This post is sponsored by Drexel University
Corporate networks are under attack. Recent headlines indicate security thieves are stepping up their game and getting more sophisticated with their approaches. Is your IT desk ready?
In this Q&A, Steven Weber, director of the Drexel University Cybersecurity Institute, details the threats challenging today’s networks and why organizations need to invest in IT professionals trained in cybersecurity.
Can you give us a big-picture view of the state of cybersecurity in the world today? What are the biggest threats to us today? What new risks have emerged?
Cybersecurity has emerged as a top priority for governments, industry, and individuals. We all live and work in an online world in which our privacy is vulnerable and the security of our data is uncertain. The stakes are higher than ever, with a significant portion of the world economy depending upon online services, and as a consequence the sophistication, dedication, and intensity of the attacks by bad agents (from lone individuals to coordinated efforts by nation states) has increased significantly.
Unfortunately the odds are tilted in the attacker’s favor: There is a long-recognized asymmetry in the return on investment between the attacker and defender. That is, a small investment by an attacker may net an enormous gain — such as a successful data breach — while a significant investment by a defender will net (at best) no loss to the company.
Many computer experts still identify people as the biggest security vulnerability, meaning an attacker seeking access to a corporation will first exploit an employee’s susceptibility to a spear-phishing attack before attempting more sophisticated attacks. Individuals in an online world must learn “cyberhygiene” for their own security, the security of the companies that employ them and the safety of their country.
October is National Cyber Security Awareness Month (NCSAM), and the intent is for individuals to recognize the critical role we each play in cyberdefense.
We’ve seen a number of large-scale, high-profile breaches in recent years, notably Sony, Target and Adobe. Are certain industries particularly vulnerable?
The old chestnut goes that there are two types of companies: those that have been hacked and those that don’t know they have been hacked. Any company using a computer that is connected to a network is vulnerable to attack.
How important is it for companies to invest in IT professionals with specific training in cybersecurity? What’s the job demand look like for cybersecurity specialists?
Many companies I speak with have a longstanding recognition by now of the need to invest in cybersecurity professionals. The difficulty is that these individuals are in high demand and short supply. My hope is that this supply gap will be closed as high-school students and college students recognize security as an interesting, dynamic, and important career path, with job security and competitive compensation.
At Drexel University, we offer a variety of on-campus and online educational programs, including certificates, undergraduate degree programs and master’s programs. For example, Drexel has an online master’s in Cybersecurity and National Security Management, bachelor’s in Computing and Security Technology, and graduate certificates in Homeland Security, Intelligence, and Cybersecurity, Law and Policy.
Students should also be aware of the Cybercorps: Scholarships for Service (SFS) program, where the U.S. government will give scholarships to talented students earning cybersecurity-oriented degrees at qualified institutions. In exchange, the student will agree to work in the government for a certain number of years.
What skills do these security experts need to have?
The skillset for cybersecurity professionals has evolved from its roots where the hacker was someone with a deep knowledge of network protocols and cryptography. Today, cybersecurity as a field encompasses an incredibly diverse ecosystem of related fields and skills including signal processing, criminology, data science, psychology, hardware design, sociology, machine learning and many others. It is a very exciting field because it is intersects with so many disciplines. Cybersecurity today is a team sport.