Blog

A Challenging Cyber Security Talent Market

If you are responsible for an organization’s cybersecurity, challenges are part of your daily life. Building a talented and cohesive team is among them.

The demand for cyber professionals far surpasses the supply of those that have training or experience in the field. A study by ISACA’s Cybersecurity Nexus (CSX) reports barely 50 percent of organizations can count on receiving at least five applications for each cybersecurity opening.

In such a competitive market the talent will be choosing you as much as you are choosing them.

You need to be proactive and creative in your talent search. Include relevant technical schools and professional organizations in your pipeline. Take pains to show you welcome diverse talent such as women and minorities into your department—data show both are underrepresented and underpaid in this industry.

Finally, cybersecurity talent should have analytic skills, attend to detail, and in the best case have communication skills that allow them to collaborate effectively across every area of your company. Those are the traits to look for in junior hires. The techniques of cybersecurity can be taught. New hires should have a passion for cybersecurity, but a background in mathematics, analytics, problem solving, and investigations can be just as promising as one in programming.

So think expansively. Core skills can be more important than certifications. Creating a supportive environment where employees continually learn new skills from other seasoned pros in the group (in addition to formal training) helps guard against another hazard of this competitive market—talent poaching by your industry peers.

Read More
Data Centric Security: Shifting Cyber Defense to the Core

Firewalls and infrastructure-level cybersecurity tools have proven themselves unequal to contemporary cybercriminals—and to the demands of contemporary business. Data breaches occur at an alarming rate, and the traditional castle and moat tools won’t be enough to protect the sensitive data in your organization. Your adversaries will try to penetrate your infrastructure so they can gather and monetize your sensitive data. By shifting to a data-centric cyber defense you focus on what is important: identifying that sensitive data and surrounding it with rings of defense.

The central mandate in the data-centric approach is to maintain control over your sensitive data at all times. That involves an extensive process of, first, identifying where all of that data is and what system processes, applications and functions use it. Second, classify it by determining whether it involves business sensitive data, intellectual property, account level data, or customer info. By using the correct level of encryption and data protection tools for each type of information you create the first line of defense against the adversary.

Just as important is restricting access by using the proper authentication and access control tools and procedures as well as by monitoring access to these files. This simplifies tracking the movement of those assets, and real-time monitoring will readily identify suspicious behavior and unauthorized use.

A good data-centric approach will provide the core foundation for integrating additional layers of cyber defense, including network monitoring, endpoint, DLP, vulnerability identification and remediation, behavioral tools, and privileged access monitoring.

Read More
Building Efficient and Collaborative Work Environments for Today’s Cyber and Tech Units

Team building for cyber and tech units presents special challenges and prerogatives. The most direct challenge occurs when a specific cyber or tech team — or complimentary functions which are critical interaction points — are geographically dispersed.

One priority should be coordinating simulation or collaboration activities for teams that are geographically separate. Keep in mind that this will require more overhead than it would for geographically centralized teams. Encourage and improve their use of the real-time collaboration technology provided by your company. As you improve your team’s coordination skills and their interactions become a daily fluid event, their camaraderie and trust in each other’s skills will increase and the difficulties of geographic dispersion will melt away.

That dispersal has benefits as well. Cybersecurity has become integrated in all areas of business, so the more your team understands of your organization’s business activities and strategic vision, the better. Culturally integrating your team members throughout the company should be priority, but you may have to fight for support for their inclusion in other group’s activities.

To successfully protect your company from attacks, your team needs to be constantly studying your networks, applications, and remote channels with the most critical eye. But that eye needs contextual understanding of the products and business processes driving all that technical activity. A strong team will have a good pipeline for moving ideas and analysis rapidly through the group. As the Chief Information Security Officer, you should work to engender a culture that encourages constructive criticism as well as the appropriate reactions to constructive criticism. Any good cyber pro understands that there could always be an angle that someone else’s eye sees more clearly.

Many discussions of team building in cyber and IT seem to start with the difficulties of team building with a group that prefers interacting with technology to interacting with each other. I have found that the best IT and cyber professionals are excellent communicators who understand technology and are able to articulate it to laymen and experts alike. They also know how to use collaborative tech channels to connect to their partners and peers.

Read More
Conventional Cybersecurity No Longer Works

Cybersecurity focuses on protecting your company’s sensitive data from criminals. But with constantly advancing and expanding threats, conventional analysis is no longer meeting the challenge. An organization’s data is now most often the most important tool in that fight. The tools of collection and analysis associated with big data have evolved to be the most effective tools in preventing breaches—and in identifying them quickly when they do occur.

Anti-virus programs and IT departments alike increasingly rely on big data. It is their best option for identifying new threats—advanced threat detection is powered by big data’s ability to quickly recognize patterns associated with malicious files. Machine learning allows programs to recognize a greater range of anomalous events, catching threats that would have bypassed any set of rules established by a security expert. The greater the range of threats the dataset contains, the more able a machine learning system will be to spot new types of threats.

The article “When big data and cybersecurity collide,” from CIO magazine’s Ravi Kumar, further explores new trends in protecting your company’s data.

Read More
State Sponsored Attacks Against Financial Institutions

In a 2018 report published by The Carnegie Endowment for International Peace, Erica D. Borghard detailed how the U.S. economy is at risk by “national security adversaries in cyberspace.”

“The U.S. financial system is a target for foreign cyber adversaries for several reasons,” she stated. “First, the financial sector is one of the bedrocks of the U.S.—and global—economy. Significant disruptive or destructive attacks against the financial sector could have catastrophic effects on the economy and threaten financial stability. This could occur directly through lost revenue as well as indirectly through losses in consumer confidence and effects that reverberate beyond the financial sector because it serves as the backbone of other parts of the economy. For instance, cyber attacks that disrupt critical services, reduce confidence in specific firms or the market itself, or undermine data integrity could have systemic consequences for the U.S. economy.”

Iran, North Korea and Russia are just three examples of adversaries cited by Borghard, an assistant professor at the Army Cyber Institute at the United States Military Academy at West Point.

As we embark on a new year, FinTech fraud experts are working assiduously to prevent such state sponsored attacks to their assets.

Read More
Credential Stuffing Increasing

Credential stuffing is one of the most common techniques used to take over user accounts.

According to The Open Web Application Security Project, research shows that past Dropbox, JP Morgan, Sony and Yahoo breaches resulted from credential stuffing.

In this type of attack, the perpetrator acquires spilled usernames and passwords from a website breach or password dump site and uses an account checker to test the stolen credentials against a variety of websites. When an attempt succeeds, the attacker takes over the account matching the stolen credentials and drains stolen accounts of stored value, credit card numbers, and other personally identifiable information.

In this Credential Stuffing Prevention Cheat Sheet, OWASP recommends several steps for thwarting credential stuffing attacks, from multi-factor authentication to avoiding the use of email addresses as user ID’s.

Read More
How General Data Protection Regulation Will Impact Risk Mitigation in 2019

Data use regulation and consumer consent is far and away the biggest concern of many developers in risk and fraud systems. It is something that could have significant effects across all areas of FinTech. There are too many unknowns and hundreds of different opinions across all fields on what is acceptable today and what may be acceptable tomorrow. This applies to all use cases including fraud.

The General Data Protection Regulation (“GDPR”) is a legal framework that currently requires businesses to protect the personal data and privacy of European Union (EU) citizens for transactions that occur within EU member states. Watch for similar legislation to come to the state and federal level in the U.S.

Read More