Maturing and Specializing: Incident Response Capabilities Needed

|

article image
Hackers used to break into a system, steal as much data as possible and get out, without worrying about detection. Today, however, they have learned to be patient, harvest more data, and cause significant security and financial effects. Because of this, organizations must detect and respond to incidents as quickly, efficiently and accurately as possible. The length of dwell time (the time from the attacker’s initial entry into an organization’s network to the time the intrusion is detected) correlates most closely to the total cost of a breach. The longer an attacker has unfettered access on a network, the more substantial the data loss, severity of customer data theft and subsequent regulatory penalties.

Spotlight

Smart Design

Smart Design is a developer of innovative color systems and training for the design industry. From color profiling to marketing to color training and certifications to sales training, we bring real solutions to the fast changing built environment.

OTHER ARTICLES

What Does It Take to Be a Cybersecurity Professional?

Article | August 30, 2021

While eating dinner at a Fourth of July cookout last weekend, my nephew described why he had so many career options as a pilot: There’s a shortage of pilots, and many existing pilots will be retiring soon. Other current pilots need to be retrained, because they fell behind in various ways during the pandemic. New people want to get into the field, but there are many hard requirements that can’t be faked, like flying hours, or unique experience on specific aircraft. There are many job openings and everyone is hiring. My response? Sounds a lot like our current cybersecurity career field. Professionals in cyber are seeing almost the exact same things. And yes, there are many, perhaps thousands, of articles on this topic saying different things. Everyone is focused on the shortages of cyber pros and the talent issues we currently face. But how hard is it to get into a cyber career for the long term? How can someone move into a fulfilling career that will last well beyond their current role? One reason I like the pilot training comparison is that becoming an excellent cyber pro takes time and commitment. If there are any “quick wins” (with minimal preparation or training) in cybersecurity careers, they probably won’t last very long — in the same way that flying large airplanes takes years of experience. After I got home that night, I saw this article from TechRepublic proclaiming “you don’t have to be a tech expert to become a cybersecurity pro.” Here’s an excerpt: “Ning Wang: I think that we’re in a pretty bad state. No matter which source you look at, there are a lot more job openings for cybersecurity than there are qualified people to fill it. And I have worked at other security companies before Offensive Security, and I know firsthand, it is really hard to hire those people. … “You may think that you have to have so much technology background to go into security. And again, I know firsthand that is not the case. What does it take to be a great cybersecurity professional? And I think from my observation and working with people and interacting with people, they need a creative mind, a curious mind, you have to be curious about things. … “And then even if you have all of that, there’s no shortcuts. If you look at all the great people in cybersecurity, just like all the other fields, that 10,000-hour rule applies here as well.” My response? I certainly agree that advanced degrees and formal certifications are not required (although they help). Still, the 10,000-hour rule and determination are must-haves to last in the long term. Here’s what I wrote for CSO Magazine a decade ago on the topic of “Are you a security professional?”: “Many experts and organizations define a security professional based upon whether or not they have a CISSP, CISM, Master’s Degree in Information Assurance or other credentials. Or, are you in an organization or business unit with 'security' in the title? While these characteristics certainly help, my definition is much broader than that. "Why? I have seen people come and go in the security area. For example: Adam Shostack started his career as a UNIX sysadmin. Likewise, you probably know people who started in security and left, or who still have a different job title but read blogs like this one because their job includes something less than 50% information security. (That is, they wear multiple hats). Others are assigned to a security function against their will or leave a security office despite their love for the field (when a too-tempting opportunity arises). Some come back, others never will.” WHY BECOME A CYBER PRO? This CompTIA article outlines some of the top jobs in cybersecurity, with average salaries: 1. Cybersecurity Analyst $95,000 2. Cybersecurity Consultant $91,000 3. Cyber Security Manager/Administrator $105,000 4. Software Developer/Engineer $110,140* 5. Systems Engineer $90,920 6. Network Engineer/Architect $83,510* 7. Vulnerability Analyst/Penetration Tester $103,000 8. Cyber Security Specialist/Technician $92,000 9. Incident Analyst/Responder $89,000 * Salaries marked with an asterisk (*) came from the U.S. Bureau of Labor Statistics. The article also walks through many of the steps regarding education, certifications and skills. Of course, there are many other great reasons to get into a cyber career beyond pay and benefits, including helping society, the fascinating changes that grow with new technology deployment, a huge need, the ability to work remotely (often), and the potential for a wide variety of relationships and global travel if desired. Becoming a CISO (or CSO) is another important role, with CISO salaries all over the map but averaging $173,740 according to Glassdoor. OTHER HELPFUL ARTICLES ON BECOMING A CYBER PRO Yes, I have written on this topic of cybersecurity careers many times over the past decade-plus. Here are a few of those articles: • “The case for taking a government cyber job: 7 recommendations to consider” • “Why Are Some Cybersecurity Professionals Not Finding Jobs?” • “Why You Should Consider a Career in Government Cyber Security” • “Play a Game - Get a Job: GCHQ’s New Tool to Recruit Cyber Talent” FINAL THOUGHTS Many people are now considering career changes as we come out of the COVID-19 pandemic. Cybersecurity is one of the hottest fields that has staying power for decades. At the same time, Bloomberg is reporting that U.S. job openings are at record levels. Also, Business Insider is offering a template to revamp your resume and get a remote job anywhere in the world. So even if the obstacles look daunting, a career in cybersecurity may be just the long-term change you are looking for. Article Orginal Source: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/what-does-it-take-to-be-a-cybersecurity-professional

