Source:LinkedIn |
Following this recent rise of interest, this post will focus on presenting things learned from discussing different topics with an industry professional.
1) What are the biggest challenges in the industry?
Source:Psychologicalsciences.org |
Unfortunately the biggest challenges small organizations and non-profits face is the lack of resources available. Experienced cybersecurity consultants and specialist come at a high price, something which these organizations are not able to afford. Instead, organizations (like Chatham) assign cybersecurity responsibilities to an already existing employee and they divide their time between two job-functions. This means that not only is expertise lacking (as many of these employees are taking cybersecurity courses and certifications while already being responsible for cybersecurity measures in their organization), but also the time devoted for cybersecurity measures.
Due to this many small organizations and non-profits are not adequately prepared for any signifiant or large-scale type of attack on their systems, which makes them prime targets for hackers and the like.
2) People Skills are just as Important as Technical Skills!
Source: Stasticservices.com |
Phishing and spoofing are common attacks that cybersecurity professionals have to plan for and protect their systems against. These are attacks are built with users in mind and are designed with social engineering in mind.
Hackers and attackers combine both technical skills and people skills in order to develop attacks that will have the largest possible effect. Due to this, the cybersecurity professionals tasked with preventing these attacks and limiting their fallout also have to keep the social aspects of the problem in mind. They must reach out to the system's users and provide the education and tools they need to best prevent them from falling prey to these attacks.
The cybersecurity professionals must also have a thorough understanding of the social engineering techniques attackers may employ in order to create adequate safeguards against attacks.
Hackers and attackers combine both technical skills and people skills in order to develop attacks that will have the largest possible effect. Due to this, the cybersecurity professionals tasked with preventing these attacks and limiting their fallout also have to keep the social aspects of the problem in mind. They must reach out to the system's users and provide the education and tools they need to best prevent them from falling prey to these attacks.
The cybersecurity professionals must also have a thorough understanding of the social engineering techniques attackers may employ in order to create adequate safeguards against attacks.
3) Advice to Users: Protecting Your Information
Source:techtarget.com |
Sometimes users come across a website that does not use appropriate encryption techniques or appropriately secure safeguards. When asked for advice to give users who use these websites which sometimes send sensitive data through unsecured means, the best suggestion given was to have the users weigh the costs.
Users should think about the password or data they are providing the website with and weigh the cost of having that information compromised. Does the benefit of using the website provide outweigh the cost of compromised information? It is a personal decision each user has to make when providing sensitive data.
Another recommendation is to not use the same password for different systems, especially for those that store the user's sensitive personal or financial data. Regular password changes are also recommended.
Users should think about the password or data they are providing the website with and weigh the cost of having that information compromised. Does the benefit of using the website provide outweigh the cost of compromised information? It is a personal decision each user has to make when providing sensitive data.
Another recommendation is to not use the same password for different systems, especially for those that store the user's sensitive personal or financial data. Regular password changes are also recommended.