Article | August 30, 2021
As we emerge from the worst pandemic in a century, many public- and private-sector employees and employers are reassessing their options within technology and cybersecurity roles.
Are boom times coming soon for tech companies, cybersecurity professionals and others?
Marketplace.org recently posted the headline, “Are we headed for a Roaring ’20s economy?”
Here’s an excerpt: “A year ago, when most of the country was under stay-at-home orders and people were losing jobs at an unprecedented rate, we asked three people who study economic history to explain whether the recession on the horizon was going to look anything like the Great Depression.
“With the vaccine rollout well underway, weekly unemployment claims at their lowest level since the pandemic began and consumer confidence rising, we’ve asked them about a different historical comparison: the 1920s.”
Meanwhile, NBC News reported “There are now more jobs available than before the pandemic. So why aren't people signing up?”
Here’s a quote from that piece: “The number of job vacancies soared to nearly 15 million by mid-March, but discouraged, hesitant and fearful job seekers means many positions are still unfilled, according to new data from online job site ZipRecruiter.
“Online job postings plunged from 10 million before the start of the pandemic last year to just below 6 million last May, as lockdowns and shutdown orders forced businesses to close their doors and reduce or lay off workers.”
Meanwhile, according to KPMG in the U.K., tech’s job market is growing at the fastest pace in two years. “The move towards new remote and hybrid working arrangements, new spending priorities for businesses around IT infrastructure, automation and the huge shift to online retail are likely to provide a long-term boost to sales and investment in the tech sector,” said KPMG’s chair Bina Mehta.
One more — thecyberwire.com just reported that the skills gap is getting wider regarding cybersecurity jobs: “The cybersecurity industry is projected to triple year-over-year through 2022, yet the workforce shortage still stands at millions worldwide. With a 273 percent increase in large-scale data breaches in the first quarter of 2020 alone, employing more cybersecurity professionals is a pressing challenge for both companies looking to hire in-house and cybersecurity agencies alike.
“According to the International Information System Security Certification Consortium, there are now more than 4.07 million unfilled cybersecurity positions across the world. Despite high entry salaries, recession-proof job security and plentiful career opportunities, there are simply not enough trained cybersecurity professionals to fill the skills gap.”
BAD TREND — AND EVEN SOME UGLY MIXED IN
I recently posted a story from the Atlanta Journal-Constitution on LinkedIn entitled “Employers are hiring again but struggling to find workers.” Here’s an excerpt: “Chris New said he has turned down $250,000 in business because he just can’t hire enough laborers and drivers at his Carrollton-based company, Barnes Van Lines.
“There are plenty of people without jobs, but unemployment benefits give them too much incentive not to work, he said. ‘We advertise and nobody comes in looking for a job. A lot of people are taking advantage of the system. It’s really killing us.’”
Although the focus on this article was not technology or cybersecurity jobs, many of the comments were tech- and cyber-related.
Marlin Brandys: So how do they explain people like me with a B.S. in networking and cybersecurity and an NCSP both from 2020 and I can’t even get an interview for a tier 1 help desk job? All these posts and stories from corporate America, universities, government agencies selling the bogus skills gap and shortage story. This platform alone has 1,000s of cyber qualified people able and willing to work in entry level positions at entry level pay and benefits. Stop the madness already. I applied for unemployment 01/08/2021. It’s now 04/19/2021 and I haven’t seen a dime of unemployment compensation. I’ll gladly take an entry-level position in cyber.
Quinn Kuzmich: Marlin Brandys - Honestly one of the unspoken truths of the security industry is age discrimination. Sad but true.
Dave Howe: Quinn Kuzmich - broadly true across all of IT though. They stand around demanding someone "do something" about the "skills shortage" but exclude 90% of candidates based on an arbitrary checklist, and 75% more based on illegal age, sex or race discrimination, disguised as "culture fit"
Joseph Crouse: Marlin Brandys you're overqualified.
Marlin Brandys: Joseph Crouse, I wish I could believe that. For some types of positions in the teaching or instructing silo maybe, for entry level information security I do not believe so.
Dave Howe: Marlin Brandys - it's difficult to tell. I have seen "entry level" roles demand a CISSP and CEH.
Gregory Wilson: 300+ applications and 4 interviews... No job yet... Overqualified, not enough experience, ghosted.... REALITY — I'm over 60 and nobody will hire me... All the BS aside, there are lots of people ready to work... Pay them what they're worth!
