Cybersecurity

The cybersecurity skills shortage has been discussed in many different ways over the recent years, but a successful hiring event held by the Department of Homeland Security has some wondering if that event was a sign of optimism or an outlier.

The Department of Homeland Security (DHS) held a two-day hiring event "aimed at filling mission-critical positions to protect our Nation's cyberspace" in July. According to a new blog post, that event garnered "over 14,000 applicants and over 2,000 walk-ins" and culminated with more than 800 candidate interviews and "close to 150 tentative job offers."

Angela Bailey, chief human capital officer for the DHS, said in a blog post that the DHS "set out to dispel certain myths regarding cybersecurity hiring," including the ideas that there is a cybersecurity skills shortage and that organizations cannot hire people "on the spot."

"While not all of them were qualified, we continue to this day to hire from the wealth of talent made available as a result of our hiring event," Bailey wrote. "We demonstrated that by having our hiring managers, HR specialists, and personnel security specialists together, we were able to make about 150 job offers within two days. Close to 430 job offers have been made in total, with an original goal of filling around 350 positions."

Gunter Ollmann, CSO for Vectra Networks, said although the event "was pitched under the banner of cybersecurity it is not clear what types of jobs were actually being filled," and some positions sounded more "like IT roles with an impact on cybersecurity, rather than cybersecurity specific or even experienced infosec roles."

"Everyone with a newly minted computer science degree is being encouraged to get in to cybersecurity, as the lack of candidates is driving up salaries," Ollmann told SearchSecurity. "Government jobs have always been popular with recent graduates that managed to scrape through their education, but would unlikely appear on the radar as interns for larger commercial organizations or research-led businesses."

Chris Sullivan, CISO and CTO for Core Security, agreed that the DHS event may not be indicative of the state of the cybersecurity skills shortage.

"It looks like DHS executed well and had a successful event but we shouldn't interpret that as a sign that cyber-defender resource problems are over. In fact, every CISO that I speak to has not seen any easing in the availability or cost of experienced resources," Sullivan said. "In addition, the medium to long term solution requires both formal and on the job training -- college curriculum is coming but much of it remains immature. We need resources to train the trainers."

Derek Manky, global security strategist at Fortinet, warned about putting too much into just a few hundred positions compared to the potentially hundreds of thousands of cybersecurity jobs left unfilled.

"The DHS numbers are relatively small compared with the overall number of unfilled positions," Manky said. "Part of the solution is to build better technology that requires less human capital to be effective and can evolve to meet shifts in the threat landscape. Additionally, the market needs to better define what skills a cybersecurity professional should hold and use these definitions to focus on efforts that can engage and develop a new generation of cybersecurity talent."

Rob Sadowski, director of marketing at RSA, the Security Division of EMC, said this event might be cause for optimism regarding the cybersecurity skills shortage.

"The experience that DHS shared is encouraging because it shows a groundswell of interest in cybersecurity careers. This interest and enthusiasm needs to continue across the public and private sector if we are to address the still significant gap in cybersecurity talent that is required in today's advanced threat world," Sadowski told SearchSecurity before hedging his bet. "The talent pool in an area such as DC, where many individuals have strong backgrounds in defense or intelligence, security clearances, and public sector agency experience contributes significantly towards building a pool of qualified cybersecurity candidates that may not be present in other parts of the country or the world."

Bailey attributed some of the success of the DHS event to proper planning and preparation.

"Before the event, we carefully evaluated the security clearance requirements for the open positions. We identified many positions that could be performed fully with a 'Secret' rather than a 'Top Secret' clearance to broaden our potential applicant pool," Bailey wrote. "We knew that all too often the security process is where we've lost excellent candidates. By beginning the paperwork at the hiring event, we eliminated one of the more daunting steps and helped the candidates become more invested in the process."

Bailey noted the most important advice in hiring was to not let bureaucracy get in the way.

"The most important lesson learned from our experience is the value of acting collaboratively, quickly, and decisively. My best advice is to just do it," Bailey wrote. "Don't spend your precious time deliberating over potential barriers or complications; stop asking Congress for yet another hiring authority or new personnel system, instead capitalize on the existing rules, regulations and hiring authorities available today."

Sadowski said rapid action is a cornerstone of an effective security program, but noted not all organizations may have that option.

"It's great that DHS has the luxury to act decisively in hiring, especially from what they saw as a large, qualified pool," Sadowski said. "However, many private sector organizations may not have this freedom, where qualified potential hires may require significant commitment, investment, and training so that they understand how security impacts that particular business, and how to best leverage the technology that is in place."

