The Growing Demand for Cybersecurity Professionals

Cybersecurity professionals are always in demand[i]. Threats to intellectual property and sensitive data constantly evolve with technology, which means a security professional’s job is never done. There’s always another security problem to solve.

Consider the recent proliferation of cyber attacks: it’s become easier and easier for a small group of people to compromise vast networks of corporate and government information. Worse still, cyber criminals are getting better at covering their tracks.

Experts believe the global shortage of top-flight cybersecurity professionals exceeds one million–our federal government is currently seeking more than 10,000 candidates. The trend will continue in the near future as more and more features of day-to-day living are converted to digital.

As the private sector feels the crush of data breaches, the increasing sophistication of attacks fuels demand to counter or prevent them. Unfortunately, cybersecurity is rarely considered a “glamor job.” Ask a hundred eight-year-olds what they want to be when they grow up and few (if any) will answer “cybersecurity specialist.”

But that’s all the more reason to consider a career in this booming field! Governments and private organizations of all kinds are desperately seeking skilled candidates to protect their data and critical infrastructures from cyber criminals. The shortage of cybersecurity talent is not simply a lucrative opportunity for IT experts–it’s a matter of national security in defense of privacy, property and fair commerce.

Simply stated: there have never been better opportunities for advancement in the cybersecurity profession.

I’m compensated by University of Phoenix for this blog. As always, all thoughts and opinions are my own.


[i]  http://www.bls.gov/opub/btn/volume-2/careers-in-growing-field-of-information-technology-services.htm

A look into Cyber Weapons of the Future

Remember the good ‘ol days when you thought of a finger pushing a button that launched a Russian missile that then sped at seven miles per second towards the U.S. to blow it up?

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294Little did we know back then what would one day be a way for the Superpowers to war on each other: cyber technology!

A new book is out called Ghost Fleet: A Novel of the Next World War, written by Peter W. Singer and August Cole. WWIII certainly won’t be wrought with speeding missiles and hand-to-hand combat in the trenches—at least not the bulk of it.

An article on vice.com notes that the Third World War will take place in cyberspace (in addition to land, sea and air).

Vice.com contacted Singer about his novel. One of the villains is China, even though much of the attention has been on the Middle East and so-called terrorist attacks by radical Muslims.

To write the novel, the authors met with a wide assortment of people who, if WWIII were to come about, would likely be involved. This includes Chinese generals, anonymous hackers and fighter pilots. This gives the story authenticity, realism…a foreshadowing.

Singer explains that his novel is so realistic that it’s already influencing Pentagon officials in their tactics.

The Third World War will probably not require so much the ability to do pull-ups, slither under barbed wire and rappel down buildings, but the mastering of cyberspace and outer space: It’s likely that the winner of this war will be king beyond land, sea and air: lord over the digital world and the blackness beyond our planet’s atmosphere.

Projected Weapons of WWIII

  • A kite-shaped Chinese drone, massive enough to take out stealth planes and ships
  • Drones that, from high altitude, could get an instant genetic readout of an individual
  • Smart rings that replace computer mouses
  • Brain-machine interfaces. This already exists in the form of paralyzed people using their thoughts (hooked up to a computer) to move a limb (their own or robotic). This technology has applications in torturing the enemy.

That old saying, “What the mind can conceive and believe, can be achieved,” seems to be becoming more truer by the second. Imagine being able to wipe out the enemy by plugging your thoughts into a computer and imagining them having heart attacks.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

A Quarter of all Underage Kids Will Meet with Complete Strangers

According to a new Intel Security study, more than 2,000 American parents and kids ages 8-16 were surveyed to unveil some interesting things.12D

  • 79% of the juvenile respondents learned online safety from their parents.
  • 35% of them said they’ve been a cyberbully.
  • 27% of them said they have met, or would meet, a person in real life who they initially met online.

Technology is often blamed for all of this. But what drives these behaviors is the same force that drives the schoolyard bully to trip the bookworm and steal his lunch, or the lonely girl to get into a stranger’s car after school: parenting!

