Cybersecurity: Professional Perspective

Source:LinkedIn

In recent months, the word "cybersecurity" has been a major buzzword, sparking debates and curiosity across society.  A large reason for this is the recent Apple-FBI security dispute which has gained enough popularity for everyone to begin paying attention, even those who were previously ignorant or uninterested regarding cybersecurity.

Following this recent rise of interest, this post will focus on presenting things learned from discussing different topics with an industry professional.

1) What are the biggest challenges in the industry?

Source:Psychologicalsciences.org

One of the topics discussed was what challenges organizations faced in the cybersecurity industry. A point that was stressed was the idea that cybersecurity attacks are inevitable. The organization should not think in terms of if a vulnerability is exposed but when it will be exposed and taken advantage of.

Unfortunately the biggest challenges small organizations and non-profits face is the lack of resources available. Experienced cybersecurity consultants and specialist come at a high price, something which these organizations are not able to afford. Instead, organizations (like Chatham) assign cybersecurity responsibilities to an already existing employee and they divide their time between two job-functions. This means that not only is expertise lacking (as many of these employees are taking cybersecurity courses and certifications while already being responsible for cybersecurity measures in their organization), but also the time devoted for cybersecurity measures.

Due to this many small organizations and non-profits are not adequately prepared for any signifiant or large-scale type of attack on their systems, which makes them prime targets for hackers and the like.

2) People Skills are just as Important as Technical Skills!

Source: Stasticservices.com

Phishing and spoofing are common attacks that cybersecurity professionals have to plan for and protect their systems against. These are attacks are built with users in mind and are designed with social engineering in mind.

Hackers and attackers combine both technical skills and people skills in order to develop attacks that will have the largest possible effect. Due to this, the cybersecurity professionals tasked with preventing these attacks and limiting their fallout also have to keep the social aspects of the problem in mind. They must reach out to the system's users and provide the education and tools they need to best prevent them from falling prey to these attacks.

The cybersecurity professionals must also have a thorough understanding of the social engineering techniques attackers may employ in order to create adequate safeguards against attacks.

3) Advice to Users: Protecting Your Information

Source:techtarget.com

Sometimes users come across a website that does not use appropriate encryption techniques or appropriately secure safeguards. When asked for advice to give users who use these websites which sometimes send sensitive data through unsecured means, the best suggestion given was to have the users weigh the costs.

Users should think about the password or data they are providing the website with and weigh the cost of having that information compromised. Does the benefit of using the website provide outweigh the cost of compromised information? It is a personal decision each user has to make when providing sensitive data.

Another recommendation is to not use the same password for different systems, especially for those that store the user's sensitive personal or financial data. Regular password changes are also recommended.