next

now browsing by tag

 
 

#bumble | #tinder | #pof Know Someone Who Is Building The Next Instagram Or Spotify? Nominate Them — Or Yourself! – For The Next Forbes 30 Under 30 | romancescams | #scams

In the 10 years since we published the first Forbes 30 Under 30 list, the world has changed dramatically, but one thing has not: our history of spotting young innovators […] View full post on National Cyber Security

#nationalcybersecuritymonth | Security lifeline: WhatsApp to pull support for older Android and iOS devices next month

Source: National Cyber Security – Produced By Gregory Evans

Upgrade or be left behind

ANALYSIS Millions of smartphone users may have a little less mobile security next month, after WhatsApp withdraws its support for older versions of Android and iPhone operating systems.

Devices running on iOS 8 and earlier, or Android versions 2.3.7 and earlier, will no longer receive updates from the free messaging service, with app features expected to deprecate on these systems from February 1.

“WhatsApp for iPhone requires iOS 9 or later,” WhatsApp said in a recent statement on its website.

“On iOS 8, you can no longer create new accounts or reverify existing accounts.

“If WhatsApp is currently active on your iOS 8 device, you’ll be able to use it until February 1, 2020.”

According to the UK’s National Cyber Security Centre, a security vulnerability is much more likely to be exploited on end-of-life devices that run unsupported software.

The damage that these issues can cause also increases, with attackers finding an easy target in technology where the only fix available is to upgrade to patch supported hardware or operating system.

The general functionality of the retired product tends to break, as well.

“We don’t explicitly restrict the use of jailbroken or unlocked devices,” WhatsApp said.

“However, because these modifications might affect the functionality of your device, we can’t provide support for devices using modified versions of the iPhone’s operating system.”

There is no industry standard as to when to end support for dated versions of an app or software. The decision is largely decided in the boardrooms of tech conglomerates, and generally viewed as a balancing act between consumer market share, cost, and security.

In order to keep on top of the software lifecycle, consumers are often required to upgrade their hardware. In the case of Apple, iOS 13 – the latest version of its mobile OS – is only compatible with the iPhone 6S and above.

At the other end of the spectrum, iOS 8, Apple’s eighth major operating system released in 2014, receives only minimal third-party application support.

“Of course Apple wants us to upgrade to their latest and greatest iPhones and MacBooks,” Patrick Wardle, Mac security expert and creator of the infosec blog and security toolkit site Objective-See, told The Daily Swig last year.

“But from a security point of view (versus just a consumer/marketing point of view), there is no denying that the latest version of their software and hardware (for example devices) are often far more secure than their predecessors,” Wardle said.

“Users should really upgrade to newer versions,” he added.

Read the latest mobile security news and breaches

This is an ongoing game for consumers, and indeed businesses, to have a healthy level of security and rid themselves of, what is known in the industry, as technical debt – the migration away from Windows 7 is one example.

Affordability can outweigh the guarantee of vendor support, however, which illustrates the reality of many individuals who lose the security guarantee that comes alongside regular patches on compatible hardware.

While there are no official statistics related to the version types of mobile ownership, Angela Siefer, executive director of the US non-profit National Digital Inclusion Alliance (NDIA), says it’s safe to assume that those in low income brackets are less likely to be using the latest devices.

The most vulnerable populations are put at even more risk, she says.

“The situation with WhatsApp is definitely alarming, but it’s also not surprising,” Siefer told The Daily Swig.

“As technology keeps innovating there is going to continue to be people left behind, and society needs to figure out how to support those folks as technology moves forward.”

The NDIA works to address affordability issues related to internet access and ownership of digital devices. Part of that mandate is education, where security, in particular, needs to move outside the tech industry bubble in order to reach individuals who may not realize that their software needs fixes.

“They’re [consumers] not reading tech blogs, they’re probably not reading anything about WhatsApp, they’re just frustrated because now it [WhatsApp] doesn’t work anymore,” Siefer said.