Next Steps

Learn more about how the cybersecurity skills shortage be fixed.

Find out how to live with the cybersecurity skills shortages.

Get info on why there is a delay in adopting new tech because of the skills shortage.


SearchSecurity: Security Wire Daily News

While cybersecurity positions are plentiful in most major cities, thousands of cyber positions at all levels are waiting to be filled in less populated and often more scenic locales -- and most offer a lower cost of living.

Although larger corporations usually post the most job openings, “you’re most likely to find that you’re working at a smaller company” in these smaller cities, says Tim Herbert, senior vice president of research and market intelligence at CompTIA, the Computing Technology Industry Association. But the tradeoff will be broader responsibilities and more experience, he adds. “In smaller companies you take on more responsibilities with less specialization than in a large enterprise where roles are very well-defined.”

These are the best small to midsized cities for landing a job in the security sector, according to CyberSeek, a new data-driven heat map from CompTIA that provides real-time insight on the cybersecurity job market.

[ Also on InfoWorld: 19 open source GitHub projects for security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]


InfoWorld Security

There is little question that the perpetrators of cyberthreats spend little time thinking inside the box — that’s how they stay ahead of their victims. It’s time for some out-of-the-box thinking of our own to get serious about fighting back. It’s time for the democratization of cybersecurity data.

Here is the challenge to users, organizations and security vendors alike: First, we should aggressively democratize the threat data we all have and share it securely yet freely with each other. Second, we should pivot a full 180 degrees from the accepted practice of automatically classifying, by default, all cyberthreat data. Instead, we should declassify threat data by default. Hence, the democratization of cybersecurity data.

Thinking Outside the Box

Cybercrime information sharing is nothing new. Unfortunately, the wrong people have been doing the sharing, and they have elevated the practice to a commercial art form. Cooperating and collaborating on the Dark Web, the most sophisticated cybercriminals build and peddle attack software to each other. They even have seller ratings and rankings for their malware, with the most effective earning five stars. They offer gold, silver and bronze levels of service — even money-back guarantees if the malicious efforts fail.

With thieves as organized and sophisticated as they are, it is a small wonder that estimates of their annual take in illegal profits total $ 455 billion These aren’t amateurs. The United Nations estimated that highly organized, well-funded criminal gangs account for 80 percent of breaches today.

For these and so many other good reasons, the time is now for businesses, governments and other organizations to elevate cyberthreat information sharing to entirely new levels. The public sector has initiated steps in this direction. Last year the U.S. passed the Cyber Information Security Act (CISA). Its goal is to help organizations share cyberthreat information and actual attack data anonymously and without fear of liability.

Democratization of Cybersecurity Data Dents Cybercrime

There are massive collections of cybercrime data largely kept under lock and key in individual organizations. Security vendors, including IBM, typically have the largest repositories.

Why has it been kept secret? Both security vendors and businesses tend hold onto this data for its perceived competitive value. It is valuable to some extent, but the potential gains of having that much threat data and information can be an even more formidable competitive weapon. After all, it isn’t possessing the data that yields an advantage; it’s what each organization or vendor does with it.

This kind of sharing is not new in our business. The whole open source movement that gave us Linux, OpenStack, Hadoop, Spark and so much more resulted from aggressive information sharing. It can be the same with cyberthreat data. Large-scale sharing of threat data will signal a new high water mark in fighting cybercrime.

We are walking the walk at IBM, recognizing that we were as much a part of the problem as any other business or organization. That is why IBM published all of its actionable, third-party global threat data — all 700 terabytes of it. This includes real-time indicators of live attacks.

We believe the free consumption and sharing of real-time threat data from our repository can put a sizable dent in cybercrime efforts. Think of what else we can accomplish with the democratization of cybersecurity data.

Information Sharing at the Speed of Business

As mentioned earlier, sharing is only one part of the out-of-the-box thinking we need to adopt. We have to share this information as soon as possible, not weeks or months after a major breach.

The default action today is to immediately classify such information, rendering it unshareable until it is eventually declassified. Instead, put a timeline on classification of new threat data — maybe 48 or 72 hours, no more. If no valid, justifiable case is made for continued classification within that period, release it to be shared among other organizations. The aforementioned CISA spells out methods for doing this securely so the information doesn’t fall into the wrong hands.

We must abandon the Cold War mentality that leads us to classify all information and share nothing. We are all engaged in a very hot war with cybercriminals. Speed matters when it comes to using relevant data to stop active attacks and thwart future threats. Information sharing at the speed of business can be a formidable weapon — we just need to unleash it.