Parents need to get more involved and bone-up on their cyber smarts! Because, according to our kids, 79% of them learn online safety from you —the parent

  • Your kids want a social media account? Great—you get to have their password in exchange. Leave no other deal on the table.
  • Did you know it’s legal for parents to use monitoring software on their kids’ devices? Monitoring isn’t a break in trust. It’s simply an exercise in smart parenting.
  • Parents think because they are on Facebook with their kids, that they are “informed” about their kids’ activities. Facebook is like going out to dinner with a tween. They tolerate it, but are embarrassed by you. And while they behave in public, they may not be so well-behaved when unsupervised.
  • Apps such as Kik, Snapchat, Instagram and many others are potential platforms where risky business can take place. And these are some of the sites parents are less familiar with. Which is why you should be there.
  • Discuss with your kids the sites you do not want them visiting —including “pro-ana” sites that give tips on how to waste down to skin and bones, and other sites that give advice on how to cheat on tests. If you’re not familiar with these sites, search for them.
  • Tell them they should never reveal their password to a friend any more than they would give that friend the key to their diary (if they had a diary, of course).
  • Reinforce with your kids that anything they post online will outlive the galaxy. Digital is forever.
  • Make sure your kids are made to feel at ease approaching you about online worries or concerns. Never make them feel they’ll be judged, criticized or blown off over any questions or comments. Don’t set yourself up to be a “Why didn’t she come to ME about this?” type of parent.
  • Cover your bases: Educate your kids about common hacking scams, install parental control software and make sure your entire family’s devices have security software installed and that it’s always updated.

Digital lives are no different than physical lives and need to be treated with the same care and concern. While parents may think they have a handle on their kids’ online lives, they probably don’t. It takes a bit of denial to function as a parent because if a parent actually thought through all the horrors a kid can get into, they’d cease to function. As a result, some parents go the complete other direction and fool themselves into thinking everything’s just peachy.

Understand this: It’s not the same today as when we were kids. We know this. But the big difference is when kids fall today, they fall harder and it’s on a national and sometimes international scale that can impact the whole family.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!

3 More Ways Criminals use influence to steal

Criminals use six basic principles to influence and steal. In the first post we discussed:

  • Reciprocation: Do something nice for a person and they will feel obligated to return the favor.
  • Social Proof: This is the “It’s okay if everyone else does it” approach.
  • Commitment and Consistency: Get someone to verbally or in writing commit to something, and this will increase the chances they’ll follow through.

11DRobert Cialdini is a psychologist who studied influence for nearly 30 years, condensing his findings into six principles. In this post we will discuss 3 more principles of influences that tie it all together and make scammers experts at their craft.

Liking

  • If someone likes you they will more likely comply with you. Get more bees with honey as they say. We do business with those we know, like, and trust. When you see others rate a product high, you are more likely to buy it.
  • The liking could even result from noticing that you have a similar hairstyle or body mannerisms. This is why salespeople are taught to mimic the vocal patterns of their prospects.
  • A similar name, knowing the same people, finding common ground, a similar physical appearance, is all comforting.
  • Scammers do everything they can to appear as a likable trusted source. The scam email looks exactly like your bank because you must like your bank if you trust them with your money, so you click the link. This new person friends you on social and you see they are connected to 25 of your others friends and colleagues. They must be OK right? No.

Authority

  • Coming off with some authority increases one’s ability to influence people. This is why salespeople are taught to speak with downward inflections.
  • To seem more authoritative, wear dark clothing. Police officers and security guards dress in black or dark blue. So do ministers, judges and karate instructors. Attorneys in court, especially during closing arguments, usually wear dark. Imagine a cop in pink. Or SWAT in lavender.
  • But authority can also be white (doctor’s lab coat, nurse’s uniform). The bottom line is that when people perceive authority, they tend to comply.
  • This concept greatly pertains to social aggression: A man harassing a woman will usually back off if she suddenly squares up her shoulders, stares hard at him and speaks in a deep, primal voice, “Get out of my way, or else!” Dog are more effectively trained when the trainer uses a deeper voice.
  • Scammers pose as the government, law enforcement, the IRS, bill collectors, the security department from your credit card company, HR, accounting and more. Anytime an authoritive figure contacts you, be suspect.

Scarcity

  • Scarcity of an item makes it more appealing. Antique cars and rare old coins are worth more because there are few of them and a lot of people who want them.
  • This concept is used by marketers all the time. Ever hear “will soon be discontinued”? You suddenly buy a dozen of the product, even though you’ve hardly purchased it before. Ever hear “limited offer” and “but if you act now…”?
  • When there is a big storm/hurricane coming, people clear the shelves at the supermarket in fear they will not eat or drink.
  • Scammers understand scarcity is also associated with loss. They use the same principle when they tell you in a pop up if you don’t fix this, or in an email if you don’t act now, or over the phone if you don’t give up your username and password all your data/money etc will be gone, you won’t get paid next week etc. It’s limitless how they use scarcity.