There are certain cases where tech companies or software vendors provide extended support for their products, whether in full due to their popularity or through open sourcing specific applications, as the case with the iPhone.

But these third-party applications fall few and far between, and some, including Paul Roberts, founder of the right to repair infosec group Securepairs, believing legislation should compel companies to release unsuppoprted software into the public domain.

“So, in the context of WhatsApp, open source discontinued versions of the app and put it on GitHub,” Roberts told The Daily Swig.

“That way, technically minded users can pick up where the company left off: making a ‘public’ version of the app that will continue to work on older phones and tablets.”

WhatsApp deciding to make versions of iOS and Android obsolete follows a move to end its support for all Windows phones at the beginning of the year, similar to one taken by parent company Facebook in April 2019, which sunset Facebook, Messenger, and Instagram apps for users of the limited Microsoft smartphone.

WhatsApp is currently one of the most popular chat apps for smartphones operated in 2017 by an approximate 1.5 billion consumers across the globe.

The company did not reply to The Daily Swig’s request for comment about how many people use its service on the soon-to-be out-of-date operating system, but as Facebook, and other tech giants, continue to gain a foothold in emerging markets, consumer desire to hold onto older devices may drive the industry to rethink the end-of-life ecosystem.

RELATED Apple pulls U-turn on right to repair

Source link

The post #nationalcybersecuritymonth | Security lifeline: WhatsApp to pull support for older Android and iOS devices next month appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | What’s Next for Iran’s Cyber Actors?

Source: National Cyber Security – Produced By Gregory Evans




The country has grown as a talented, and destructive, network threat over the last several years.


Expect more network-enabled spying and possibly destructive cyber attacks in the wake of the killing of one of Iran’s most important military commanders, experts said.

“We will probably see an uptick in espionage, primarily focused on government systems, as Iranian actors seek to gather intelligence and better understand the dynamic geopolitical environment. We also anticipate disruptive and destructive cyberattacks against the private sphere,” said John Hultquist, director of Intelligence Analysis at FireEye, in a Friday statement.

Like a lot of smaller state actors, Iran has been growing its cyber capacity over the last several years. Clumsy distributed-denial-of-service attacks and website defacements in 2009 led four years later to the manipulation of search query commands in an attack on the Navy Marine Corps Intranet. In 2013, an Iranian national allegedly breached the control system of a dam in Rye, New York. Two years after that, Iran actors used wiper malware to delete files from some 35,000 computers owned by Saudi Aramco, one of the most disruptive attacks to date.  

Iranian cyber actions spiked ahead of the 2015 signing of the multinational deal that limited Iran’s nuclear activities. Targets included U.S. financial organizations and even the Sands casino in Las Vegas. Owned by outspoken conservative Sheldon Adelson, who had argued publicly against the deal, the casino’s networks were wiped clean, doing a reported $40 million in damage.

Iranian cyber activity dropped off somewhat after the signing of the nuclear deal. But in 2017, a threat group that FireEye dubbed APT33 attacked aerospace and petrochemical targets across the United States, Saudi Arabia, and South Korea. The group created domain names to send convincing emails pretending to be from Boeing, Northrop Grumman, and various joint ventures. The methods — targeted spear-phishing and domain-name squatting — suggest that the intent was industrial espionage, not destruction. And in December 2018, a series of dramatic wiper attacks targeted Italian, Saudi and UAE oil interests in the Middle East, attacks that experts have attributed to Iran.

What’s Next

The past year brought various warnings of a new spike in malign network activity. A January 2019 report indicated that Iran had been attacking domain name service providers, aiming to set up fake domain names that could facilitate a new wave of spearphishing operations. 

The following month, Crowdstrike’s 2019 annual threat report noted that despite “some short-term gaps in attributable incidents this year, Iran based malicious cyber activity appeared to be fairly constant in 2018 — particularly involving incidents targeting other countries in the [Middle East and North Africa] region…Additionally, it is suspected that Iranian adversaries are developing new mobile malware capabilities to target dissidents and minority ethnic groups.”