Dave Howe: I think there is a bigger picture. Welfare shouldn't be so generous as to encourage people to stay on it, but equally, it shouldn't be so stingy as to cause people to struggle to stay afloat (meet rent, put food on the table, however basic, keep the power on) — there is need for balance. Equally though, an entry -evel role where a worker is willing to put in a nominal 40 hours at a routine, boring but not dangerous or unpleasant job should pay sufficient after expenses so as to be able to afford some luxuries above and beyond what welfare provides — if you are no better off, then that job is underpriced and needs either automation to improve output so as to make paying more a better proposition, or automating entirely and the job eliminated. If the job is dangerous, distasteful or involves unsociable hours, then that should be reflected in the pay, above and beyond what a "basic" job should provide. The answer should never be "we need to cut welfare so that they will take my crappy, low paid job out of desperation, because adding automation means upfront costs and I don't want to pay any more"
You can join in on that LinkedIn conversation here:
This Forbes article offers some interesting perspectives on how both employers and employees can succeed in the coming post-COVID cybersecurity world, while offering a new model for our future workforce:
“Cybersecurity is a striking example of where the supply-demand gap for personnel is particularly volatile, with companies routinely lacking both the technology and available human capital needed to integrate relevant, highly skilled workers at the same speed as their unprecedented digital transformation. When the COVID-19 pandemic forcibly distributed security teams, organizations were given a new perspective as to how remote teams can de-risk innovation. Now, many are moving to industrialize the 'new normal' of cybersecurity with greater efficiencies across their internal programs and the software development life cycle by seamlessly integrating expert security talent on-demand.”
While this coming boom may not be good news for state and local governments who struggle to compete with the private sector for the most talented tech and cyber staff, there are new options opening up for public-sector employees as well.
This research finds that many retirees want to come back and work 10 to 20 hours a week, especially if they can work remotely.
Many groups are training workers for the post-pandemic job market.
I also have spoken with CISOs and other technology leaders in both the public and private sectors who are much more open to hiring out-of-state workers, even though they would never have allowed that before the pandemic.
And finally, what about those who can’t find work, despite the supposed “boom times” that are coming? Last year, I wrote this blog describing why some skilled cyber pros are still not getting jobs. Here are just a handful of the reasons I listed there:
People are living or looking in the wrong places. They want a local job and do not want to move. (Note: More remote hiring is happening now with COVID-19, but it is still unclear if many of these jobs will go “back to the office” after the pandemic. This leads to hesitancy in taking a job in another part of the country.)
Insistence on remote work. While this is easier during the pandemic, some people want 100 percent remote without travel, which can limit options. Also, some hiring managers are not clear if remote jobs will last after the pandemic restrictions are lifted, so they want to hire locally.
Company discrimination due to older worker applicants. Yes, I agree with my colleagues that this is alive and well in 2020. Other forms of discrimination exist as well, such as race and gender.
Lack of professional networking — especially true during COVID-19. They don’t have personal connections and have a hard time meeting the right people who are hiring or can help them find the right job.
Attitude, character, work ethic, humility, etc. I have written several blogs just on this topic, but some people never get the job because they come across in interviews as entitled or too angry or having a bad attitude. They scare off hiring managers. For more on this topic, see “7 reasons security pros fail (and what to do about it)” and “Problem #3 for Security Professionals: Not Enough Humble Pie” and “Problem 5: Are You An Insider Threat?”
Putting this all together, I love my brother Steve’s perspective on individual career opportunities and selling your ideas (and yourself) to those both inside and outside your organization: “It’s all about the right product at the right place at the right time at the right price — with the right person delivering the message to the right decision-maker.”
During a recent vacation to northern Arizona, I found myself working in a coffee shop surrounded by several men and women that were supporting global companies with technology projects. Conversations were all over the map regarding application enhancements and complex deliverables for some industry-leading names.
I was frankly a bit shocked that all of this work was being run out of a coffee shop — with a few video conference calls to people’s homes. The “new normal” of global workforces became more of a reality to me, and I see this trend accelerating even after the pandemic.
Article Orginal Source:
Article | August 30, 2021
As the coronavirus pandemic continues to sweep the globe, and cities and states impose social-distancing measures, businesses are sending their users home to work. And this massive, unprecedented shift to distance working brings with it a whole new set of cybersecurity challenges. For instance, a lack of IT resources can bite many organizations as they move to enable remote strategies. And when workers and students are sent outside the normal perimeter, managing device sprawl, and patching and securing hundreds of thousands of endpoints, becomes a much a bigger challenge. Threatpost editors wanted to learn more about challenges and best practices from the IT and security professionals on the front lines of this. Please take a few minutes to take the Threatpost poll. The answers will be collected the results will be published in an article later this week.
Article | August 30, 2021
The UK’s National Cyber Security Centre (NCSC) has updated its guidance to organisations on how to mitigate the impact of malware and ransomware attacks, retiring its standalone ransomware guidance and amalgamating the two in a bid to improve clarity and ease confusion among business and consumer users alike. The NCSC said that having two different pieces of guidance had caused some issues as a lot of the content relating to ransomware was essentially identical, while the malware guidance was a little more up-to-date and relevant. The service said the changes reflect to some extent how members of the public understand cyber security. For example, it implies a distinction between malware and ransomware even though technically speaking, ransomware is merely a type of malware. “Not everyone who visits our website knows that. Furthermore, they might well search for the term ‘ransomware’ (rather than ‘malware’) when they’re in the grip of a live ransomware incident,” said a spokesperson.
