Eliminating Blind Spots: A New Paradigm of Monitoring and Response

DAVE SHACKLEFORD |

article image
"Whether by tethered or mobile device, widespread access to the web, social media and applications continues to expose businesses to new risks and creates an ever-larger attack surface. Meanwhile, attackers are getting more sophisticated, their exploits persist longer and IT security response is being stretched beyond current capabilities. According to the most recent Verizon 2015 Data Breach Investigations report, attackers are able to compromise an organization in minutes in 60 percent of cases. The report also found that half of exploited vulnerabilities were seen within just one month of the vulnerability’s publication. It is clear that attackers are moving faster than ever, and security teams are not able to keep pace."

Spotlight

IT Solutions Consulting, Inc.

IT Solutions is an employee-owned, full-service IT company, providing network management and support as well as custom application and web development services to clients across the Greater Philadelphia and Mid-Atlantic regions for more than 20 years. At ITS, we take a different approach than most IT companies. Every employee doesn’t just act like an owner, every employee IS an owner with actual stock in the business through our Employee Stock Ownership Plan (ESOP).

OTHER ARTICLES

How much do behavioural biometrics improve cyber security?

Article | February 19, 2020

Experts often consider biometrics security the next big thing in cyber security. It encompasses a broad category that includes verifying a person's fingerprint, iris, gait and other factors that should be unique to the person checked. However, various tests proved that some biometric-based security has substantial room for improvement For example, researchers have hacked into smartphones that have fingerprint scanners by pressing the print of the rightful owner into a piece of Play-Doh and holding that impression against the reader. What those results indicate is that people should not assume that biometrics options are a foolproof choice for cyber security needs.

Read More

What Does It Take to Be a Cybersecurity Professional?

Article | February 19, 2020

While eating dinner at a Fourth of July cookout last weekend, my nephew described why he had so many career options as a pilot: There’s a shortage of pilots, and many existing pilots will be retiring soon. Other current pilots need to be retrained, because they fell behind in various ways during the pandemic. New people want to get into the field, but there are many hard requirements that can’t be faked, like flying hours, or unique experience on specific aircraft. There are many job openings and everyone is hiring. My response? Sounds a lot like our current cybersecurity career field. Professionals in cyber are seeing almost the exact same things. And yes, there are many, perhaps thousands, of articles on this topic saying different things. Everyone is focused on the shortages of cyber pros and the talent issues we currently face. But how hard is it to get into a cyber career for the long term? How can someone move into a fulfilling career that will last well beyond their current role? One reason I like the pilot training comparison is that becoming an excellent cyber pro takes time and commitment. If there are any “quick wins” (with minimal preparation or training) in cybersecurity careers, they probably won’t last very long — in the same way that flying large airplanes takes years of experience. After I got home that night, I saw this article from TechRepublic proclaiming “you don’t have to be a tech expert to become a cybersecurity pro.” Here’s an excerpt: “Ning Wang: I think that we’re in a pretty bad state. No matter which source you look at, there are a lot more job openings for cybersecurity than there are qualified people to fill it. And I have worked at other security companies before Offensive Security, and I know firsthand, it is really hard to hire those people. … “You may think that you have to have so much technology background to go into security. And again, I know firsthand that is not the case. What does it take to be a great cybersecurity professional? And I think from my observation and working with people and interacting with people, they need a creative mind, a curious mind, you have to be curious about things. … “And then even if you have all of that, there’s no shortcuts. If you look at all the great people in cybersecurity, just like all the other fields, that 10,000-hour rule applies here as well.” My response? I certainly agree that advanced degrees and formal certifications are not required (although they help). Still, the 10,000-hour rule and determination are must-haves to last in the long term. Here’s what I wrote for CSO Magazine a decade ago on the topic of “Are you a security professional?”: “Many experts and organizations define a security professional based upon whether or not they have a CISSP, CISM, Master’s Degree in Information Assurance or other credentials. Or, are you in an organization or business unit with 'security' in the title? While these characteristics certainly help, my definition is much broader than that. "Why? I have seen people come and go in the security area. For example: Adam Shostack started his career as a UNIX sysadmin. Likewise, you probably know people who started in security and left, or who still have a different job title but read blogs like this one because their job includes something less than 50% information security. (That is, they wear multiple hats). Others are assigned to a security function against their will or leave a security office despite their love for the field (when a too-tempting opportunity arises). Some come back, others never will.” WHY BECOME A CYBER PRO? This CompTIA article outlines some of the top jobs in cybersecurity, with average salaries: 1. Cybersecurity Analyst $95,000 2. Cybersecurity Consultant $91,000 3. Cyber Security Manager/Administrator $105,000 4. Software Developer/Engineer $110,140* 5. Systems Engineer $90,920 6. Network Engineer/Architect $83,510* 7. Vulnerability Analyst/Penetration Tester $103,000 8. Cyber Security Specialist/Technician $92,000 9. Incident Analyst/Responder $89,000 * Salaries marked with an asterisk (*) came from the U.S. Bureau of Labor Statistics. The article also walks through many of the steps regarding education, certifications and skills. Of course, there are many other great reasons to get into a cyber career beyond pay and benefits, including helping society, the fascinating changes that grow with new technology deployment, a huge need, the ability to work remotely (often), and the potential for a wide variety of relationships and global travel if desired. Becoming a CISO (or CSO) is another important role, with CISO salaries all over the map but averaging $173,740 according to Glassdoor. OTHER HELPFUL ARTICLES ON BECOMING A CYBER PRO Yes, I have written on this topic of cybersecurity careers many times over the past decade-plus. Here are a few of those articles: • “The case for taking a government cyber job: 7 recommendations to consider” • “Why Are Some Cybersecurity Professionals Not Finding Jobs?” • “Why You Should Consider a Career in Government Cyber Security” • “Play a Game - Get a Job: GCHQ’s New Tool to Recruit Cyber Talent” FINAL THOUGHTS Many people are now considering career changes as we come out of the COVID-19 pandemic. Cybersecurity is one of the hottest fields that has staying power for decades. At the same time, Bloomberg is reporting that U.S. job openings are at record levels. Also, Business Insider is offering a template to revamp your resume and get a remote job anywhere in the world. So even if the obstacles look daunting, a career in cybersecurity may be just the long-term change you are looking for. Article Orginal Source: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/what-does-it-take-to-be-a-cybersecurity-professional