In June, Christopher Krebs, the director of the Cybersecurity and Infrastructure Security Agency, or CISA, at the Department of Homeland Security, said in a statement: “CISA is aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies. We will continue to work with our intelligence community and cybersecurity partners to monitor Iranian cyber activity, share information, and take steps to keep America and our allies safe.”

Source link

The post #nationalcybersecuritymonth | What’s Next for Iran’s Cyber Actors? appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | What’s next for cybersecurity: five predictions for 2020

Source: National Cyber Security – Produced By Gregory Evans

Cybersecurity has been a hot topic for large and small businesses alike throughout 2019.

Big household names such as British Airways and Marriott have faced record fines from the Information Commissioner’s Office (ICO) for data breaches, and headlines warn of the increasing threat posed by the use connected devices, potentially allowing hackers easier access to our data.

Although many businesses are taking steps to protect themselves against cyber-attacks, there are still many more that are not sufficiently motivated to protect themselves against such threats, or even feel that the threat level doesn’t warrant the investment required to implement adequate cybersecurity protocols.

We expect 2020 will be another eventful year for the ever-evolving cybersecurity industry, and have listed below our top 5 predictions for the year ahead:

1. Tighter integration between DPOs and CISO In the rush to respond to a growing cyber threat, organisations of all sizes have been equipping themselves with the resources and expertise necessary to address privacy and cyber risks. However, this haste has often seen businesses implementing cybersecurity protocols in uncoordinated and therefore more expensive ways, leaving them open to vulnerability from this fragmented approach.

We expect to see senior leadership calling for a coherent, business-wide approach, which could include the application of a single cyber security and data privacy leader to lead and coordinate resources from stakeholders across the business, such as legal, finance and IT. A coordinated strategy with an accountable cybersecurity leader in place will deliver greater resilience against attacks and data loss, and provide a much better response should an incident occur. It will also allow for detailed reporting explaining the specific threats to the business, and a demonstration that these risks are understood and being mitigated against.

2. In-depth incident response rehearsalsCyber incident preparedness training will likely become more sophisticated in 2020, as senior leadership teams start to prioritise the rehearsal of a customised major data breach and evaluate the resulting incident response.

There is a strong business case for rehearsing cyber-attacks, as it can help an organisation identify gaps in policy, reporting, decision authority, supplier services, and technical operations. Any issues identified in a rehearsal can be mitigated against, allowing a more effective response in the event of a real life situation.

3. Increase in attacks on SMEs

With bigger companies investing heavily in cyber defence in recent years, cybercriminals are turning their attention to small and medium sized enterprises (SMEs). Smaller scale ransomware attacks are continuing to pay off for cyber-bandits, and despite small businesses becoming the cyber-attackers’ new easy target of choice, many are unprepared and unaware of the risk.

The security resilience in smaller organisations is still developing, and employing expert help is often seen as unaffordable, making these organisations easier targets. Human error and weaknesses in the supply chain are still areas for concern, however, we expect to see training and technology solutions that will drive down the cost of building cybersecurity resilience. For example, inexpensive training programs will help eliminate the weakest security link in these businesses – people.

The National Cyber Security Centre is the UK’s independent authority on cyber security and publishes a broad range of advice and guidance that can help SMEs. Growing adoption of basic security standards such as Cyber Essentials standard will also help. NCSC oversees the “cyber essentials” certification scheme – a government-backed and industry supported scheme that provides self-assessment certification to help organisations protect themselves against common cyber-attacks and aids compliance with the NIS Regulations.

4. Use of AI to defend against phishing attacks

A business can also face risk from inside the organisation. Phishing scams have become increasingly more sophisticated and are harder to detect. Spear phishing – where cyber criminals have taken their time researching their victim and crafted a bespoke email – is becoming a really big problem, as it’s even harder for the recipient to identify the scam.

