Cybersecurity Isn’t Generational: Why Millennials May Not Be the Tech Hope of the Future

Of all the assumptions made and beliefs held about millennials, one of the most common is that they’re uniquely tech-savvy. After all, this is the first generation to grow up being exposed first to the advent of computers and the Internet, and now to smartphones, tablets and always-on connectivity. So it’s no surprise that governments have been banking on these digital natives, who practically eat, sleep and breathe technology, to become their cybersecurity saviors. Who better than the first 24/7 tech generation to demonstrate a keen understanding of the current threat landscape and the technical skills necessary to implement the best defense-in-depth measures to counter those threats? Unfortunately, that may be little more than a pipedream, if a new survey is any indication. That report, “Securing our Future: Closing the Cybersecurity Talent Gap,” released by the National Cyber Security Alliance and Raytheon, identified a significant cybersecurity awareness gap among millennials worldwide – specifically, respondents between the ages of 18 and 26, hailing from countries like the U.S., U.K., Germany, France and Japan. Despite the presumption that millennials would be naturally more predisposed to grasping and deploying best practices for cybersecurity, as well as pursuing cyber careers to do so, many of them sound alarmingly out of touch. Here are just a few of that survey’s findings: Close to 80 percent had neither spoken with a cybersecurity professional before or weren’t sure if they had done so 69 percent felt that their high school computer classes hadn’t prepared them for a cyber career 67 percent said they hadn’t heard about any cyberattacks in the news over the past year Two-thirds...

The Lessons of Cybersecurity Awareness Month and What to Expect in the Year Ahead

For 11 years now, the U.S. government has recognized October as Cybersecurity Awareness Month. While the original goal may have been to acknowledge the growing risks that cyberthreats pose to national security, it has – unfortunately – become all too clear in recent years that cybersecurity is an issue that affects not just government agencies, but anyone and everyone, regardless of industry. Consider how, in the last few years, claims of identity theft and tax fraud have skyrocketed, targeted data breaches at major companies – from big banks to retailers to healthcare providers – are compromising millions of records containing personally identifiable information (PII) and the IT departments responsible for safeguarding against these risks seem virtually powerless. And with businesses progressively moving their operations online – shifting email, files and other data into single-vendor cloud platforms like Microsoft Office 365 or Google Apps – these risks and their ripple effects will only continue to grow. As our lives become increasingly digital and interconnected, implementing proper cybersecurity and staying one step ahead of new threats will only become more important. To that end, and as Cybersecurity Awareness Month winds down, here are a few cyber risks you should put on your radar to protect yourself and your data in 2016: 1. BYOD Workplace Policies Bring Your Own Device (BYOD) policies may allow employees the freedom to use their own familiar phones, tablets or laptops for work purposes. But, it also presents a glaring security flaw when you consider that 43 percent of smartphone users in the U.S. don’t use any kind of password, PIN or pattern lock protection – let...

White House Turns Attention to Cybersecurity

Cyberattackers and hackers operate in the shadows, lurking away from where conventional law enforcement can easily identify and investigate them. They prefer secrecy and anonymity. But they may not have that luxury any longer – not since the federal government and the White House, specifically, have escalated their focus on cybersecurity. First, President Barack Obama addressed the issue during his State of the Union address earlier this month, declaring, “No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids.” To back up his comments, the president also submitted a budget proposal that allocates funding toward combating cyberattacks. In the initial proposal, the president called for cybersecurity spending to increase by 10 percent to $14 billion – all in an effort to improve detection of and response to the kinds of massive attacks that have plagued both the public and private sector over the last year. Specifically, the budget proposal calls for: Improved data sharing Increased monitoring and diagnostics of federal computer networks More widespread deployment of the EINSTEIN intrusion detection and prevention system Government-wide testing and incident-response training New teams of engineers and technology consultants In the White House’s explanation of these budget items, it said, “Cyber threats targeting the private sector, critical infrastructure and the federal government demonstrate that no sector, network or system is immune to infiltration by those seeking to steal commercial or government secrets and property or perpetrate malicious and disruptive activity.” The cybersecurity community has largely lauded the budget and the government’s increased attention to the issue,...

Battlefield Mobile: Threats Targeting In-Motion Endpoints Climbed in 2014

By now, cybersecurity veterans are well-versed in the most common attack vectors exploited by hackers to breach their corporate networks. Brute force attacks, phishing schemes, SQL injections – they’re all proven attack methods that network administrators prepare for and defend against. But what about the next frontier? What attack vectors and endpoints do hackers now think are most vulnerable? It starts with mobile devices. They look like the perfect target to many attackers, who think that they can exploit the fact that so many connections over these endpoints go unsecured and that these devices are so popular with employees – 74 percent of organizations use or plan to use BYOD. In addition to mobile, another frontier could be devices that rely on machine-to-machine (M2M) communications, which create a scenario where human beings are entirely removed from the equation. As this small, isolated group of attack targets grows, network administrators need to be ready to fight back wherever hackers go, whether that’s on the mobile, M2M or some other battlefield. The Next Trends in Cybercrime The landscape of cyberthreats network administrators must be aware of is ever-evolving with the advent of new technologies and new criminal strategies. While there’s consensus in the security industry that mobile attacks will only increase in the coming years, the current prevalence of these incidents is really in the eye of the beholder. Only about 15 million mobile devices were infected by malware midway through 2014 – an infection rate of less than 1 percent. On the other hand, in the last year, mobile malware attacks did increase by 75 percent, off the back of...

The Trouble with the Endpoint

Much to the dismay of network administrators, IT security today is complex and multi-faceted, from the varied attack vectors to the different types of attackers themselves. But there is always one constant: the endpoint. When those endpoints are attacked, and end users cannot access services, data and applications, it is futile for a business to even host and offer them. The client, that is the device, not the human being using it, has undergone enormous changes over the last decade, thereby putting the burden on IT professionals to evolve their networks accordingly. The PC, with Windows 95, was the starting point. Next came myriad Microsoft operating system updates, followed by new form factors like tablets and smart phones, which introduced a whole new dimension. With each new client, the applications changed as well. Browsers and apps opened up unfamiliar, sometimes encrypted, and sometimes proprietary, data channels, from the Internet right down to the file system. And of course, attackers have kept track of those changes and adapted their methods accordingly over the years. To cope with these ever-evolving forms of attack, network administrators developed innovative defense mechanisms. Classic anti-virus tools were followed by sandboxes that tried to detect and block malware by offering these programs a limited, simulated runtime environment. The most recent approach uses micro-VMs, which try to contain malware within the kernel process level. Additionally, businesses now use a whole arsenal of security measures, ranging from the humble password to two-factor authentication, firewalls and encryption, to name but a few. And nothing is wrong with these measures. After all, an endpoint that uses anti-virus software is better...