelor's level, are finding employment before they even complete their program. And the starting salaries tend to be in the six digits."  
With an expanding local talent pool, tax-friendly business environment and attractive quality of life, industry experts believe even more tech companies will be inclined to make the move to Tampa Bay. 
All the news you need to know, every day
By clicking Sign Up, I confirm
that I have read and agree
to the Privacy Policy
and Terms of Service.

This material may not be published, broadcast, rewritten, or redistributed. ©2023 FOX Television Stations

source

The cybersecurity skills shortage continues to present multiple challenges and have repercussions for organizations. The skills gap can be addressed through training and certifications to increase employees’ education.
The talent shortage and a variety of specialized fields within cybersecurity have inspired many to reskill and join the industry. One way to get more knowledge is to take advantage of online learning opportunities. Below you can find a list of free online cybersecurity courses that can help further your career.

Instructor: Dan Boneh, Professor
In this course you will learn the inner workings of cryptographic systems and how to correctly use them in real-world applications. The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. You will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two parties generate a shared secret key. Throughout the course participants will be exposed to many exciting open problems in the field and work on optional programming projects.

Instructor: C. Edward Chow, Professor
In this course you will learn the history of DDoS attacks, analyze Mirai IoT malware, and perform source code analysis. You’ll learn about the intrusion tolerance paradigm with proxy-based multipath routing for DDoS defense. By developing and deploying such a new security mechanism, you can improve the performance and reliability of the system at the same time and it does not have to be just an overhead. By the end of this course, you should be able to analyze new DDoS malware, collect forensic evidence, deploy firewall features to reduce the impact of DDoS on your system, and develop strategies for dealing with future DDoS attacks.

Instructor: Gang Qu, Associate Professor
In this course, you will study security and trust from the hardware perspective. Upon completing the course, students will understand the vulnerabilities in current digital system design flow and the physical attacks on these systems. They will learn that security starts from hardware design and be familiar with the tools and skills to build secure and trusted hardware.

Instructor: Michael Hicks, Professor
This course explores the foundations of software security. You will learn about software vulnerabilities and attacks that exploit them, and consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, you’ll take a “build security in” mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. Successful learners in this course typically have completed sophomore/junior-level undergraduate work in a technical field, have some familiarity with programming, ideally in C/C++ and one other “managed” program language (like ML or Java), and have prior exposure to algorithms.

Instructor: Philippe De Ryck, Founder, Pragmatic Web Security
This course provides an overview of the most common attacks, and illustrates fundamental countermeasures that every web application should implement. Throughout the course, you will gain insights into the threats that modern web applications face. You’ll build an understanding of common attacks and their countermeasures; not only in theory, but also in practice. You’ll be provided with an overview of current best practices to secure web applications. Although no previous security knowledge is necessary to join this course, it will help to be familiar with the basic concepts behind web applications, including HTTP, HTML, and JavaScript.

Instructor: Jacob Horne, Cybersecurity Consultant
In this course, students are introduced to the field of cyber security with a focus on the domain of security & risk management. Topics include the fundamental concepts and goals of cybersecurity (the CIA triad), security governance design, the NIST cybersecurity framework, relevant laws and regulations, and the roles of policies, strategies, and procedures in cybersecurity governance.

Instructor: Greg Williams, Director of Networks and Infrastructure
This course explores what it takes to design and build the server side of Windows in an enterprise environment. This course will explore everything from Windows Server installation to configuring users, to hardening the server operating system itself. The first week of this course provides an overview of how Windows operates in an enterprise environment and what it may look like in the real world. Week 2 will show you how Windows users interact with the system. Week 3 will explore authorization in a Windows environment. Week 4 explores built in security features of Windows and demonstrates how to use each technology effectively and in what circumstances you would use what technology for what purpose.