In a typical working environment, where employees are busy or distracted, the risk is likely to be higher. However, AI, and machine learning in particular, could be the answer.AI can be put to work analysing emails and noticing patterns of behaviour, suspicious language or metadata, and would intelligently detect and autonomously neutralise phishing emails. We’ve seen a movement towards the use of automation in an effort to reduce the burden on understaffed cyber security teams and increase efficiency.

However, it’s important to remember that AI can also be used against a business, with cyber-criminals making use of it to make their attacks even smarter. Employee training and regular engagement to increase staff awareness, and company-wide response rehearsals, will still be required to combat these attacks and reduce the risk from careless or uninformed staff.

5. Regulatory response to drive up standards

Cybersecurity is not just an IT issue, but a regulatory issue too. Indeed, the financial sector is sitting up and taking notice – the Financial Conduct Authority has seen increasing reports of cyber-attacks that are growing in scale and complexity and has stated: “Firms of all sizes need to develop a ‘security culture’, from the board down to every employee.”

A UK government consultation in 2019 saw the government request industry views to help it understand what barriers were preventing organisations from adopting cybersecurity standards. Home-grown security standards may not be credible if they are not widely adopted internationally and easily auditable.

Although significant changes have been brought about by the implementation of the GDPR (concerned with the security of personal data) and the Network and Information Systems Regulations (concerned with the security of information systems) which both took effect in May 2018, there remains a gap for a cohesive cybersecurity legal and regulatory framework in England and Wales.

The implications of Brexit also provide an icing of uncertainty, and it will important to consider how the UK might chose to adhere to any existing EU security regulations.

Next Steps

Regardless of regulatory attention, or the size of an organisation, businesses must take an increasingly joined-up approach and continue to take steps to improve their defences, or risk severe financial and reputational damage.

The importance of cybersecurity must be promoted at all levels, with a strong senior leadership team ensuring a centrally-managed strategy is in place, and implementing the necessary policies, procedures and training to minimise risk and strengthen incident response.

This article was first published by Data Protection Magazine. 

Source link

The post #cyberfraud | #cybercriminals | What’s next for cybersecurity: five predictions for 2020 appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Indian web shows get set for the next level

Source: National Cyber Security – Produced By Gregory Evans

Indian web shows get set for the next level

New Delhi, Nov 24 (IANS) “Sacred Games”, starring Saif Ali Khan and Nawazuddin Siddiqui, was brought back by Netflix India this year owing to the huge success of season one. The crime thriller isn”t the only Indian web show that got renewed for a new season. There are other shows that have cleared the “acid test of content”, too.

The big question for all OTT shows returning with new seasons is: Will these taste the success of their first parts? Or, will these underwhelm, as the new season of “Sacred Games” did earlier this year?

Soon after “Sacred Games 2” premiered in August, it led to divided reactions among netizens. Many memes comparing both the seasons flooded the Internet. Those disappointed with the second season of the series went on to use images of old and torn clothes, broken cars, and stills from “Games Of Thrones” to express themselves.

Cricket-themed “Selection Day”, focusing on the stories of Radha and Manju, returned to Netflix in April. Some found it just “okay”, others thought the drama was inspiring.

Despite a few shows not living up to expectations in their new seasons as compared to original ones, follow-ups are happening in the OTT world aplenty.

Amazon Prime is also bringing back some of its hit shows — “Inside Edge” being one of them, and its actress Richa Chadha has promised her fans that the new season has a much more gripping and power-packed storyline.

“My character Zarina Malik has transformed very interestingly since the first season. In the first season, Zarina tried to do things in a rightful manner but she faced a lot of obstacles. Now she is questioning herself, as to why this is happening, why she is doing this, while it only puts her in trouble. The character goes into that tussle over going into the dark side of matters,” Richa had told IANS.

“Breathe 2″ is another show the viewers are eagerly waiting for, not only because of its content but also because it will be actor Abhishek Bachchan”s foray into the digital space.

“Mirzapur 2”, starring Pankaj Tripathi and Ali Fazal, is expected to arrive in 2020. “Four More Shots Please 2″ and Zoya Akhtar”s “Made in Heaven 2” have also been announced.

