Trends in Cybersecurity: The Skills Shortage, Information Privacy, Two-Factor Authentication & More

Find schools

*sponsored

The Skills Shortage in Cybersecurity

Let’s start with a big one.

Search “cybersecurity” on the internet and undoubtedly you’ll see headlines like, “The Cybersecurity Talent Gap is an Industry Crisis” and “The Cybersecurity Skills Shortage is Only Getting Worse.” Not only do I see this in global surveys of IT professionals, but I hear it about it constantly from my colleagues in the field.

The cybersecurity profession is tackling this by bolstering both undergraduate and graduate degrees that teach students necessary skills. The University of Washington, for example, offers a master of science in cybersecurity engineering degree with a curriculum focused on the core security principles: protection (harden information infrastructures to resist attacks), detection (hunt down intruders), and correction (respond to attacks to minimize losses).

There are many cybersecurity programs offered online as well. These are tailored toward the working professional. For example, The University of North Dakota offers a fully online master of science in cybersecurity through their renowned College of Engineering and Mines. They educate you to become a digital forensics examiner and protect information as it moves through our increasingly connected world.

Other online cybersecurity programs include:

  • Arizona State University - Master of Arts in Cybersecurity Policy and Management
  • Southern New Hampshire University - Master of Science in Cybersecurity
  • Syracuse University - Master of Science in Cybersecurity
  • Western Governors University - Master of Science in Cybersecurity and Information Assurance
  • Utica College - Master of Science in Cybersecurity
  • Regent University - Master of Science in Cybersecurity

Goodbye Passwords

In 2019, we realized that passwords are really a thing of the past and we ushered in the new era of passwordless authentication. In security, this is called multi-factor authentication (MFA), which replaces traditional typed passwords with other technologies like biometrics. With MFA, you must prove your identity using two or more verification factors that are secured using a cryptographic key pair.

The FIDO (“Fast IDentity Online”) Alliance is an open-industry association who aims to develop and promote authentication standards and ultimately reduce the world’s over-reliance on passwords. According to their website, their FIDO2 Certification reflects the “industry’s answer to the global password problem and addresses all of the issues of traditional authentication including security, convenience, privacy, and scalability.”

This year, Microsoft’s Windows Hello and Android apps and websites achieved FIDO2 certification bringing secure passwordless authentication to hundreds of millions of devices around the world.

Rise of Highly Sophisticated Phishing Attacks

This year, the number one cause of data breaches is phishing, according to the the 2019 “Data Breach Investigations Report” published by Verizon’s Threat Research Advisory Center. Of all types of attacks used by cybercriminals, phishing has the highest success rate.

So, what is phishing? According to the European Union Agency for Cybersecurity (ENISA), phishing is a digital technique used to persuade you into divulging sensitive information such as your password or banking details. These attacks use a combination of social engineering and deception, often disguising themselves as a trustworthy entity.

There are many types of phishing including email phishing, smishing (SMS phishing), vishing (phone call phishing), and qrishing (QR code phishing).

In the past, it was fairly easy to spot the Nigerian Prince scheme, but in 2019, phishing attacks became more targeted and more sophisticated. Termed “spear phishing,” these attacks target specific people or organizations. The attackers learn what they can about you using open source intelligence (i.e., public information posted on the internet) to personalize the attack, making it much more believable.

This year we also saw the rise in Business Email Compromise (BEC), sometimes also referred to as “whaling.” This is another specific form of phishing where the attacker compromises a legitimate business email account and then conducts unauthorized transfers of funds. In the FBI’s latest Internet Crime Report, BEC costs $1.2 billion annually, and from October 2013 to May 2018, approximately 78,000 BEC attacks have been reported.

In addition, 2019 saw a steady growth in mobile phishing attacks. According to the ENISA Threat Landscape Report, phishing attacks on mobile devices using messaging apps (e.g., WhatsApp) and social media apps (e.g., Instagram) have grown by an average of 85 percent year-over-year since 2011.

More Privacy Regulations

In 2018, Europe passed the General Data Protection Regulation (GDPR), which was created to protect a person’s right to data privacy, and require companies to give each person’s right to access, control, and delete their own data. Although GDPR technically only applies to those that live in Europe, major technology companies like Microsoft have adopted it as corporate policy, too.

