Any company, government agency or individual that tps into the internet, a data center or database is at risk of a cyberattack. This can lead to financial and reputational ruin. No one is safe, not even the Pentagon, which experienced a major data breach in February 2021 that likely impacted some 200,000 people, according to reports by NBC News, The New York Times and other news outlets.
Cybercrime Magazine reported that global cybercrime costs are expected to grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025, according to Cybersecurity Ventures. It represents the greatest transfer of economic wealth in history.
This avalanche of cyberattacks are shaking up the IT world and raising the profile of data security experts, according to Eric Pearce, IT Architect at Nutanix.
‘If there’s one area of IT careers that’s growing more important, it’s security,” Pearce said.
Everything from intelligence services to urban infrastructure systems are at risk as more things rely on digital information technologies. Cyberattacks come in different varieties, from malware, phishing, distributed denial-of-service, zero-day exploits and business email compromise, just to name a few.
Ransomware attacks, where hackers breach data centers and hold critical information hostage, are just one disrupting national and local government agencies.
“Attackers have doubled down on ransomware and phishing -- with some tweaks -- while deepfakes and disinformation will become more major threats in the future, according to a trio of threat reports,” wrote Robert Lewis in February article in Dark Reading headlined Ransomware, Phishing Will Remain Primary Risks in 2021.
"Double extortion is the trend that attackers have gone to in 2020 because the attack circumvents the defenses, like backups and a good incident response strategy, that companies have put into place," Nick Rossmann, global threat intelligence lead for IBM Security X-Force, said in the Dark Reading article.
Rossmann said there is a natural evolution where attackers responding to companies' defenses.
“A lot of companies are moving to the cloud, so there is a lot of data there," said Rossmann. "In addition, the majority of Linux-based malware is cryptocurrency miners. So the Bitcoin market is driving attackers to move into Linux and try to exploit cloud services."
Using Common Language Across IT Teams
Evolving threats, scarcity of resources and cultural issues within IT teams can coalesce and challenge organizations. For IT practitioners, becoming proficient in security technologies and methodologies may future-proof their careers, said Pearce.
But other things can help. For one, Pearce said as cybercriminals find new ways to exploit IT systems, IT professionals need to clear the air of buzzwords and phrases that only security experts currently understand.
“It’s a frustrating point for me,” said Pearce, describing how he feels about IT security experts that don’t use language that everyone across the IT team can readily understand.
He said many IT professionals are uncomfortable admitting they do not know something. Combine this behavior with the deliberate use of language to differentiate themselves, misunderstandings can run rampant.
“Security people are self-defeating in this way,” he said. “They’ve walled themselves off with their unique terminology.”
He joked that people could make a career out of being a “security translator” of jargon such as “attack surface” and “posture assessment.”
“These need to be translated into common terminology and actions that a typical IT person would instantly recognize and know how to react quickly,” he said.
He said increasing threats make it more important than ever for the whole IT team to get on the same page so they can plan and react effectively.
“The security team typically relies on non-security IT people to actually implement their vision,” said Pearce. “When security experts use their terminology, they need to give examples and clarify the outcome they want to achieve. That gets everyone on the same page.”
Grasping Cybersecurity IT Skills
The recent SolarWinds, FireEye breaches and the hacking of a water treatment facility show how at-risk organizations are today.
The SolarWinds hack exposed many issues with government agencies using infrastructure (and components) that weren’t properly vetted before implementation. It led U.S. President Joe Biden to establish a dedicated cybersecurity office that reports directly to the White House.
For any IT professional, switching to a security role may seem daunting but there’s a growing need for these skills.
Security training is widely available at low-cost or even free. Pearce said IT professionals can extend their skills and knowledge by applying a security “lens” to them. This could open new career opportunities.
Michael Brenner is a keynote speaker, author, and CEO of Marketing Insider Group. Michael has written hundreds of articles on sites such as Forbes, Entrepreneur Magazine, and The Guardian. He speaks at dozens of leadership conferences each year, covering topics such as marketing, leadership, technology, and business strategy. Follow him on Twitter @BrennerMichael.
© 2021 Nutanix Inc. All rights reserved. For additional legal information, please go here.