Read More

Cybersecurity Product Marketing Strategy

Article | August 30, 2021

People dealing in cybersecurity knows that it is a challenging market. A specifically designed business model is not there in cybersecurity on which you can market products and services. Over the past years, the B2B Cyber Security industry has witnessed immense growth and will continue in the future. The growth can be attributed to many aspects, including growing instances of cybercrime and the emergence of interconnected devices in the IoT revolution. New security solutions are coming into the market every day. As a result, the demand for B2B digital marketersis also on the rise to keep with the unexpected growth in products, services, and competitors. To stand out from the competition, you need a sound cybersecurity product marketing strategy leveraging all digital channels. You have to focus on various productive marketing tactics to reach, engage, and nurture all your potential clients as an ongoing process with all the relevant information about business and products. For example, the B2B cloud-security service provider,IBM Security, uses paid ad campaigns and webinars, which are excellent cybersecurity product marketing strategies. They could maketheir expertise and solutions stand out from the rest of the crowd with this excellent strategy. Reading further will give you insights on how to market your cybersecurity products effectively to generate leads and boost profit. Make your Marketing Effective with Unique Content To demonstrate the effectiveness of your solutions and the significance of your cybersecurity, your company should ensure your content has real-world examples. This will make your content more influential. Apart from being data-driven and comprehensive, your content also should be unique. Credibility can be surly built up by revamping your content strategy. You can create educational content that clearly shows how your product can help solve a real-life cybersecurity attack. Then, you may back it up with independent industry reviews,case studies, etc. Instead of reusing the same content, experiment with new content that describes and solves different cyber threats and relates it with your products and solutions. The following types of content can be a practical part of your cybersecurity product marketing strategyat different points in the buyer’s journey: Blogs In every stage of the cybersecurity buyer’s journey, blogs are great for attracting prospects. Developing some evergreen and universally relevant content will be highly useful. Describing topics about cybersecurity in your blogs, such as phishing, DNS encryption, will be a great thing for clients who have just started their research and want to learn more, starting from basics. Case Studies As CNI says, the mostcritical tactic for B2B companies iscase studies. These are exemplary and the best to engage leads who are already aware of their problems and know what solutions can solve them. Videos According to HubSpot, at least once a week, 75% of executives watch work-related videos on business websites. Additionally, 59% of executives prefer watching a video over reading text. So, it’s the best strategy to include videos in your cybersecurity product marketing efforts. Explanatory videos will work the best to tell your potential cybersecurity product clients what your cybersecurity offerings are and why they could be the most valuable solution for their situations. Additionally, when you’re trying to target C-level executives, this can be a beneficial tactic. This is because they need more education regarding this. You may also utilize various statistics on cyber-attacks, loss due to cyber-attacks, recovery expenses, and the value of cybersecurity solutions. Additionally, again, providing practical and real-life examples in your video will help you make the statistics more relevant and inject a sense of urgency into the minds of your potential clients. Effective Email Marketing Strategy Education and awareness are significant barriers to selling your solutions. Due to these barriers, it can often take a reasonable amount of time for a potential lead to reach the point where they can contact a B2B sales representative or request a demo. Meanwhile, it is your time to have a tactic to nurture these leads to move them to the next level of the sales funnel. It can be an effective email marketing strategy. It is a strategic and effective way to connectto those potential leads who have not decided to purchase your products. However, with many emails in your potential client's inboxes, they may unsubscribe or delete your email if they don’t find your email content valuable and worthwhile. So make sure to analyze often and monitor your email marketing campaigns. Content, subject lines, images, and copy in your email should be practical and attractive regarding open and click-through rates. Flooding your prospects’ inbox with emails about various cyber threats they face may result in losing their interest in your emails as they may have desensitization towards your emails. Staying connected with your prospects through email marketing is an effective cybersecurityproduct marketing strategy. First, however, be mindful of how many emails you are sending to your prospects. Interactive Sessions The tremendous interactive session you can have online today with your potential client is webinars. It is an excellent way for you in the cybersecurity domain to connect with your potential leads. The interactive element is a vital part of a webinar. Q&A session at the end of each webinar makes it more interactive where the participants can ask you questions and raise queries about the topic and your services. Accumulating all those questions asked by the attendees can be an excellent starting point for creating new content to address your audience's challenges. These attendees now are interested in learning more about your products and services and the threats it protects against. They also might have engaged in some research. This means they will do further in-depth research and be more engaged with your presentation topics. Thus, it is a valuable opportunity to demonstrate other helpful content or have a CTA for demo sign-ups. You can respond to the queries of the participants in a follow-up, even if your webinar is a pre-recorded one. This effective cybersecurity product marketing tactic will help you accumulate many potential clients and take them to the next stage of the salesfunnel. Paid Campaigns Two significant goals can be accomplished through B2B paid campaigns: • They help you get prospects to arrive at your demo request landing page • They amplify your content marketing efforts Content marketing amplification is possible through paid campaigns. Most cybersecurity marketers think that you do not mix inbound marketing and paid campaigns. But the truth is when you combine both, you end up with a very effective and powerful campaign. Once you start a paid campaign with your content, you will notice more excellent and quick results and get the best out of your developed content. Getting prospects to request a demo is a major goal for any B2B cybersecurity marketer. Cybersecuirty paid marketing campaigns, as a successful cybersecurity product marketing strategy, help the marketer to accelerate the process. Summing up The cybersecurity landscape has recently undergone many changes. Over the next five years, global demand for cybersecurity products and solutions will reach $167.7 billion. So, it calls for a remodeling of your cybersecurity product marketing strategynow more than ever to target and attracts more prospects to your business. Frequently asked questions How to start with cybersecurity marketing? The best way to start your cybersecurity marketing is by educating your prospects about the potential cyber threats they may face in their business. In addition, you can educate them about the latest news in the industry regarding cybersecurity. Why is cybersecurity essential for marketers? Neglecting cybersecurity or taking it for granted may cause privacy risks for you and your clients. In addition, cyber threats can be detrimental for businesses. How can marketing help to improve cybersecurity products? While marketing, you may understand the quality of your product, competing with your counterparts in the market. Also, you may get feedback from potential customers. It calls for the necessity of product improvement. { "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [{ "@type": "Question", "name": "How to start with cybersecurity marketing?", "acceptedAnswer": { "@type": "Answer", "text": "The best way to start your cybersecurity marketing is by educating your prospects about the potential cyber threats they may face in their business. In addition, you can educate them about the latest news in the industry regarding cybersecurity." } },{ "@type": "Question", "name": "Why is cybersecurity essential for marketers?", "acceptedAnswer": { "@type": "Answer", "text": "Neglecting cybersecurity or taking it for granted may cause privacy risks for you and your clients. In addition, cyber threats can be detrimental for businesses." } },{ "@type": "Question", "name": "How can marketing help to improve cybersecurity products?", "acceptedAnswer": { "@type": "Answer", "text": "While marketing, you may understand the quality of your product, competing with your counterparts in the market. Also, you may get feedback from potential customers. It calls for the necessity of product improvement." } }] }