I’ve said this before. Don’t be cattle. Don’t act like sheep. Most of the world functions based on the honor system. As long as everyone is honest, everything works seamlessly. The honor system is designed with the mindset that we are all sheep and there are no wolves. We know there are plenty of wolves.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

3 Ways Criminals influence to steal

Criminals use six basic principles of Influence to steal. In this post we will discuss the first 3. The ability to influence boils down to science. By applying some science, anyone can learn to be more influential. It’s easy to influence sheep and cattle. It’s a bit more complicated to influence people. But many people can be influenced as easy as a cow. Criminals understand this the same way sales people do. The derivative of “confidence” is con. All influence in some way is designed to gain your confidence and in some cases to trick you. That’s where “confidence trick” comes from. Robert Cialdini is a psychologist who studied influence for nearly 30 years, condensing his findings into six principles. I’ll bet every crime syndicate out there read his books.

Reciprocation

  • Do something nice for a person and they will feel obligated to return the favor. This concept is seen in doctors who promote a particular drug—the pharmaceutical company has just given him free notepads, pens and a coffee mug.
  • Want your children to show you respect? Show them respect. They’ll feel obligated to treat you the same. Mostly.
  • Scammers use this by offering something free in an emailed link. You might have to reciprocate and give up an email address or simply click a link. Clicking on the link installs a virus. You get a call from a colleague in tech support. They say “I need your password to fix this server” and “I’ll be there for you someday when you need help”. We want to help, we want to return the favor.

Social Proof

  • This is the “It’s okay if everyone else does it” approach. People have a tendency to check out what other people are doing when they’re not sure what course to take. Stand on a street corner in a busy city and look up at a skyscraper, then watch the crowed gather to see what you are looking at.
  • Why does the new treadmill user at the gym hold onto the rails while walking? Because they see everyone else in the gym doing it. What made you decide to buy that kitchen gadget? Because the TV ad said, “They’re going fast, everyone’s buying it, so order now!”
  • This concept also applies to emergency situations, such as people lined up at a third story window of a burning building, afraid to jump—until one person leaps. Suddenly, everyone else leaps.
  • Scammers will use social proof to trick you in a Ponzi investment scheme. If all kinds of people you trust are making the same investment, then why wouldn’t you?

Commitment and Consistency

  • Get someone to verbally or in writing commit to something, and this will increase the chances they’ll follow through. They are committed. Signing a contract means you are committed. Anything that comes out of that contract is your responsibility.
  • People want to do things by the book, they want to be civilized and play by the rules. This plays off of social proof to conform like others.
  • Scammers recognize most people are committed to “doing the right thing”, or being appropriate. So if you get a call or an email saying there is an issue with your account, you want to do the right thing and fix it. Getting things right may mean giving your data to a criminal.

Don’t be cattle. Don’t act like sheep. Most of the world functions based on the honor system. As long as everyone is honest, everything works seamlessly. The honor system is designed with the mindset that we are all sheep and there are no wolves. We know there are plenty of wolves. Don’t be sheep.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Cyberbullying: Its Uniqueness & Prevention

Unfortunately, cyberbullying is prevalent, and a growing threat in today’s always-connected world. Cyberbullying refers to bullying done via computers, or similar technologies, such as cell phones. This kind of bullying usually includes mean or threatening comments, or public posts through texts, emails, voice mails, social media posts, all intended to embarrass the victim.

11DCyberbullying can happen to both adults and kids, but since it’s so common among youths, it’s good to know how to help your children deal with the problem.

One important idea to keep in mind is that unlike the kind of face-to-face bullying that many of us witnessed in school years ago, cyberbullying doesn’t end when the bully is out of sight.

These days, a bully can virtually follow his or her victim everywhere using technology. The bullying can take place without the victim’s immediate awareness, and because of the broad reach of social media, the audience is often much larger than at the school yard.

Since it can be difficult to get a cyberbully to stop their harassment, your best bet is to teach your kids safe online habits to try to prevent a bullying situation in the first place.

Cyberbullying Prevention Tips:

  • Let your kids know that you will be monitoring their online activities using parental control software. Explain how it works and how it can benefit everyone. This policy should be well-established long before your kids get their own cell phone and computer.
  • Make a point of discussing cyberbullying with your kids, and help them understand exactly what it is and how it happens. These discussions should take place before kids get their devices.
  • Set a condition before a child gets his or her very own smartphone and computer they must give their passwords to you. You can, of course, reassure them that you won’t use the passwords unless there’s a crisis.
  • Another condition for device ownership is that your kids will sit through instruction on smart online habits, and most importantly, they should understand that once you post something in cyberspace, it’s there forever.
  • Once your kids get their devices, role-play with them. This gives you a chance to play the part of a bully, and teach your kids appropriate responses.
  • Warn your kids not to freely give out their cell phone number and email address, and tell them that they should never reveal their passwords, even to close friends.
  • Stay aware of your children’s online activities and reassure them that they will never get in trouble if they report cyberbullying to you.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

How Employers or Parents Spy

Disgruntled employees act out in lots of ways. A guy I knew who hated his boss “played” on his work computer all day. The computer was strictly for constructing company graphics. But he installed all kinds of games and wasted lots of time. His boss never knew he blew off half the day.