Article | August 30, 2021
Social media has become an integral part of business promotion, especially to build brand image and maintain brand reputation. Small businesses to large corporations are active on various social media platforms to interact with their target audience daily. Moreover, the onset of the Pandemic has compelled businesses to rely more on these platforms to connect with their world of customers. This has skyrocketed the amount of information businesses, and customers share on social media. As a result, social media security threats have increased. Hackers are looking for a chance to get into accounts, steal personal and business information, and use it for various gains.
Publically accessible social media information is vulnerable to cyber-attacks from cybercriminals. To communicate with customers directly, corporations today operate multiple social media channels. However, cybersecurity measures have to be ensured within the organizations while accessing the channels to increase security. The commonly used safety models, such as the Least-Privileged Administrative model, can be applied in organizations to ensure security. In addition, social media access to employees should be minimized.
Taking necessary steps to increase social media security in organizations will help in avoiding deliberate sabotage. However, taking no care in this matter may jeopardize your business, as your company's platforms will be vulnerable to malpractices and attacks by cybercriminals.
These factors make social media security vital than ever before. Let us look into some social media security threats and mitigate them through adequate cybersecurity best practices.
Social Media Security Threats
Even if you ensure a hundred percentages of security for your social media channels, hackers can quickly get into your account through vulnerable third-party apps. International Olympics Committee and FC Barcelona were victims of it. Twitter accounts of these organizations were hacked through vulnerabilities of connected third-party apps. You cannot foresee how dangerous the third-party apps you use are.
Cyber adversaries trick their targets into installing malware to systems and start to control and monitor it. This way, they get sensitive information.
Phishing scams can quickly get into your social media security walls. Phishing scams make employees of organizations hand over information to frauds unknowingly. These can be private information such as passwords, bank details, etc.
Organizations are likely to use some accounts for some time and ignore them after a while. Cyber hackers are targeting these accounts, as they know no one is watching them. Even without hacking, they can post fraudulent messages on those accounts. They use an imposter account for it. They even can send malicious links from these unattended accounts to your followers. Therefore, these unmonitored accounts are a huge threat to your social media security.
Social Media Security Tips
Above mentioned are some of the social media security threats that corporations face while handling social media pages to interact with tier customers. However, following a social media strategy with stringent social media security best practices can save your company from these frauds and criminals. Cybersecurity products are also available to secure your online activities and business.
Social Media Policy
All organizations should have an effective social media strategy with a social media security policy for employees, especially those handling the profiles. The guidelines in this policy will make your social media executives handle the accounts safely. Additionally, it will save you from various vulnerabilities that make criminals break into your social media security walls.
Social Media Security Audit
Due to the technology improving every second, new vulnerabilities, threats, and new hacking tactics emerge. In addition, criminals are also coming up with new viruses, strategies, and scams to hack social media accounts. Thus, it is always good to audit the social media security measures implemented in your company. The audit should be done often, such as quarterly or semi-quarterly. This will ensure that your social media security measures are strong enough to fight new-age hackers.
Strong passwords alone can fight any social media security breaches and cybersecurity threats. Therefore, you have to ensure that you have a strong password for each of your accounts. Your employees should be educated regarding what constitutes a strong password. In addition, it is a good practice to change your password often.
According to privacy advocate of Comparitech, Paul Bischoff, two-way authentication is the best way to keep all your social media accounts secure.
Whenever an employee logs in from a new device, they are required to input a PIN sent to the account owner via an app, SMS, or email. This not only protects you from stolen passwords but can ensure that whoever is in charge of the accounts is present when logging in on new devices.
Although some social media channels provide this facility, it is better to enable it for all your accounts with all the channels to ensure social media security.
Social media is an integral part of business today. Companies need it to interact with customers to build brand image. However, social media security is a concern as technology is improving every second. Criminals are upgrading themselves with new tactics and techniques to hack accounts. Therefore, it is vital to follow and ensure stringent social media security best practices for your accounts to confirm your business's safety, avoiding going sensitive information to the wrong hands.
Frequently Asked Questions
Are social media channels safe for businesses?
Social media is an integral part of marketing today. Therefore, it has to be handled with utmost care and vigilance. It will harm your business if you do not adhere to essential social media security measures, as hackers can get into your accounts quickly.
What are some of the social media threats for businesses?
There are many social media threats for businesses. Some are unmonitored social media accounts, imposter accounts, vulnerable third-party apps, human error, and phishing attacks and scams.
"name": "Are social media channels safe for businesses?",
"text": "Social media is an integral part of marketing today. Therefore, it has to be handled with utmost care and vigilance. It will harm your business if you do not adhere to essential social media security measures, as hackers can get into your accounts quickly."
"name": "What are some of the social media threats for businesses?",
"text": "There are many social media threats for businesses. Some are unmonitored social media accounts, imposter accounts, vulnerable third-party apps, human error, and phishing attacks and scams."