source

In an increasingly modernized and interconnected world, the cybersecurity risk continues to grow, and our nation’s infrastructure is not impervious. For states looking to elevate their cybersecurity posture, the IIJA offers numerous avenues of support to make these improvements.
by Casey Dolen and Glenn Grimshaw
In November 2021, the bipartisan Infrastructure Investment and Jobs Act (IIJA) was signed into law, paving the way for a once-in-a-generation investment in America’s infrastructure. The passage of the IIJA secured about $1.2 trillion in funding toward nearly 400 new and existing programs, including programs seeking to improve the country’s roads and bridges, broadband network, energy network, port facilities, and to improve the resiliency of infrastructure and communities.
In an increasingly modernized and interconnected world, the cybersecurity risk continues to grow, and our nation’s infrastructure is not impervious. A disruption to the critical communications technology, transportation and utilities on which citizens rely can have sweeping economic and physical consequences. The IIJA recognizes this by including a number of cybersecurity-specific programs, as well as allowing spending from numerous other programs on cybersecurity preparedness and response, which can be integrated into other infrastructure investments.
For states looking to elevate their cybersecurity posture, the IIJA offers numerous avenues of support to make these improvements. Such programs can be distinguished between 1) those that directly provide funding to address cyber risks and threats, 2) those in which expenditures on cybersecurity-related investments are classified as eligible uses. These IIJA programs are in addition to programs established under other statues, including the Department of Energy’s Cybersecurity, Energy Security and Emergency Response (CESER) Research, Development, and Demonstration program, which has announced a Fiscal Year 2022 funding opportunity.
The following guide provides an overview of potential IIJA grants overseen by various federal agencies that state, local, tribal and territorial (SLTT) entities may wish to take advantage of to combat the heightened global cyber threat.
The IIJA includes funding for new and existing cybersecurity-specific programs that focus on strengthening cyber systems and defense against future attacks, some of which provide opportunities to SLTT entities. Key programs are outlined below.
NGA is pleased to announce the creation of its Governors’ Cybersecurity Policy Advisors Network, which will serve as a forum to share ideas and troubleshoot challenges with colleagues from other states, connect advisors with valuable resources and technical assistance, and provide opportunities to hear from subject-matter experts via timely workshops.
Governors’ offices are invited to designate a representative to participate in this network. This individual could be a policy advisor in a Governor’s office who handles the Governor’s cybersecurity portfolio, a state cybersecurity advisor, a cybersecurity office/division director, or another official of the Governor’s choosing. The intent is that this individual can speak to the Governor’s priorities as they relate to cybersecurity. Offices are welcome to designate more than one representative as long as the Governor’s office has recommended their participation.
NGA asks offices to send contact information for the designated participant(s) to Ann Corcoran (acorcoran@nga.org). Questions about the network can be directed to Steve Fugelsang (sfugelsang@nga.org) and/or Casey Dolen (cdolen@nga.org).
The IIJA also includes several programs across a range of agencies which, while not cybersecurity infrastructure-focused, allow for investment in cybersecurity measures as an eligible use to support program objectives. A number of these programs are outlined below.
Please direct any questions regarding the content of this memo to Glenn Grimshaw (ggrimshaw@nga.org) or Casey Dolen (cdolen@nga.org). A full list of programs that provide funding for cybersecurity measures and further details of each can be found in NGA’s sortable and searchable IIJA program Tracker, which is located on the NGA’s IIJA Implementation Resources page. It may also be useful to consult the White House’s Guidebook to the Bipartisan Infrastructure Law for State, Local, Tribal, and Territorial Governments, and Other Partners, or the State Fact Sheets Highlighting the Impact of the Infrastructure Investment and Jobs Act Nationwide.

Transmission Siting and Permitting: How Governor Leadership can…
Workforce Development in the IIJA, CHIPS and IRA
Engaging Employers in the Apprenticeship System through IRA…
State Strategies to Support Marketplace Plan Enrollment as…
Feb. 11, 2023
Feb. 11, 2023
Feb. 11, 2023
Feb. 10, 2023
Feb. 10, 2023
Feb. 8, 2023
Feb. 8, 2023
Feb. 8, 2023
Feb. 7, 2023
Feb. 7, 2023
Feb. 7, 2023
Feb. 6, 2023
© 2023 NGA. All rights reserved.