Read More

Cybersecurity Must Be Embedded in Every Aspect of Government Technology

Article | February 19, 2020

Cybersecurity has never been more important for every level of our government. The hacking attempts at major federal agencies have raised the profile of nefarious actors who use their highly advanced cyber skills to exploit both security and the vulnerabilities created by human error. Just last month, the Department of Defense confirmed that computer systems controlled by the Defense Information Systems Agency had been hacked, exposing the personal data of about 200,000 people. Additionally, the Department of Justice recently charged four members of the Chinese military for their roles in the 2017 Equifax breach that exposed the information of 145 million Americans. The hackers were accused of exploiting software vulnerability to gain access to Equifax’s computers. They are charged with obtaining log-in credentials that they used to navigate databases and review records.

Read More

Cybersecurity Marketing Tips for 2022

Article | February 19, 2020

Cybersecurity is growing as a market, and it has exploded since the pandemic started. This is because the companies incorporated remote work culture like never before. As a result, cyber threats and challenges are increasing. Cyber threats can jeopardize any business. Thus, the demand for cybersecurity products is increasing. However, the providers struggle to meet the increasing demand for cybersecurity services, and the competition is high. Whatever your business, effective marketing makes you stand out from the crowd. As technology has transformed, various online platforms are being used for effective marketing of all the products. As a result, most leads and sales are coming through online channels today regardless of your business. Thus, having an effective online marketing strategy defines the future of you and your business. So is in the case of cybersecurity products and marketing. Therefore, you should have a clear-cut cybersecurity digital marketing strategy to stand out from the crowd and reach your target audience at the right time with the right message. Are you a cybersecurity software service provider? Are you struggling with cybersecurity marketing? Read further to know the possible challenges of cybersecurity marketing and how to overcome them proactively. Cybersecurity Marketing- Challenges Like every other business, cybersecurity marketing, too, face many challenges. This is because the technology has developed and the competition is high. In addition, educating potential customers about the need for cybersecurity and its effectiveness is a tiresome job. Some of the significant challenges faced by cybersecurity marketers can be the following: Educating Potential Clients Most business people are not aware of the need for cybersecurity today. This is because they are ignorant of it. They will only know its importance when their business is jeopadized due to malware or an incident of phishing. Thus, intense, informative, convincing, and educational content creation is another challenging part of cybersecurity digital marketing. Building Trust, Credibility, and Trustworthiness Trust and credibility matter. Whatever cybersecurity products they use, the cybersecurity professionals know that no cybersecurity software is a hundred percentages safe. Therefore, it is a challenge to stand out from the crowd and get the trust of your potential clients as many vendors are claiming they have the best product in the world. Due to these reasons, building up trust, credibility, and trustworthiness is a hard job for cybersecurity marketers. Finding and Reaching out to your Real Target Audience ‘One-size-fits-all’ policy does not work with cybersecurity businesses. Your product can be applied to particular clients only. Thus, advertising it for the benefit of all is a foolish thing to do in cybersecurity marketing. All cybersecurity professionals know it. Therefore, finding the specific target audience for your product is a challenge. However, having a proactive cybersecurity marketing strategy and knowing the dos and don’ts will undoubtedly make you stand out from the crowd. In addition, it would enable you to build brand image and sell your products to your actual target audience, who need your products to run their business smoothly. Cybersecurity Marketing- Tips for 2022 Even if you have all the facilities and tools, cybersecurity product marketing is not that easy. Your success lies where you proactively solve the challenges you face in your marketing process. Let us look into some of the ways and tips to overcome the challenges you may face in the cybersecurity marketing process. Cybersecurity Customer Testimonials Nothing matters much more than