In 2019, we saw California create its own version of GDPR as well. The California Consumer Privacy Act (CCPA) goes into effect on January 1, 2020 and requires all for-profit companies who do business in California to meet minimum standards aimed at protecting a person’s right to digital privacy. In contrast to GDPR, CCPA focuses specifically on commercial use of data and requires an “opt-out” policy rather than an “opt-in.”

Looking ahead to 2020, Gartner predicts that, “Regulatory and privacy challenges will continue to grow in conjunction with digital business’s insatiable appetite for personal data.”

The Explosion of Data

In their recent publication “Data Age 2025 The Digitization of the World from Edge to Core,” IDC highlights a looming problem: the sheer volume of information. They expect worldwide annual data creation to reach 163 zettabytes (ZB) by 2025—that’s ten times the amount of data produced in 2017.

When you combine the abundance of data with the rate of its production, the breadth of its global distribution across devices and applications, the increased desire to share it among each other, and the dramatic increase in regulatory requirements, information protection has become a Sisyphean feat.

To help us prepare for our “digitally transformed future,” this year IDC released the world’s first data readiness condition index (DATCON). The DATCON index evaluates an industry's preparedness for managing, analyzing, and storing this immense amount of data. They use a scale from one to five, where five represents an industry that is completely optimized and one represents an industry in critical condition.

Increasingly Connected through the Internet of Things (IoT)

Widely considered the world’s first-ever cyberweapon, Stuxnet attacked and shut down tiny industrial computers in Iran’s nuclear labs. Specifically, it caused uranium enrichment centrifuges to spin out of control, ultimately destroying them and stalling Iran’s nuclear program.

The Stuxnet case represents a cyberattack on the Internet of Things (IoT). With IoT, we’ve increased the “attack surface area”—that is, we now have more things than ever connected to the internet that can exploited by cybercriminals.

The “attack surface area” refers to size and sum of all places where someone might be able to enter into your digital environment. For example, if your home only has one laptop connected to the network, your attack surface area is very small. But, modern homes don’t just have one laptop, they also have connected smart phones, smart TVs, smart refridgerators, and smart thermostats, to name just a few.

As you think about the attack surface area of your home, start to think about that at the scale of a hospital with its computers, phones, infusion pumps, activity trackers, connected inhalers, thermometers, pulse oximeters, and heart rate monitors.

And, these things are not only in our homes and hospitals, but they also form the backbone of our refineries, telecoms, rail systems, electricity grids, water supply systems, and power plants. While this interconnectedness awards rich knowledge and efficiencies, it also leaves us vulnerable to an attack.

To address this risk, 2019 saw the launch of the Operational Technology Cyber Security Alliance (OTCSA), a noncommercial industry organization focused on researching and producing implementation and management guidelines for IoT.

While these modern challenges are formidable, they are also creating a wealth of opportunities for people interested in careers in cybersecurity.

Related Features

Artificial Intelligence Systems & Specializations: An Interview with Microsoft’s Sha Viswanathan

I began my career as a psychiatric nurse practitioner and until recently, I was using my skills in assessing and understanding human behavior to conduct UX research on topics like computer self-efficacy and organizational change.

Business Systems Analyst – A Day in the Life

I began my career as a psychiatric nurse practitioner and until recently, I was using my skills in assessing and understanding human behavior to conduct UX research on topics like computer self-efficacy and organizational change.

Heroes in Engineering: A Spotlight on Artificial Intelligence

I began my career as a psychiatric nurse practitioner and until recently, I was using my skills in assessing and understanding human behavior to conduct UX research on topics like computer self-efficacy and organizational change.

Heroes in Engineering: An Interview with a White Hat Hacker

I began my career as a psychiatric nurse practitioner and until recently, I was using my skills in assessing and understanding human behavior to conduct UX research on topics like computer self-efficacy and organizational change.

Heroes in Engineering: The Architects of Benevolent VR

I began my career as a psychiatric nurse practitioner and until recently, I was using my skills in assessing and understanding human behavior to conduct UX research on topics like computer self-efficacy and organizational change.