During the most recent American election, nuances of a diabolical and dangerous nature began to emerge at a terrifyingly regular pace. No, I’m not talking about the platform or extra-curricular activities of the candidate opposing your views, but of the notions, practices, and assumptions of our own cyber security, and protection of our personal privacy. Whether you are appalled by or defend the inspirations of these observations, the principles of personal information security are just as relevant as to those directly impacted.
While some cyber security attacks focus on destruction and damage to reputation, more common in this decade has been the widespread and rampant theft of data creating challenges in maintaining appropriate levels secrecy and data protection. To complete the theft once the data has been compromised, a successful attack will need to exfiltrate the data to the attacker for further exploitation. Here are the 5 scenarios of data exfiltration.
While there has been much written on the perils of the current talent gap, not nearly as much focus has been spent on the skills gap. Nearly 1 in 4 candidates are not qualified for the positions they seek in cyber security, and the higher education systems as well as in house development practices are often obsolete or at least ineffective. Basic writing and persuasive communications are severely lacking, imperative cognitive thinking skills can be non existent, and scripting tends to be rudimentary at best. Mid-way through my own masters degree journey, I have a unique perspective as both a hiring manager and a student as to how to begin addressing this growing issue.
Our culture has become increasingly dependent on software for automation, productivity, and quality of life; the interconnectivity of nearly everything, market-labeled “the Internet of Things,” has only increased this dependency. The software that delivers these services exists on a wide variety of platforms from traditional computers to handhelds to game machines and even appliances such as alarm clocks. Application developers are driven to deliver increasingly complex innovative features and functionality faster. Today, system and software vulnerabilities are being revealed and exploited in those applications at a disastrous pace, and the need for identifying application layer vulnerabilities before the malicious user community does has become increasingly more dire. Bug bounty programs are a crowd-sourced collective with a large and potentially well-motivated force, they can be difficult to run and potentially empower the very bad actors they mean to prevent. There is no substitute for strong security by design and robust testing through a Systems Development Life Cycle (SDLC); together, these programs are essential to a safe Internet, offering more cyber security benefits than traditional testing, are more effective at uncovering security flaws quickly, and are generally less expensive.