The trend of renewals can be seen on Ekta Kapoor”s ALTBalaji too.

“We believe that sequels (new seasons) are the acid test of the content. Sequels are made only when the content is successful and one has to create further pull and push on the sequel for it to be even more powerful than the first season,” an ALTBalaji spokesperson told IANS.

“We have around 50 original web series and the highest number of sequels for them so far, starting with the critically-acclaimed ”Broken…But Beautiful”, on November 27, which depicted the journey of Veer and Sameera and their life of heartbreak.”

Another show on ALTBalaji, which has left behind a legacy is “Ragini MMS”.

“After the resounding success of the first season, we are now launching an even more intriguing second season that features the Internet sensation and audience”s favourite couple Varun Sood and Divya Agarwal. Adding to the hype and frenzy and ensuring we break the Internet, the franchise will have a special item number ”Hello Ji!” featuring none other than gorgeous Sunny Leone,” shared the spokesperson.

Other shows in the pipeline, which are set for a new season are “Kehne Ko Humsafar Hain season 3”, “Baarish 2”, “PuncchBeat 2” and “Gandii Baat Season 4”.

Speaking about the upcoming new seasons of their shows, the characters that “we have introduced through our shows have created a strong impression on viewers. We aim to build on this legacy while adding more interesting elements to keep them current and relevant,” said the ALTBalaji spokesperson.

–IANS

nn/vnc/bc


Disclaimer :- This story has not been edited by Outlook staff and is auto-generated from news agency feeds. Source: IANS


More from Outlook Magazine

Source link
——————————————————————————————————

The post #deepweb | <p> Indian web shows get set for the next level <p> appeared first on National Cyber Security.

View full post on National Cyber Security

How to #attract the next #generation of #cybersecurity #talent

Source: National Cyber Security – Produced By Gregory Evans

In 2018, CISOs will spend even more money than they have in the past on cyberdefense. TechRepublic’s Dan Patterson spoke with ProtectWise vice president of product management Dave Gold to discuss how companies can leverage their teams to enhance their cyberdefense strategy.

Cyberattacks are growing, their impacts are becoming more severe, and enterprises are struggling with where they should focus their efforts. Networks are changing and becoming more geographically dispersed, so organizations can’t rely on the old way of doing things of putting security at every location where security needs to be, Gold said.

“CISOs are really struggling to find enough people to do the work that we need to do,” he said. “It’s big business to attack a lot of these organizations. These are well-funded organizations, and well-funded adversaries that are coming after the data.”

Organizations are also struggling to figure out the right technologies that they need. It’s challenging for CISOs to deal with all these moving parts at once: transitioning to the cloud, changing networks, and not having the right people or tools to protect themselves from cyberattacks.

“The reality is there’s just not enough people to do this work,” he said. Organizations need to look for tools and products that can optimize the way their people spend their time.

Gold’s advice for most CISOs would be to think about how their organization is doing business, and how they can make their team more efficient in all those areas. “As organizations are moving to the cloud, security is a huge challenge. As we try to go out and hire more people, you need to find the tools that’s going to track that next generation of analysts,” he said.

Organizations need to make sure they are buying products and technologies that are going to make their teams more efficient, and not just adding another tool to their toolbox that they don’t have the time to use, he added.

The post How to #attract the next #generation of #cybersecurity #talent appeared first on National Cyber Security .

View full post on National Cyber Security

Cyber #Risk — Next #Steps For #Evolving #Security?

Source: National Cyber Security News

Richard M. Frankel served for more than 25 years in public service, and the majority of his career has been with the FBI. Serving as Of Counsel at Ruskin Moscou Faltischek P.C., Frankel’s practice focuses on Cyber Security and White Collar Crime & Investigations. A recognized authority in complex investigations, asset recovery, cyber issues and crisis management, Frankel also provides regular insight on terrorism, criminal and intelligence related matters. He has extensive experience in understanding as well as investigating complex coordinated attacks. Frankel led several FBI field divisions as the Special Agent In-Charge.