source

The cybersecurity skills and talent gap are a worsening problem in the U.S.—and across the world. In fact, 80% of organizations globally have suffered one or more data breaches during the past year that the company could attribute to a lack of cybersecurity skills and/or awareness, according to a recent report from Fortinet.
“The skills gap isn’t just a talent shortage challenge, but it’s also severely impacting business, making it a top concern for executive leaders worldwide,” Sandra Wheatley, senior vice president of marketing for threat intelligence and influencer communications at Fortinet, said in a statement. 
Since 2013, the number of unfilled cybersecurity jobs has grown 350% from 1 million to 3.5 million, according to a 2022 report from Cybersecurity Ventures. There’s many ways to enter the burgeoning cybersecurity industry, whether it be pursuing a master’s degree, taking upskilling courses through an employer, or earning certifications. 
“There are different archetypes of how people find their way into security,” Ryan LaSalle, head of Accenture Security’s North America practice, told Fortune in a recent interview. ”We will take a chance on people all the time. We’ve done it over and over again when we find people that we think have a real potential in security.”
If you’re looking to dip your toes into the cybersecurity world without dedicating too much time or money, many U.S. universities have free online courses that are available to anyone, even non-students. Fortune rounded up five of them to help you get your search started. All universities featured below have appeared on top graduate degree lists from Fortune, including cybersecurity, MBA, data science, and business analytics.
Cyberattacks continue to become more common; in fact, between 2020 and 2021, the number of attacks per year rose 31% to 270, according to a 2021 report from Accenture. The average number of successful attacks per company was 29.
People who are interested in learning more about cybersecurity threats, vulnerability, and risks may want to check out the four-week, online course hosted by New York University. The course, Introduction to Cyber Attacks, also covers basic cybersecurity risk analysis and basic security frameworks. The next offering of the course begins on Sept. 5, 2022, and is taught by Edward G. Amoroso, a researcher and professor with NYU’s Tandon School of Engineering. Amoroso is also founder and CEO of TAG Cyber, a cybersecurity advisory and consultancy. 
Cryptography helps provide secure communication between only a sender and the intended recipient. In other words, this important cybersecurity measure helps prevent adversary interference.
In Cryptography I, students learn the inner workings of cryptographic systems, and how to use them in practice. Participants in this course, hosted by Stanford University, will also have the opportunity to work on practice problems in the field. The course takes about 23 hours to complete over a seven-week period and has flexible deadlines for assignments. Participants who complete the course can share their certification on LinkedIn. Cryptography I is taught by Dan Boneh, a cryptography and electrical engineering professor at Stanford. He also heads up the applied cryptography group and co-directs the computer security lab at Stanford. 
The Hardware Security course offered by the University of Maryland is part of the school’s online cybersecurity specialization program, which covers cybersecurity fundamentals, hardware, and cryptography. This class focuses on understanding digital system design flow vulnerabilities and physical attacks to these systems.
Taught by Gang Qu, an associate professor of electrical and computer engineering, Hardware Security also covers the notion that security stems from hardware design and teaches students how to use tools to strengthen and secure hardware. The class takes about 12 hours to complete over seven weeks. Students who enroll in the cybersecurity specialization program can earn a certificate upon completion.
At the University of Michigan, students can enroll in Internet History, Technology, and Security, which offers an overview of the basics of network technology and how the internet impacts our lives, culture, and society. The course also covers the beginning of the Internet, including how it was made, who made it, and how it works. Other course topics include Internet commercialization and growth and transport control protocol.
During the last two weeks of the 10-week course, students also learn about web security and encrypting to better protect data. Charles Russell Severance, a clinical professor at the University of Michigan School of Information, teaches the course, which takes a total of about 15 hours to complete. 
Western Governors University is ranked by Fortune as having one of the top online cybersecurity master’s programs in the U.S. Network and Security Foundations covers the components of computer networks and basic security concepts associated with networks. In this intro-level course, students also get an introduction to network security, threat, risk mitigation, and security management concepts and practices.
The course is taught by Gerri Light, program chair of WGU’s College of IT, and Michelle Watt, a WGU instructor. The self-paced course takes up to 10 hours each week to complete over an eight-week period. WGU also offers an unlimited-access version of the course for $166.08, which allows students to review materials after the course ends. Otherwise, students can complete the course for free with limited access to materials just during the enrollment period.
See how the schools you’re considering fared in Fortune’s rankings of the best master’s degree programs in data science (in-person and online), nursing, computer science, cybersecurity, psychology, public health, and business analytics, as well as the doctorate in education programs MBA programs (part-time, executive, full-time, and online).