Learn more about staying ahead of threats with global threat intelligence and automated protection


Security Intelligence

The 2016 presidential election put the spotlight on cybersecurity in a way that no one could have imagined ahead of time. When we looked at cybersecurity as an election issue earlier this year, the focus was on how cybersecurity policy in general might emerge as a campaign issue in relation to issues such as privacy and surveillance.

Instead, cybersecurity became a leading driver of the presidential campaign — including concerns about security posture of the election itself. In the process, the election offered many cybersecurity lessons, and a year of teachable moments about protecting data and networks.

Cybersecurity Lessons From the Campaign Trail

Most recent public and business awareness about data security has revolved around personally identifiable information (PII), especially financial information such as credit card data. Consumers fear identity theft and companies fear theft of customers’ account data.

Thanks to the presidential election, we have all learned — again — that email is insecure. It can easily be compromised and released online with potentially dramatic consequences. It is unlikely that analysts will ever be able to conclude whether controversies over email had a major impact on the election, but the very word became an effective campaign slogan.

More Than Meets the Eye

At the basis of this surprising turn are issues related to how email is secured and the consequences of email being compromised, whether it contains classified materials or merely unguarded and potentially embarrassing remarks. These considerations figured into the high-profile Sony breach of 2014, but the election brought them back into the public spotlight. The lesson here is applicable beyond just email: All kinds of unstructured data, such as social media content, is potentially sensitive and potentially vulnerable to compromise.

Similarly, the cybersecurity lessons of the 2016 election extend to the election process itself. Worries about compromised voting machines are not entirely new, but they were front and center this year. The Department of Homeland Security (DHS) also warned that state election systems were being probed and encouraged officials to share information regarding election cybersecurity.

Cybersecurity in the National Spotlight

The 2016 election ultimately went smoothly, with unexpected results but no hint of cybercrime. U.S. elections are, in fact, difficult to breach. This is partly because they are decentralized, carried out by thousands of local authorities, and partly because voting machines are simple devices and not connected to the internet, even where votes are tabulated electronically.

Nevertheless, election security has now emerged as a key component of national security policy. Although there was little formal discussion about cybersecurity as a policy issue, the 2016 election offered countless cybersecurity lessons and informed the public about the need to protect all kinds of information, not just financial or health data.


Security Intelligence

IBM Security has launched a network-emulation environment where corporate teams can play out attack scenarios so they are better prepared for incidents they might face in the real world.

The facility, called a cyber range (as in shooting range), provides a place for enterprises to practice incident-response, not only for their IT and IS staffs but also for company directors, C-level executives, corporate counsel, human resources pros, public relations staff—anyone who might be drawn into an actual cyber emergency.

[ An InfoWorld exclusive: Go inside a security operations center. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]

The goal is to give participants the feel of responding to an attack as realistically as possible so they are better prepared to face events in their production networks. Teamwork and crisis-leadership skills they develop at the cyber range can translate into quicker incident responses and therefore less expensive ones, IBM says.

Infrastructure for the range consists of racks of servers that emulate the network of a Fortune 500 company. That includes a representative mix of typical business traffic, internet queries and emails.

+More on Network World: IBM: Many companies still ill-prepared for cyber attacks+

Using VMware, IBM can reconfigure the network to fit any number of network and attack scenarios, and the facility includes 1TB of storage to house details of the scenarios. So far, the company is still working through the first scenario and plans to eventually have a dozen or more. Select customers are running through the first scenario now.

The servers can fire off actual known malware code against the emulated network, so teams running through the exercises face genuine threats. The virtual environment is designed so the malware, some of which shuts down if it discovers it is executing in a virtual environment, won’t find out.

Staff running the simulations can tune them on the fly to make the situation more or less complicated to suit the group carrying out the exercise. “We don’t want them to fail but we want them to be challenged,” says Caleb Barlow, IBM Security’s vice president of portfolio marketing.

+More on Network World: Cisco: Potent ransomware is targeting the enterprise at a scary rate+

Scenarios can be spiced up with interjections — unexpected new developments that complicate matters. For example, word might come in that a nosey reporter has gotten wind of details about the attack or that the CEO is angry about how the response is going and creating more problems than they are solving.

The range includes a TV interview studio where an actor plays a reporter who grills participants about the breach that has affected the fake business set up for the simulation. The idea is to let them know what it feels like to give such interviews and to gauge how good they are at answering the questions.

+More on Network World: Phishing scheme crimps El Paso for $ 3.2 million+

Tools — IBM’s — are available to help detect and respond to attacks.

