This may be the first U.S. presidential election in history where cyber security has been a point of debate. Hillary Clinton used personal servers for government business, while Donald Trump’s corporate web servers were not secure.
Politics aside, this drives home the point that cyber security experts have been making for many years: cyber security is everyone’s responsibility. If you’re an IT-security professional, you’ve likely found yourself in the position of trying to get resistant employees to abide by security policies. If security is not your field, a demonstrated awareness of the most recent online threats and sound practices for reducing risk should be seen as an asset by employers.
Cyber security professionals can play a strong role in educating people within their companies on basic security strategies while they guard the corporate networks and data. Lindsay Goodspeed of the PCI Security Standards Council recommends that every company create a cyber security-conscious culture. In fact, this kind of culture leads to more job satisfaction for cyber security professionals, according to Network World.
Trends in Cyber Crime
Cyber crime is happening at an increasing rate and can wreak havoc on businesses. Everyone in tech should be aware of these trends:
Threats From Former Soviet States
Writing in the Harvard Business Review, William J. Osborn and David M. Upton, both of the University of Oxford’s Saïd Business School, note that Russian-speaking cyber criminals can operate freely among the various former states, taking advantage of a large number of unemployed Russian computer experts. They say there’s evidence that Russian hackers have stolen some $1 billion from banks around the world in the last three years. The takeaway: cyber crime will continue to grow and get more sophisticated.
In a related trend, hackers are selling their services to criminals that lack technical acumen, according to Bank Info Security. Anyone with the cash and the will can pay to launch denial-of-service attacks, obtain access to malware infected personal computers, or hire people to use stolen ATM codes. In fact, this criminal ecosystem even operates customer service call centers to help ransomware victims who aren’t familiar with bitcoin pay to have their files released.
Ransomware Continues to Rise
According to Europol, ransomware is now the most prevalent type of malware globally. While it’s typically spread through links or attachments, a new form can self-propagate. It’s an illustration of the unfortunate creativity and talent being put to nefarious ends.
Crime-as-a-service operations are making it easier for companies to use the ransomware exploit as a competitive weapon. According to Data Breach Today, a security researcher with F-Secure who posed as a ransomware victim was told that his service had been hired by a Fortune 500 company to specifically target a competitor with the aim of slowing down its next product release.
Phishing Exploits from Seemingly Familiar Brands
With those ubiquitous “your order has shipped” emails from Amazon, a highly trusted brand, customers might be forgiven for opening the attachment. Unfortunately, doing so activates the Locky ransomware, according to Comodo. Consumers may have become more aware of phishing exploits that appear to come from financial services, but they may not be tuned into the danger from consumer brands.
Biomedical Data More Valuable Than Credit Cards
There was a huge rise in the theft of medical data in the past year, according to Trends Research & Advisory, with 100 million health records illegally accessed. Despite the demands of HIPAA, security in the healthcare industry is relatively lax. The information is attractive to criminals because it contains not only health information but often also Social Security numbers, credit card data, email addresses, and place of employment. With healthcare institutions trying to improve their data security, job growth for IT security pros in this sector should be strong.