source

Most Popular
A man looking tired and stressed out while sitting at his computer.
Cybersecurity staff are feeling burnout and stressed to the extent that many are considering leaving their jobs. 
According to research by VMware, 47% of cybersecurity incident responders say they’ve experienced burnout or extreme stress over the past 12 months.  
While that’s slightly down compared with 51% the previous year, unsurprisingly the percentage of people who say the stress of working in cybersecurity has made them think about leaving their jobs has slightly increased. 
Of this group, 69% say stress and burnout has resulted in them considering their position, compared with 65% in 2021. 
Cybersecurity can be stressful work; not only do staff need to stay on top of threats posed by cyber criminals, ransomware gangs and even nation-state sponsored hacking campaigns, they also need to ensure their users are equipped with the right tools needed to stay safe – often while working with a restricted cybersecurity budget and a wider team who don’t always understand what they do.
On top of that, there’s also the challenge of managing security vulnerabilities, particularly when significant new zero-day exploits emerge and get used by hackers – according to the survey, 62% of respondents encountered a zero-day exploit in the last 12 months, compared to 51% during the previous year. 
Meanwhile, two thirds said the number of cyber attacks has increased since Russia’s invasion of Ukraine – something which cybersecurity agencies warned was a possibility when the war started.   
SEE: A winning strategy for cybersecurity (ZDNET special report) 
And all of this is happening while many cybersecurity teams are still dealing with the shift towards hybrid working, which while beneficial for many, also brings additional cybersecurity challenges which criminals will attempt to exploit. 
If these pressures are pushing cybersecurity employees away from their jobs, that could have negative repercussions for everyone because fewer cybersecurity staff means it could make it easier for cyber criminals to breach networks – and remain inside them without being detected.  
In order to help combat burnout, many businesses are implementing strategies designed to help cybersecurity personnel manage the balance between their work life and their home life.  According to 72% of respondents, the most helpful one of these is flexible hours, while investment in further education and access to therapy and coaching are also listed as helpful. 
“Broadly speaking, companies are taking the right steps when it comes to easing burnout among cybersecurity professionals,” said Rick McElroy, principal cybersecurity strategist at VMware 
“But solving this issue isn’t a simple, one-time fix. Now is the time to really double down on wellness efforts, such as flexible hours, more education, and coaching and therapy,” he added. 
MORE ON CYBERSECURITY

source

In this round up, we reveal which threat vectors cyber security experts believe will rise to prominence in 2023, and they offer their advice on how best to combat them.
When asked in mid-2022 by Cyber Security Hub which threat vectors posed the most dangerous threat to their organizations, 75 percent of cyber security professionals said social engineering and phishing. Since the survey closed, multiple organizations such as Dropbox, Revolut, Twilio, Uber, LastPass and Marriott International have suffered from such attacks further highlighting the importance to cyber security practitioners of staying aware of phishing threat.
Read on to find out which threat vectors businesses should be aware of and why it is important to ask those at the frontline of preventing and mitigating them, namely cyber security professionals, for their forecasts.  
Market research and consulting firm Acumen Research and Consulting has predicted that the global market for artificial intelligence (AI)-based cybersecurity products is estimated to be worth US$133.8bn by 2030, a whopping 798 percent increase on the market’s $14.9bn value in 2021.
Research by Cyber Security Hub supports this prediction, with almost one in five (19 percent) cyber security professionals reporting that their companies are investing in cyber security with AI and automation. As automation and the use of artificial intelligence (AI) increases, however, so too will the use of cyber attacks against these digital solutions.  
As AI and machine learning has developed, it has been integrated more fully into smart devices, from lightbulbs and speakers to cars. With a predicted 75.4 billion Internet of Things connected devices installed worldwide by 2025, it is no surprise that these smart devices are predicted to increase as a cyber attack target throughout 2023.
Tina Grant, quality assessor at UK-based aerospace company Aerospheres forecasts that cyber attacks targeting smart devices will predominantly affect autonomous devices with multiple points of attack, for example smart cars.
Grant says: “Today’s automobiles come equipped with automatic features including airbags, power steering, motor timing, door locks, and adaptive cruise control aid systems. These vehicles use Bluetooth and WiFi to connect, which exposes them to a number of security flaws or hacking threats. 
“With more autonomous vehicles on the road in 2023, it is anticipated that attempts to take control of them or listen in on conversations will increase. Automated or self-driving cars employ an even more complicated process that demands stringent cybersecurity precautions,” she explains.
The dangers of this have already been explored by David Columbo, a cyber security researcher and founder of cyber security software company Columbo Tech. 
So, I now have full remote control of over 20 Tesla’s in 10 countries and there seems to be no way to find the owners and report it to them…

