In this detailed overview of the current crisis, we’ll look at both the native and global climate of cyber security and the relevance of professional certifications in closing the security skills gap.
Firstly, let’s look at the global threat and some alarming statistics:
- It takes half a year to detect a data breach.
- 43% of all cyber attacks are aimed at small businesses.
- 91% of attacks launch with a phishing email.
- A business falls victim to a ransomware attack every 14 seconds.
- 38% of malicious attachments are masked as one Microsoft Office type of file or another.
- Cyber criminals managed to exploit the credit cards of 48% of Americans back in 2016.
- The global cost of online crime is expected to reach $6 trillion by 2021.
“A global report from the Enterprise Strategy Group told us that 2018-2019 saw 53 percent of organisations reporting a problematic shortage of cybersecurity skills…”
How does this look throughout Australia and how can it be tackled?
On 22 February 2017, the Australian Privacy Act 1988 was amended to include the NDB, Notifiable Data Breaches, scheme, which applies to organisations with personal information security obligations under the Act. When the EU’s GDPR (General Data Protection Regulation) then occurred in May, demand for cyber specialists more than tripled between February and June of the same year.
The Cyber Security Review, led by the Department of the Prime Minister and Cabinet, found that cybercrime is costing the Australian economy up to $1 billion annually in direct costs alone. With cybercrime diverting funds from the legitimate Australian economy to the illegitimate. In addition to loss of money, cybercrime causes other damage including:
- Damage to personal identity and reputation.
- Loss of business or employment opportunities.
- Impact on emotional and psychological wellbeing.
Examples of cybercrime include ransomware and credential harvesting malware.
Ransomware: This is a type of malware that facilitates extortion. It usually infects a victim’s computer after the victim opens a malicious email attachment. Following infection, ransomware locks a computer’s content and displays a message requiring victims to pay a ransom for a decryption key that will supposedly allow them to regain access.
The emails delivering ransomware to Australian victims use branding of trusted and well known Australian corporations as part of their social engineering techniques.
Credential harvesting malware: This is malware designed to harvest a user’s credentials when they are logging onto a website. This is done completely covertly so the victim is unaware their credentials are being stolen. The malware that facilitates this harvesting is usually delivered to a victim’s computer or device via an email with a malicious attachment.
“In 2017, interest in cyber security job postings met 17.5% of the demand. After the number of job postings surged by 173% in the past year, however, the Australian market is supplying just 7% of demand…”
The best place to start in tackling this epidemic is working towards best standards and practice globally – and who better to set the standards than the Computing Technology Industry Association, CompTIA. Born of a global need for vendor neutral training and certification standards, CompTIA tackle the ongoing shortage in all areas cyber, notable and unique in doing this is the Cyber Security Analyst, CySA+.
CompTIA CySA+ meets the ISO 17024 standard and is approved by U.S. Department of Defense to fulfil Directive 8570.01-M requirements.
The CySA+ applies behavioural analytics to networks and devices to prevent detect and combat cybersecurity threats. Think of it like playing defence over a huge field of tech' with the following skills.
- Performing data analysis and interpret the results to identify vulnerabilities, threats and risks to an organisation.
- Configure and use threat-detection tools.
- Secure and protect applications and systems within an organisation.
This important certification tackles defensive security, when it comes to offensive there’s no better than the globally renowned Certified Ethical Hacker, CEH v10, created and certified by the EC-Council, the International Council of E-Commerce Consultants.
CEH v10 has a reputation for being the go-to in cyber security and with good reason. The training immerses the student into the mind of a hacker with all associated methodologies, tools and tricks. Or as they put it, to beat a hacker, you need to think like a hacker.
This is an entirely different way of achieving optimal information security posture in an organisation; by hacking it. Once certified you will scan, test, hack and secure your own systems.
So whether your inclination is defensive or offensive, training up to either of these global standards from scratch can take as little as 200 hours, with professionally mapped pathways to suit all incumbent skill levels. At Learning People, our mission is to enhance careers by facilitation of professional certification training and in doing so help fill the ever increasing skills gap within information security.
Your journey starts with a personal, informative and professional consultation call with one of our dedicated experts. So why wait? Pick up the phone today and let us help you to help the cyber industry with world class certifications.