2WCompany computers are obviously company owned, making it legally possible for your boss to spy on you. Employers can also figure out whom you’re speaking to on your company owned or sanctioned phone and for how long—with phone monitoring software—They can also see contacts, emails, texts, media and more. All legally.

An article on forbes.com notes that some companies sell and advertise such software in a sensational way (“Find Out WHO Is Making Up Normal Personal Calls”)—software that can automatically send e-mail alerts about phone calls made by employees. These include details such as frequency and with whom.

The forbes.com article then mentions another such company, that sells spyware for cell phones and tablets that’s “100% invisible and undetectable.” They usually call it monitoring, not spying, and point out that businesses have a right to monitor to “control their business.” And, frankly, they do.

However, most of these programs are geared towards and used by parents and spouses (spouses concerned with cheating) and parents, what with kids developing all kinds of psychological disorders with the help of cyberbullying.

And again, company monitoring is legal if this activity is in the employer’s contract. The monitoring must have a business-related reason. There’s a difference between “spying” or tracking an employee’s use of the company phone during times that employee is supposed to be working, and spying on his conversations with his ex-wife over the custody fight of their kids while he’s on lunch break.

Businesses need to strike the right balance so that employees don’t feel that their trust has been violated.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

3 Ways We are Tricked into Cyber Attacks

So just how are hackers able to penetrate all these huge businesses? Look no further than employee behavior—not an inside job, but innocent employees being tricked by the hacker.

9Drecent survey commissioned by Intel Security reveals that five of the top seven reasons that a company gets hacked are due to employee actions.

One of the things that make it easy to trick employees into giving up critical information is the information employees share on social media about their company.

People just freely post things and tweet all day long about company matters or other details that can be used by a hacker to compromise the company. What seems like innocuous information, such as referring to a company big wig by their nickname, could lead to social engineering (tricking users into believing the request is legitimate so the user gives up sensitive information).

Between social media and the golden nuggets of information on Facebook, Twitter, LinkedIn and other platforms, hackers have a goldmine right under their nose—and they know it.

3 Key Pathways to Getting Hacked

  1. Ignorance. This word has negative connotations, but the truth is, most employees are just plain ignorant of cybersecurity 101. The survey mentioned above revealed that 38% of IT professionals name this as a big problem.
    1. Do not click on links inside emails, regardless of the sender.
    2. Never open an attachment or download files from senders you don’t know or only know a little.
    3. Never visit a website on the job that you’d never visit in public. These sites are often riddled with malware.
  2. Gullibility. This is an extension of the first pathway. The more gullible, naive person is more apt to click on a link inside an email or do other risky tings that compromise their company’s security.
    1. It’s called phishing(sending a trick email, designed to lure the unsuspecting recipient into visiting a malicious website or opening a malicious attachment. Even executives in high places could be fooled as phishing masters are truly masters at their craft.
    2. Phishing is one of the hacker’s preferred tools, since the trick is directed towards humans, not computers.
    3. To  check if a link is going to a phishing site, hover your cursor over the link to see its actual destination. Keep in mind that hackers can still make a link look like a legitimate destination, so watch our for misspellings and bad grammar.
  3. Oversharing. Malicious links are like pollen—they get transported all over the place by the winds of social media. Not only can a malicious link be shared without the sharer knowing it’s a bad seed, but hackers themselves have a blast spreading their nasty goods—and one way of doing this is to pose as someone else.
    1. Be leery of social media posts from your “friends” that don’t seem like things they would normally post about. It could be a hacker who is using your friend’s profile to spread malware. Really think…is it like your prude sister-in-law to send you a link to the latest gossip on a sex scandal?
    2. Don’t friend people online that you don’t know in real life. Hackers often create fake profiles to friend you and then use their network of “friends” to spread their dirty wares.
    3. Take care about what you post online. Even if your privacy settings are set to high, you should think that when you post on the Internet, it’s like writing in permanent ink—it’s forever. Because did we all really need to know that time you saw Kanye from afar?