Nicole Della Ragione is an Associate at Ruskin Moscou Faltischek, P.C., where she is a member of the firm’s Health Law Department, Cyber Security and Data Privacy Practice Group and the White Collar Crime and Investigations Practice Group. Since joining the firm, Della Ragione’s practice has focused in the cyber security arena as well as federal and state litigation. She has been engaged in numerous cyber security engagements ranging across industries and of all sizes. Her work includes advising businesses based on their level of cyber-preparedness and conducting risk and threat assessments, incident response planning and more.


Christopher P.

Read More….

advertisement:

View full post on National Cyber Security Ventures

How #AI will underpin #cyber security in the next few #years

Source: National Cyber Security News

Cyber security risks are growing in complexity and volume, but artificial intelligence techniques can help businesses track and fight them in real time

Cyber criminals continue to launch increasingly sophisticated and devastating attacks on industrial, business and financial organisations around the world – and the damage from such crime could reach $6tn by 2021, according to a report from Cybersecurity Ventures.

It has become clear that organisations cannot simply rely on manpower and human interaction to fight off cyber attacks. Not only is it time-consuming for employees to spot potential threats, but it is also challenging to come up with security technologies to prevent them. So there are fears that businesses will continue to fall victim to hackers.

As a result, organisations are being forced to consider new ways to boost their cyber defences. Whether it is implementing new cloud strategies or big data analytics, many companies are showing that they can think outside the box when it comes to modernising their IT security defences.

But artificial intelligence (AI) is emerging as the frontrunner in the battle against cyber crime. With autonomous systems, businesses are in a far better place to strengthen and reinforce cyber security strategies.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Cybersecurity: How #utilities can #prepare the next #generation #smart #grid

Source: National Cyber Security News

As the convergence of physical and cyber threats continues to grow, companies in the energy sector need to work together to strengthen resilience and bolster response for the next generation smart grid.

Cyber attacks have dominated the headlines and devastated a slew of companies over the past few years – from Equifax to Yahoo, Deloitte to Merck – compromising millions of people’s information and costing billions of dollars in losses to those businesses.

But, of particular concern is the risk of attack on the electric grid, with one report showing that the US grid was being attacked as much as every four days by a cyber or physical attack – that’s nearly 100 times a year. What’s more, every year, the energy sector is among the top three most attacked critical infrastructure sectors in the US.

These repeated security breaches have raised concerns in the industry around the impact of a broader outage. Imagine how onewidespread outage lasting even just a few days could disable everything in our increasingly connected, digital landscape – from traffic lights to cellphones. It could even threaten lives, for example, of patients in hospitals or other healthcare facilities that may have exhausted their backup power supply.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Modernizing #cybersecurity #training for the next #generation

Source: National Cyber Security – Produced By Gregory Evans

Modernizing #cybersecurity #training for the next #generation

Equifax, Verizon, Molina Healthcare, Deloitte, Whole Foods, Wendy’s… it seems like every time we turn on the television another high-profile data breach is being reported. Despite an unprecedented number of security tools on the market, breaches are occurring at a record pace. According to the Identity Theft Research Center, the number of breaches for the first half of 2017 increased by 29 percent from the same time period during 2016.

If we have more tools available than ever, why does is seem that security practices are consistently failing? All signs point to one clear industry-wide problem — the growing cybersecurity workforce shortage. Security teams are understaffed, overwhelmed by alerts and challenged with managing growing security stacks without the time to adequately prepare for emerging threats.

According to the Center for Strategic and International Studies (CSIS) report, “Hacking the Skills Shortage,” 82 percent of respondents reported a shortage of cybersecurity skills within their organizations and one in four respondents stated their organizations were victims of cyber thefts of proprietary data due to a lack of qualified workers.

What is needed to address this shortage and better prepare teams for the rapidly evolving threat landscape? Industry analysts, such as Gartner, advocate moving toward “people-centric security,” which lessens organizations’ reliance on a massive stack of tools and a compliance checkbox mentality in favor of a more powerful human element in fending off attacks and reducing security errors.