In a series of tweets in January 2022, Columbo explained that he had hacked into and gained remote access to “over 20 Tesla’s[sic] in 10 countries” allowing him to “remotely run commands on 25+ Tesla‘s[sic] in 13 countries without the owners’ knowledge”. While Columbo did not have “full remote control” – meaning he could not remotely control steering, acceleration or braking – he noted that even some remote-control access was dangerous. 
To demonstrate this, Columbo joked about pranking the affected Tesla owners by playing Rick Astley’s ‘Never Gonna Give You Up’ through their speakers. He then acknowledged that while this may seem innocuous, the ability to remotely play loud music, open windows or doors or flash a car’s headlights repeatedly could put not only the driver’s but other motorists’ lives in danger especially if the car was driving at speed or in a busy area.  
Even if malicious actors can only gain partial control of remote devices, it could have potentially devastating consequences.
Phishing attacks soared in 2022, with international consortium and fraud prevention group the Anti-Phishing Working Group recording a total of 3,394,662 phishing attacks in the first three quarters of 2022. There were 1,025,968 attacks in Q1, 1,097,811 attacks in Q2 and 1,270,883 attacks in Q3, with each quarter breaking the record as the worst quarter APWG has ever observed.
Ernie Moran, general manager of automated prepaid card fraud protection software Arden at financial protection service Brightwell, believes that 2023 will continue to see a rise in phishing attacks due to more people turning to cyber crime for financial gain.
“The downturn in the economy this year will almost certainly lead to an increase in individuals taking additional risks to commit fraud in 2023, but many financial organizations are still unprepared to identify and take action on a coordinated and targeted fraud attack,” he explains.
Moran also predicts that ecommerce sites will be hit particularly hard by this, as they are vulnerable to Bank Identifying Number (BIN) attacks which see fraudsters take incomplete card details gained during phishing or social engineering attacks (i.e. the first six numbers of a bank card) and use software to randomly generate the rest of the information needed. The malicious actors will then use ecommerce sites to test whether the details are correct and/or if the cards are active. 
Moran concludes that there is “no evidence” that those in the acquiring side of the payments ecosystem will make the changes needed in 2023 to limit the ability of fraudsters to take advantage of these vulnerabilities.
Teri Radichel, author of Cybersecurity for Executives in the Age of Cloud and CEO of cyber security training and consultancy company 2nd Sight Lab, says that is clear that attacks leveraging phishing and credentials are not going away.
When building their security strategy and threat defense protocols, Radichel suggests that companies “use a layered security approach to prevent damage if and when attackers compromise credentials”, both to defend against and mitigate these attacks. Additionally, Radichel notes that attackers are moving beyond basic web attacks to more sophisticated forms of attacks by leveraging automation and cloud environments. 
The cost of global cyber crime has been estimated by market and consumer data company Statista to reach $10.5tr by 2025. With blockchain analysis firm Chainalysis reporting that cyber criminals have stolen more than $3bn in crypto-based cyber attacks between January and October of 2022 alone, cyber crime is becoming an incredibly lucrative business for hackers.
As cyber crime becomes more established as a revenue source for malicious actors, some are pivoting to offer their services to a wider community for a fee. Crime-as-a-service allows bad actors to offer their hacking services to others for a fee. An example of this was seen in 2022 when a Meta employee was fired for allegedly using their employee privileges to hijack and allow unauthorized access to Facebook profiles, charging her ‘customers’ thousands of dollars in Bitcoin to do so.
Adam Levin, cyber security expert and host of cybercrime podcast What the Hack with Adam Levin, believes that platforms that allow hackers to offer their services will be the number-one security threat in 2023. Levin explains that this is because criminals are using “increasingly sophisticated software created by threat actors” and selling this software on a subscription-based model for use to scam both consumers and businesses. According to Levin, the most common as-a-service crimeware products are phishing and ransomware. 
As-a-service software is so dangerous, he explains, as it “allows anyone, regardless how tech savvy, to conduct phishing, ransomware, distributed denial of service and other cyber attacks”. He further predicts that in 2023, “criminal software enterprises will continue to threaten enterprises of any size”, as seen in 2022 with the attacks levelled against Microsoft, Dropbox, Medibank, and Uber and Rockstar Games to name a few.
Levin forecasts that the cyber-crime syndicates behind current as-a-service platforms are set to grow over the next 12 months as “they can make more money enabling entry-level cyber criminals to commit crimes than they can directly targeting victims and with less risk”.
When considering how to defend against as-a-service attacks, Levin reassures that these types of attacks can be mitigated with “regular cyber security training, penetration testing, the use of multifactor authentication and implementation of zero-trust architecture”.
On June 1, 2022, a Google Cloud Armour user was targeted with the biggest Direct Denial of Service (DDoS) attack ever recorded. The user was hit with HTTPS for a duration of 69 minutes in an attack that had 5,256 source IPs from 132 countries contributing to it. Google reported it as the biggest Layer 7 DDoS attack reported to date, saying that 76 percent larger than the previous record. In a blog post written by Emil Kiner, senior product manager for Cloud Armor, and Satya Konduru, technical lead, both at Google, the attack was likened to “receiving all the daily requests to Wikipedia…in just 10 seconds”.
With such large DDoS attacks now possible, hackers are taking advantage of the disruption caused to levy multi-vector attacks. While companies fight against one threat vector, they will be launching another against them.
Aaron Drapkin, senior writer at technology news site tech.co, explains that this will give way to rise in “triple extortion attempts” in 2023. In these attacks, he explains, ransomware gangs will “not only attempt to encrypt and then exfiltrate data and demand a ransom, but also orchestrate other types of attacks, such as DDoS attack or threatening victims’ associates with data leaks”. 
Drapkin warns that these multi-attack vectors could become more dangerous if coupled with the threat vector prediction made by Adam Levin – cyber crime as-a-service. This is because “if the technology or instructions needed to orchestrate these additional cyber attacks are incorporated into commercially available Ransomware-as-a-Service packages” sophisticated attacks could be launched by a range of malicious actors, instead of a select few groups.
As the global workforce continues to work in an increasingly remote or hybrid capacity, the need for cloud migration has become clear. Research by video conferencing software company Owl Labs has shown that, globally, the amount of workers choosing to work remotely has increased by 24 percent.
As companies migrate some or all of their assets to the cloud, the need for cloud security has increased. When surveyed by Cyber Security Hub, one in four (25 percent) of cyber security professionals said that their companies were investing in cloud security capabilities. 
This investment will be needed in the year ahead, says founder and CEO of Abdul Rahim, founder and CEO of technology advice site Software Test Tips. He explains that while being its biggest selling point to businesses, the ability of cloud servers to allow users to access a company’s applications, files and resources from anywhere in the world is also its biggest vulnerability.
Matt Kerr, CEO and founder of appliance repair site Appliance Geeked, notes that while the cloud-based data storage can be equipped with cyber security measures to prevent data breaches, if a company hosts a large amount of valuable customer data, even a partial breach can have far-reaching negative effects. This is because a company’s cloud storage contains “enormous hoards of extraordinarily valuable data”, even if an attacker only gains access to a fraction of this data, they can do real damage with it.
An example of this is the Revolut data breach seen in September 2022. Despite Revolut reporting that the breach affected just 0.16 percent of its customers, in reality this translated into the personal data of more than 50,000 users being accessed.
Aerospheres’ Tina Grant explains that keeping cloud storage secure requires companies to regularly review and improve their security procedures. She says cloud storage programs like Google Cloud and Microsoft Azure may have strong security measures in place but mistakes on the client end can lead to dangerous malware and online scams, which can result in a cloud-storage breach.  
With the advent of cloud migration, many companies are incorporating third-party software solutions into their company infrastructure. Many cyber security professionals are wary of the risks incurred by this decision, however, with more than a third (36 percent) of cyber security professionals reporting to Cyber Security Hub that supply chain/third party risks are a top threat to their organization’s cyber security.
David Attard, digital consultant, web designer and data handler at web design company Collectiveray, believes data breaches due to third-party access will rise in 2023. He explains that this will especially affect companies in the healthcare, education and manufacturing industries as they are especially vulnerable to these attack vectors because of their “lack of security around third-party accesses”, and this is not likely to change in 2023.
“These industries don’t have anyone assigned to manage third-party risk, still, only about 39 percent of the manufacturing industries have implemented third-party security. The number of cyber attacks is only to increase unless practices like ‘least privilege access’ are carried out,” he continues.
This was seen in October 2022, after the source code for car manufacturer Toyota was revealed to have been posted on GitHub. The code was posted following the mishandling of company data by a third-party development contractor and was visible between December 2017 and September 15, 2022. This may have led to malicious actors accessing the personal data of 296,019 customers.
Human error is predicted to remain a major factor in cyber security threats for 2023. In 2022, research by the World Economic Forum found that 95 percent of cyber security issues could be traced back to human error. Likewise, almost a third of cyber security professionals (30 percent) told Cyber Security Hub that lack of cyber security expertise was the number one threat to cyber security at their organization.
Texas-based cybersecurity and national security expert Charles Denyer cited Verizon’s 2022 Data Breaches Investigations Report, noting that “one [in] four [82 percent] data breaches can be attributed to human error”. 
As a result of this, Denyer says: “When ensuring the safety and security of an organizations digital assets”, cyber security awareness training “is still the very best and most valuable return on investment.”  
He says that this is because the more knowledgeable and aware users are, the better the chances an organization has in protecting its assets.
Throughout 2022, a number of cyber attacks by nation states, including those of Iran against Albania, those of Russia against Ukraine and Montenegro, or the unidentified attack on the New Zealand government. 
Ryan Kirkwood, CTO of investment company Freedom Dividend, says cyber attacks by nation-states, such as the Russian hacking of the Democratic National Committee in the US in 2016, are also a major threat to businesses.
In 2023, businesses should expect to see more cyber attacks by nation-states as these types of attacks become more common and more sophisticated.

With more than 140,000 members, Cyber Security Hub is the vibrant community connecting cyber security professionals around the world.
Join Now
February 21 – 22, 2023
Free CS Hub Online Event
22 February, 2023
Online
01 March, 2023
Online
08 – 09 March 2023
Free CS Hub Online Event
08 March, 2023
Online
15 March, 2023
Online
Insights from the world’s foremost thought leaders delivered to your inbox.
2023-03-15
10:00 AM – 11:00 AM EST
2023-03-08
10:00 AM – 11:00 AM EST
2023-03-01
11:00 AM – 12:00 PM PST
Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.
Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.
Cyber Security Hub, a division of IQPC

Careers With IQPC| Contact Us | About Us | Cookie Policy
Become a Member today!
Already an IQPC Community Member?
Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.
We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.

source

The US Govt and Corps Look to Fill 700K Cybersecurity Jobs  The New Stack
source

Getty Images
High-profile cyber attacks elevated cyber security and cyber crime to dinner table conversation in 2021, and although there was no repeat of the Colonial Pipeline incident in 2022, awareness of cyber issues among the general public has never been higher.
And cyber criminals showed no sign of slowing down in 2022, even though ransomware attack volumes appeared to drop off for a time, in a trend likely linked to the war in Ukraine.
This year saw high-profile attacks on well-known organisations, disruption to the UK’s supply of crisps and new battles in the fight against digitally enabled fraud, while a cyber crime spree by a gang of troublesome kids caused consternation.
Here are Computer Weekly’s top 10 cyber crime stories of 2022.
In January, contractor payroll service provider Brookson Group referred itself to the National Cyber Security Centre (NCSC) after an “extremely aggressive” cyber attack that forced it to take systems offline. Coming amid the ongoing IR35 controversy, this incident, and a separate attack on a different umbrella firm, disrupted salary payments for thousands.
In February, a series of cyber attacks targeting oil distribution terminals and other facilities in Europe had authorities on high alert, given rising fuel prices and the threat of supply disruption as the political crisis in Ukraine escalated into conflict.
A series of attacks on technology suppliers by a group known as Lapsus$ grabbed the headlines early in 2022, and although some gang members were arrested, these attacks have continued later into the year. In March, we explored how Lapsus$ attacks on Nvidia and Okta highlighted weak multifactor authentication and the risks of employees being bribed or falling victim to social engineering.
Every so often, a cyber attack hits the front pages of the UK’s tabloid newspapers, and February’s Conti ransomware attack on the systems of KP Snacks, the company behind iconic brands such as Hula Hoops, Space Raiders and the eponymous peanuts, made the cut. Computer Weekly heard from security experts about the incident, one of whom spoke of a “dark day for crisp aficionados”.
Conti hit the headlines again in May, when it shut down amid suggestions it had orchestrated its own downfall for its members to split off into new operations. Ransomware cartels come and go, but Conti was a particularly dangerous group, and its loss was not mourned.
Ride-sharing service Uber was one of 2022’s high-profile cyber attack victims in September, when it suffered a supposed social engineering attack on an employee by an apparent teenage hacktivist who wanted the company to pay its drivers more money. The incident saw multiple systems at Uber disrupted, which later blamed the Lapsus$ collective.
A somewhat botched Clop/Cl0p ransomware attack on South Staffordshire Water in August seemed to have been largely forgotten, until it emerged at the end of November that the gang had stolen customer data and leaked it on the dark web. The data included names and addresses, bank details including sort codes and account numbers, and possibly other personal data. Customers of sister company Cambridge Water also seem to have been hit.
The Lapsus$ cyber crime spree put teenage hackers and so-called script kiddies, rather than advanced ransomware gangs, in the spotlight this year, and in June, Computer Weekly spoke to one of the UK’s most famous teenage hackers, Daniel Kelley, who was just 17 when he played a key role in the infamous TalkTalk cyber attack. Kelley is still laser-focused on cyber security, but is planning to pursue a legitimate career.
Ransomware gangs rarely directly target consumers, making digitally enabled fraud arguably the most likely way the average person is going to fall victim to cyber crime. The fight against fraud continued in 2022, and in November, the Metropolitan Police revealed details of its role in a major operation that took down a cyber criminal website and saw more than 100 arrests.
At the beginning of December, a sudden drop in service for users of Rackspace’s Hosted Exchange business caused widespread chaos before being confirmed as a ransomware attack by an unspecified group. Full details of the incident are not yet known, but given how many Computer Weekly readers tuned in, it will likely prove one of the more disruptive cyber crime incidents of the year.
The U.S. government has released a report outlining plans to build a National AI Research Resource democratizing access to AI …
For the first time in two years, tech employment didn’t grow in January, thanks to tech company layoffs. But the shift to digital…
Smart contracts, automated content creation, targeted advertising, community building and metaverse-like experiences are some of …
Since the onset of the widespread attacks last week, the ESXiArgs ransomware strain appears to have undergone updates that make …
TrickBot malware has caused considerable damage to U.S. organizations, particularly in the healthcare industry, and was used in …
Ransomware hit a high number of unpatched VMware ESXi servers by exploiting two- and three-year-old flaws, which has put …
Hybrid access as a service from a startup helped a global company secure optimized connectivity over home broadband connections. …
API integration, machine learning and AIOps are vital to achieve the benefits of SD-WAN automation, which include better network …
A heavy reliance on the network can increase energy use across businesses. Here are some best practices network teams can follow …
Organizations stand to benefit from the compute power of quantum computing as it develops. The tech has potential uses in supply …
When organizations go green in their data center, they will have to measure the facility’s efficiency and environmental impact. …
AMD reported a rise in fourth-quarter revenue, along with expectations for a much-needed surge in demand for PCs in the second …
The vendor is the creator and lead sponsor of the open source InfluxDB database and plans to use the new funding to further …
Organizations are using cloud technologies and DataOps to access real-time data insights and decision-making in 2023, according …
Data lakes and data warehouses are both commonly used in enterprises. Here are the main differences between them to help you …
All Rights Reserved, Copyright 2000 – 2023, TechTarget

Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information

source

The FBI is worried about a wave of cyber crime against America’s small businesses  CNBC
source