All of us must be coached and trained to keep ourselves and our workplaces safe, and that starts with practicing good cyber hygiene both at home and at work.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Protect Yourself from Online Fraud

Yes, it’s possible: preventing fraudsters from getting you via online trickery and other stealthy actions. Yes, it’s possible to be thinking one step ahead of cyber criminals. Let’s begin with e-mails—the conduit through which so many cyber crimes like ID theft occur. 9D

  • Imagine snail-mailing vital information like your SSN, bank account number, a duplicate of your driver’s license and your credit card number. At some point in the delivery process, someone opens the letter and see the contents. Electronic messages are not entirely private. Recognize this risk before sending knowing that in transmission there is a chance your information can be seen. Sometimes the telephone is a better option.
  • Ignore sensationalistic offers in your in-box like some ridiculously low price on the same kind of prescription drug you pay out of pocket for; it’s likely a scam.
  • Ever get an e-mail from a familiar sender, and all that’s in it is a link? Don’t click on it; it may trigger a viral attack. As for the sender, it’s a crook compromised your friends email and who figured out a way to make it look like the e-mail is from someone you know.
  • In line with the above, never open an attachment from an unfamiliar sender; otherwise you may let in a virus.
  • If someone you know sends you an unexpected attachment, e-mail or call that person for verification before opening it.
  • Enable your e-mail’s filtering software to help weed out malicious e-mails.
  • Ignore e-mails asking for “verification” of account information. Duh.

Passwords

  • Don’t put your passwords on stickies and then tape them to your computer.
  • Do a password inventory and make sure all of them contain a mix of letters, numbers and characters, even if this means you must replace all of them. They also should not include actual words or names. Bad password: 789Jeff; good password: 0$8huQP#. Resist the temptation to use a pet’s name or hobby in your password.
  • Every one of your accounts gets a different password and change them often.

General

  • Make sure your computer and smartphone are protected with antivirus/anti-malware and a firewall. And keep these updated!
  • Your Wi-Fi router has a default password; change it because cyber thieves know what they are.
  • When purchasing online, patronize only well-established merchants.
  • Try to limit online transactions to only sites that have an “https” rather than “http.” A secure site also has a padlock icon before the https.
  • Make sure you never make a typo when typing into the URL; some con artists have created phony sites that reflect typos, and once you’re on and begin entering your account information, a crook will have it in his hands.
  • Access your financial or medical accounts only on your computer, never a public one.
  • Ignore e-mails or pop-ups that ask for account or personal information.
  • When you’re done using a financial site, log out.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Hacking Humans: How Cybercriminals Trick Their Victims

Intel Security has compiled a list of the top ways cybercriminals play with the minds of their targeted victims. And the chief way that the cybercriminals do this is via phishing scams—that are designed to take your money.

11DThe fact that two-thirds of all the emails out there on this planet are phishy tells me that there’s a heck of a lot of people out there who are easily duped into giving over their money. I’m riled because many of these emails (we all get them) scream “SCAM!” because their subject lines are so ridiculous, not to mention the story of some befallen prince that’s in the message

I bet there’s a dozen phishing emails sitting in your junk folder right now. Unfortunately, a lot of these scam emails find their way into your inbox as well.

McAfee Labs™ has declared that there’s over 30 million URLS that may be of a malicious nature. Malicious websites are often associated with scammy emails—the email message lures you into clicking on a link to the phony website.

Clicking on the link may download a virus, or, it may take you to a phony website that’s made to look legitimate. And then on this phony site, you input sensitive information like your credit card number and password because you think the site really IS your bank’s site, or some other service that you have an account with.

6 ways hackers get inside your head:

  1. Threatening you to comply…or else. The “else” often being deactivation of their account (which the scammer has no idea you have, but he sent out so many emails with this threat that he knows that the law of numbers means he’ll snare some of you in his trap).
  2. Getting you to agree to do something because the hacker knows that in general, most people want to live up to their word. That “something,” of course, is some kind of computer task that will compromise security—totally unknown to you, of course.
  3. Pretending to be someone in authority. This could be the company CEO, the IRS or the manager of your bank.
  4. Providing you with something so that you feel obligated to return the favor.
  5. “If everyone else does it, it’s okay.” Hackers apply this concept by making a phishing email appear that it’s gone out to other people in the your circle of friends or acquaintances.
  6. Playing on your emotions to get you to like the crook. A skilled fraudster will use wit and charm, information from your social profiles, or even a phony picture he took off of a photo gallery of professional models to win your trust.

In order to preventing human hacking via phishing scams, you need to be aware of them. Aware of the scams, ruses, motivations and then simply hit delete. Whenever in doubt, pick up the phone and call the sender to confirm the email is legit.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.