With networks growing in complexity and new threats emerging at an unthinkable pace, it is imperative that organizations focus on core skills and address cybersecurity training as more than a compliance checkbox. It has become a business-critical investment.

Traditional versus next generation cybersecurity training

For most organizations, the training budget is generally allocated per person and used by individuals to attend a conference or classroom training event in order to learn about new threats and expand their skill sets. This frequently requires travel, which takes vital team members off the front lines for days at a time. Traditional training course updates are cumbersome and take time to publish. Other shortcomings involve retention and effectiveness. Research shows that individuals lose 90 percent of information within one week of traditional classroom training.

If we are to follow the guidance of industry experts and embrace people-centric security, a paradigm shift is required. The next generation of cybersecurity training must be agile enough to adapt to emerging threats. It should engage users in realistic environments through repetition and active learning principles, while utilizing features such as machine learning and artificial intelligence (AI) to quickly adapt content.

With the Internet of Things, hybrid cloud infrastructure and a growing demand for mobile enterprise applications creating more complex technology stacks, the element of realism is critical to preparing security teams. We would not expect a gold medal to be awarded to a swimmer who learns merely from videos and classroom conversation about the newest butterfly technique.

Olympians must practice those skills repetitively in a competition pool in order to be at peak condition for a race. Similarly, we cannot expect our cyber defense teams to learn only from traditional lecture-based training. Training with real-world tools in high-fidelity virtual environments against actual threat adversary malware is the future of cybersecurity training.

Next generation cybersecurity training utilizes a team approach

Training and workforce development must also be approached with a team perspective in mind. A soccer coach does not send players home individually to practice alone. The result would be a group of players with overlapping skills and no real understanding of plays or team strategy—in this case, the opponent would most certainly win.

Likewise, it is important for cyber teams to train together to defend against the top threats. Teams that consistently practice their skills, particularly incident response tactics and event handover, as an integrated team are more confident, quick and effective in their response to cyberattacks. Training as a team is further enhanced when using training platforms that replicate the organization’s environment, including realistic threat scenarios, network traffic and the tools cyber teams have each day at their disposal.

The team approach will also better engage team members when including the concept of gamification. Consider challenges that replicate real world attack scenarios with rewards for completion and improvement, or enable your red and blue teams to “face off” in order to spark excitement and make training more enjoyable. Earning skill points also serves as a mechanism to demonstrate proficiency that leads to better retention of these scarce professionals.

Training as a team also gives cyber team leaders a more thorough understanding of cyber readiness, including any skills gaps, which helps to guide future training efforts. This holistic view of readiness can help to identify areas of vulnerability as well as help guide strategic workforce development and technology purchases.

Introducing next generation cybersecurity training

As we move to the people-centric approach to security, chief information security officers (CISOs) should first look at the way their cyber team or teams are structured. Are they meeting all the important tasks/skills/roles recommended by the National Institute for Cybersecurity Training (NICE) Cybersecurity Workforce Framework and National Institute of Standards and Technology (NIST) Cybersecurity Framework? Where are there gaps and how can these gaps be addressed through cross-training existing team members? Look at existing training programs to determine if you are taking the team approach because now is the time to make the necessary changes to embrace the next generation of training.

Often times, training budgets can be reallocated to allow for investments in technology that enable next generation cybersecurity training. When approaching senior leadership for additional funding, CISOs should use cyber readiness assessments to position training as a critical investment.

Final thoughts

Adversaries are well funded with time to develop threats that cripple unprepared organizations. The attacker only has to be right once, while understaffed security teams work tirelessly to protect their networks every day. As an industry, we must arm these cyber defenders with the skills they need to be successful.

By transforming the approach to training, we can more efficiently and effectively build a highly skilled cybersecurity workforce that is better prepared to address emerging threats in complex enterprise environments.

The post Modernizing #cybersecurity #training for the next #generation appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures