IT Support and Hardware for Clinics
35.6K views | +3 today
Follow
IT Support and Hardware for Clinics
News, Information and Updates on Hardware and IT Tools to help improve your Medical practice
Your new post is loading...
Your new post is loading...
Scoop.it!

How Serious is the Cybersecurity Talent Shortage? 

How Serious is the Cybersecurity Talent Shortage?  | IT Support and Hardware for Clinics | Scoop.it

Across all industries worldwide, cybersecurity has become a top priority. Hackers keep pumping out new types of malware, and data breaches keep occurring. As of April 8, there were already 281 breaches exposing nearly 6 million records in 2019 so far, according to the Identity Theft Resource Center. Businesses can’t afford to sit back and wait until they’re attacked to defend themselves against cybercriminals.

 

With the average cost of a data breach globally totaling $3.86 million according to IBM and the Ponemon Institute, the wisest course of action is to proactively protect your organization with a comprehensive cybersecurity strategy.

 

However, everyone looking to effectively combat IT security threats faces a significant obstacle: a cybersecurity talent shortage. If you’re a business leader seeking to minimize your data breach risk, consider the following information on the extent of this issue and what you can do to overcome it.

 

The Cybersecurity Workforce Gap by the Numbers (ISC)² – an international, nonprofit association for information security professionals – released a report on the cybersecurity workforce gap in 2018. The report draws on a survey of nearly 1,500 cybersecurity pros and IT pros who spend at least 25 percent of their time on cybersecurity tasks.

 

Here are a few key statistics from the report that illustrate the extent of the talent shortage: The global shortage of cybersecurity professionals is approximately 2.93 million. 63 percent of survey respondents said their organizations have a shortage of IT staff focused on cybersecurity. 59 percent also say their organizations have a moderate or extreme cyberattack risk level because they lack sufficient cybersecurity talent. “Awareness of the cybersecurity skills shortage has been growing worldwide,” the report’s introduction states.

 

“Nevertheless, that workforce gap continues to grow, putting organizations at risk. Despite increases in tech spending, this imbalance between supply and demand of skilled professionals continues to leave companies vulnerable.” What’s Behind the Cybersecurity Talent Gap?

 

The increasing popularity of e-commerce and the rise of new technologies like mobile devices and the Internet of Things has created more opportunities for cybercrime. In the past few years, in particular, the demand for cybersecurity talent has surged, according to Verizon. Basically, the supply hasn’t had time to catch up to the skyrocketing demand. Universities and training programs need time to develop the right courses so that job candidates have the cybersecurity skills companies are searching for, Verizon explains.

 

However, it will take a while for college students to complete the new coursework and find their way into the workforce. Another, faster answer to the talent shortage is for workers to learn through on-the-job training.

 

What Can Businesses that Need IT Security Expertise Do to Overcome the Talent Gap? There are several ideas out there already concerning how to remedy the growing and highly concerning cybersecurity skills shortage.

 

Here are a few notable proposals: Form an industry-wide alliance: If large enterprises in the IT world (e.g., Dell, Cisco, Microsoft, Google and so on) join forces, they could put cybersecurity training programs in motion to address the talent shortage, according to the CSO opinion piece “The cybersecurity skills shortage is getting worse” by Jon Oltsik, a principal analyst at Enterprise Strategy Group. Broaden the job search to include candidates with the potential to learn.

 

Companies shouldn’t necessarily rule out professionals who don’t have the ideal qualifications in terms of degrees, certifications, and experience, Arctic Wolf Networks CEO Brian NeSmith advises in the Forbes article “The Cybersecurity Talent Gap Is An Industry Crisis.” Be open-minded and consider that intelligent candidates with great problem-solving skills might do well in the role, even if they don’t have all the prerequisites.

 

Turn to a third-party provider for assistance. A managed security services provider like Stratosphere Networks can help you gain access to high-level cybersecurity expertise while still containing costs. Services such as virtual CISO and CSO can give you all the benefits of having a security pro on staff without drawbacks like the price of training and hiring an in-house executive.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

What a New $35 Million Agency Is Expected To Do for US Cyber Defense

What a New $35 Million Agency Is Expected To Do for US Cyber Defense | IT Support and Hardware for Clinics | Scoop.it
The new Cyber Threat Intelligence Integration Center is intended to coordinate intelligence among government agencies to better respond to cyber attacks.

Via Paulo Félix
more...
No comment yet.
Scoop.it!

Congress will hold a public hearing on North Korea's hacking powers next week

Congress will hold a public hearing on North Korea's hacking powers next week | IT Support and Hardware for Clinics | Scoop.it

In the wake of the Sony Pictures hack, Washington is showing a new focus on the threat posed by North Korea. The House Foreign Affairs Committee has called for a public briefing on Tuesday that will examine the country's hacking capabilities, with testimony from the Departments of State, Treasury and Homeland Security. The briefing will focus on steps the US is taking to curtail or protect against the country's apparent capabilities. "There can be no doubt that the Kim regime means America harm," Chairman Ed Royce (R-CA) said in a statement, "and as we saw last month, Pyongyang can deliver on its threats."

President Obama has already ordered new sanctions against North Korea in direct response to the attack, but has also hinted at further measures yet to come, calling the sanctions the "first aspect" of the government's response. Others in Congress are also calling for new defensive measures, resurrecting the controversial CISPA cybersecurity bill. Given the newfound interest in digital defense, supporters see this as the bill's best chance to get through Congress. On Wednesday, FBI director James Comey reiterated his confidence that the nation was responsible, saying, "we know who hacked Sony. It was the North Koreans."


more...
No comment yet.
Scoop.it!

Healthcare IT Security Problems, People and Solutions

Healthcare IT Security Problems, People and Solutions | IT Support and Hardware for Clinics | Scoop.it

Like other sectors whose mission depends on network-connected technology, healthcare is in crisis. In addition to the need for confidentiality, people’s lives depend on the integrity of the health information system. Incorrect decisions based on incorrect information could mean the difference between life and death. Finally, the information must be available when needed by a caregiver.


Similar to many companies, which view themselves as non-technology companies, a common problem with hospitals is that they make heavy use of technology but refuse to spend the money to secure and use it properly. The common theme is usually: Where is my return on investment? CFOs, CEOs, and even CIOs, are usually not technically savvy; therefore they are very shortsighted when it comes to seeing how technology is critical to the mission of the organisation. Therefore, we have to explain the risks and opportunities and the vital role technology plays in mission of healthcare organisations: the very safety and well being of their patients.


Ransomware such as Cryptolocker, a recent phenomenon on the hospital scene seems to be the new threat, but not the most dangerous by far. Locking hospital data is more of an inconvenience at this point. Take Hollywood Hospital Healthcare systems for instance, a well-maintained backup system would have allowed them to abandon the old system, format the hard drives and upload the backups to critical systems overnight. Lack of planning cost them an extra $17,000 dollars, and maybe millions in lawsuits. In 2013 over 250,000 victims and about 90,000 machines per day were affected according to www.privacyandsecuritymatters.com.


Regardless of this, the attacks I am most worried about are command and control type attacks. These attacks could be leveraged against pacemakers, and other electromechanical devices that send wireless signals over the internet to doctors and caregivers. In some cases, manipulation of these devices can have immediate and deadly consequences.


The investment in healthcare Information technology would have four meaningful effects:

Investment in better technology that can detect a real-time intrusion attack on the system and automate its response;

The weakest link in the IT chain can be the people. However, with proper training in incident response and intrusion mitigation, this weakest link situation can be solved. An attack on a SCADA type system would mean the attacker would need to do reconnaissance on the people and system. Trained personnel would know to look for system enumeration, scanning events and change in data traffic flow. Most attacks can be avoided with knowledge and vigilance. Patients’ information would be more protected, risk to data breach would be minimised, and return on investment would be realized over the long term.

What management also needs to realise is spending money on the system does not make it hack proof. What it does is reduce the chances of a breach, not eliminate it.

Most CIOs, CFOs, and CEOs would ask: What happens when I invest in training for personnel and they take that training and find a better job? Well, finding well-trained people that work cheap is not an option. For the training, ask employees to stay for two years in return and train junior employees. Discuss salary increases so employees can feel compensated for their work. The alternative is, you do not train employees and they stay with the company for 20 years collecting a pay check while the problem escalates. Healthcare management has the power to create the healthcare technology of the future they desire. This is not the responsibility of their employees.

Technical Dr. Inc.'s insight:

Contact Details :
inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

DDoS-attack takes Dutch government sites offline for 10 hours

DDoS-attack takes Dutch government sites offline for 10 hours | IT Support and Hardware for Clinics | Scoop.it

A sophisticated distributed denial-of-service (DDoS) blocked Dutch government and privately run commercial sites from the public for more than 10 hours Tuesday.

The ministry of General Affairs, the National Cyber Security Center (NCSC), website hosting company Prolocation and services provider Centric are working to determine the specific methods used in the attack and who was behind it.

The attack, which started at 9:45 a.m. local time, was difficult to deflect because the attack patterns changed regularly, said Prolocation’s director, Raymond Dijkxhoorn. The attack was different from the usual DDoS attempts that happen on an almost daily basis and are easier to defend against, he said.

“It is the first time that we couldn’t deal with it,” Dijkxhoorn said.

The attack targeted the sites of the federal government directly, but also caused other sites that were hosted on the same network to go down, Dijkxhoorn said. Blog site Geenstijl.nl and telecom provider Telfort’s site were among those blocked in the attack.

A few of the sites on the network used DDoS-deflecting services from providers like Cloudflare, Dijkxhoorn noted. But unless all clients on a network are able to ward off a DDoS attack, there is a risk for other sites on that network, he said.

Geenstijl, for instance, uses Cloudflare, which will usually allow traffic to reach the site’s server when a DDoS attack targets the site. However, Geenstijl’s server can still become unreachable as a result of a DDoS attack aimed at other sites on the network that don’t have such protection, Dijkxhoorn said. The Dutch government did not use such external DDoS protection services, he said.

The DDoS attack consisted of mix of methods used alternately, according to Dijkxhoorn. Though Prolocation has experience with DDoS attacks, this was the first time they encountered this strategy, he said. He declined to provide more details about the attacks, since he has agreed with the NCSC not to do so until the investigation is finished.

The NCSC and Centric both declined to comment on details of the attack, pending the investigation.

Prolocation, however, has discussed the incident with engineers at Prolexic and Akamai, who say they have seen similar methods used in DDoS attacks in other places around the world.

Sites hosted on the same IP block can go down as collateral damage when one site is the focus of the attack, confirmed Akamai’s manager for Belgium, the Netherlands and Luxembourg, Hans Nipshagen. If the government sites had used external DDoS filtering services, the network might have stayed up, he said.

While it was difficult to tell from the outside the exact methods used against the government sites, the DDoS attack seems to have been large-scale, employing a vast amount of traffic, Nipshagen said. Some big DDoS attacks use multiple vectors to deliver large bandwidth-consuming packets at an extremely high rate of speed, swarming target sites, according to an Akamai report. These incidents have been fueled by the increased availability of attack toolkits with easy-to-use interfaces as well as a growing DDoS-for-hire criminal industry, Akamai said.


more...
No comment yet.