credibility, trustworthiness, and reliability in the cybersecurity business. Customer experiences and feedback have much value in any business. Customers always want to hear from their fellow customers. Thus, testimonials are crucial in any marketing strategy. You can make use of testimonials in any form, such as written, videos, or podcasts. You can use these testimonials from your clients as a great resource to display the value of your products. So, get feedback from your clients tactically and even make case studies explaining how your product solved a specific issue faced by one of your clients. In most cases, customers may not be ready to provide their feedback for public use due to fear of a breach. In that case, you may have to find out creative ways to showcase customers' success stories and feedback without naming the names. Include Interactive Elements The modern audience needs interactive sessions and inspiring experiences everywhere. They hate the old school of marketing. Therefore, it is time to shift to virtual tradeshows and webinars. Breaking the traditional rules of marketing and digitally engaging the audience is the need of the hour. According to Matthew Fisch, a cybersecurity consultant, and SVP sales, If I want to sell into the banking or financial vertical, for example, I find events that they all go to, and I get to know them, listen to them, and then build a real relationship. “Then, when the topic of security comes up, I act as an advisor to help them build business solutions, whether it is with my company or recommending products and services that I am familiar with from being immersed in the industry. This builds trust, and you can bet when they are ready to buy, I’m on their shortlist. Apart from webinars and virtual tradeshows, you can also have polls, surveys, games, and breakout sessions as part of your cybersecurity marketing process. Again, this will capture your audience's attention, and you get an excellent opportunity to learn more about those attendees. Avoid False Information Remember, as a B2B Cybersecurity marketing professional, you are dealing with cyber professionals. Thus, focus on fact-based marketing. It is very critical that all your content should be fact-based and accurate. Why? Cyber professionals are aware that bad actors cleverly use misinformation to lure people to get personal information. Therefore, if your collaterals and brand messaging are not accurate, they may think you are one among them. It affects all your efforts and ends up in gathering a total negative brand image. Summing up Along with these, you may have to focus on many other things to be noticed by your targeted audience. However, the tips mentioned above will surely get you clients and build brand image by solving many of the cybersecurity marketing challenges faced by marketers today. Frequently Asked Questions What are the major cybersecurity marketing challenges Cybersecurity marketing faces many challenges today. Some of them can be educating the clients regarding the necessity of cybersecurity, generating relevant content, and reaching out to a specific audience. What are the effective cybersecurity marketing tactics Cybersecurity marketers can have unique marketing techniques according to their line products and the nature of the audience. However, webinars, email marketing, content marketing, and social media marketing will quickly help you reach out to your customer. { "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [{ "@type": "Question", "name": "What are the major cyber security marketing challenges", "acceptedAnswer": { "@type": "Answer", "text": "Cyber security marketing faces many challenges today. Some of them can be educating the clients regarding the necessity of cyber security, generating relevant content, and reaching out to a specific audience." } },{ "@type": "Question", "name": "What are the effective cyber security marketing tactics", "acceptedAnswer": { "@type": "Answer", "text": "Cyber security marketers can have unique marketing techniques according to their line products and the nature of the audience. However, webinars, email marketing, content marketing, and social media marketing will quickly help you reach out to your customer." } }] }

Read More

Spotlight

IT Solutions Consulting, Inc.

IT Solutions is an employee-owned, full-service IT company, providing network management and support as well as custom application and web development services to clients across the Greater Philadelphia and Mid-Atlantic regions for more than 20 years. At ITS, we take a different approach than most IT companies. Every employee doesn’t just act like an owner, every employee IS an owner with actual stock in the business through our Employee Stock Ownership Plan (ESOP).

Events