Read More

Malicious coronavirus map hides AZORult info-stealing malware

Article | August 30, 2021

Cyberattackers continue to seize on the dire need for information surrounding the novel coronavirus. In one of the latest examples, adversaries have created a weaponized coronavirus map app that infects victims with a variant of the information-stealing AZORult malware. The malicious online map, found at www.Corona-Virus-Map[.]com, appears very polished and convincing, showing an image of the world that depicts viral outbreaks with red dots of various sizes, depending on the number of infections. The map appears to offer a tally of confirmed cases, total deaths and total recoveries, by country, and cites Johns Hopkins University’s Center for Systems Science and Engineering as its supposed data source. Malwarebytes issued a warning about the map last week, and Reason Cybersecurity this week has followed up with its own blog post, reporting additional details on the scam, gathered by Reason Labs researcher Shai Alfasi.

Read More

DOCUMENT PROOFREADING AND EDITING SERVICES FOR YOUR CYBERSECURITY POLICY

Article | August 30, 2021

Recent data breaches, ransomware, and malware trends have increased the need to protect customer privacy. Regardless of company size or industry, you need a cybersecurity policy to ensure cybersecurity best practices in your organization. A cybersecurity policy contains preventive measures that protect your network from cybercriminals. To ensure that your cybersecurity policy is easy to read, understand, and implement, you need cybersecurity policy document proofreading and editing services. Your cybersecurity policy spells out cybersecurity dos and don’ts drafted from industry and state regulations that your employees should follow. It states the instructions your employees should follow to prevent cyberattacks and how they should react when they notice a network security breach. This protects data, promotes customer privacy, and prevents cyber-attacks. In this article, we spell out why you need cybersecurity proofreading and editing services.

Read More

Spotlight

Smart Design

Smart Design is a developer of innovative color systems and training for the design industry. From color profiling to marketing to color training and certifications to sales training, we bring real solutions to the fast changing built environment.

Events