The company hopes to have the cyber range ready for its sales people to present to customers Jan. 1, but there is already a waiting list for companies that want to play. Initially use of the facility is free, with priority given to IBM customers.    

Cyber Range occupies two floors of the company’s newly appointed global security headquarters, in Cambridge, Mass. The room includes three rows of work stations that face a wall mounted video display where participants can share views of pertinent data about the simulated attacks.

Meanwhile, IBM Security announced formation of IBM X-Force Incident Response and Intelligence Services (IRIS), a team of more than 100 incident response specialists who can be called upon to help improve security, and plan training for respondents. IRIS helps customers identify the source of attacks so they can remediate them faster.

But IRIS also advises ahead of crises in order to harden customer environments against threats and to give appropriate protections to their most valuable assets.

IBM announced its 15-year-old security operations center (SOC) in Atlanta has been overhauled. The center is the hub for IBM Security’s network of SOCs that service customers around the world.

The improvements are part of a $ 200 million investment the company says it has made this year in facilities, services and software.

This story, "IBM sets up test range to practice fighting cybersecurity battles" was originally published by Network World.

To comment on this article and other InfoWorld content, visit InfoWorld's LinkedIn page, Facebook page and Twitter stream.


InfoWorld Security

In the U.S., the post-Thanksgiving shopping blitz of Black Friday often serves as a make-or-break event for many retailers. Indeed, Black Friday is the day when retailers start to make a profit for the year.

No further explanation is needed to understand why retail cybersecurity is so important. Since the arrival of the browser, online shopping has evolved. In 2005, the National Retail Foundation (NRF) coined the term Cyber Monday to describe the Monday after Thanksgiving and Black Friday, and over the years it has evolved into a major concern for security-conscious businesses.

Retail Cybersecurity Is a Big Deal

According to Practical Ecommerce, the 2015 shopping weekend saw billions of dollars of sales, of which more than $ 10.4 billion was attributed to in-store sales and $ 5.77 billion to online sales. Meanwhile, comScore reported nearly $ 70 billion in desktop and mobile online sales between Nov. 1 and Dec. 31, 2015.

Everyone knows that criminals follow the money. Before the internet, we read about robberies of brick-and-mortar establishments. Now, with an anticipated $ 70-plus billion in online sales in just a 60-day period, we find that criminals have adjusted and moved online. In 2014, the number of daily attacks decreased during the timeframe surrounding Black Friday and Cyber Monday. Similarly, 2015 saw no major upticks in cybercrime, though small and medium-sized businesses found themselves in the bull’s-eye.

Verizon’s “2016 Data Breach Investigations Report” noted that “around 90 percent of all security incidents in the retail sector involved denial-of-service (DoS), point-of-sale (POS) or web app attacks.” The report explained that it took 79 percent of the organizations weeks or more to recognize that a crime occurred. In contrast, the holiday shopping period lasts for only eight weeks.

Passing on Passwords

Retailers should update their technologies. Security experts have been imploring retailers to move away from password-only environments. A 2012 Institute of Electrical and Electronics Engineers (IEEE) paper titled “The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes” describes the ongoing, decades-old struggle to replace passwords with other authentication tools.

We asked John Haggard, chief executive officer (CEO) of Nymi and a global authority on authentication, for his thoughts on how retailers might protect themselves and, by extension, their customers. Here’s what he had to say:

“The single biggest corrective step a organization can make to secure its environment is to ensure all identities, including employees, partners, customers and especially machines, are correctly authenticated. This sounds simple, but it is incredibly difficult to break the addiction to passwords that is the current champion of authentication.

“What’s worse, the industry is getting organizations hooked on the multifactor alternative, which is arguably worse in today’s environment. With passwords, everyone knows the problem. With one-time codes, organizations believe they have plugged the hole when in fact they haven’t. Despite this warning, organizations should set a key objective that simply states, ‘Authenticate correctly and effortlessly.’

“This likely will never be solved 100 percent for any given period of time, therefore a constant evaluation of the authentication position can be captured by reviewing the data on incorrect authentications. A full 63 percent of breaches can be traced back to this issue, according to the Verizon study. The name of the game is to reduce the attack profile while preserving productivity.

“Passwords are in the red (as in your blood red), one-time passwords (OTPs) are yellow/red and Fast ID Online (FIDO) authenticators are green. Start by setting the objective and developing discipline to understand issues and then support vendors that are trying to help you get there. You get to give feedback and request/demand improvements — staying stuck isn’t a good strategy.”

POS systems are a primary area of concern. Every retailer should separate its POS infrastructure from its corporate infrastructure. Tripwire recommended including monitoring and two-factor authentication for all users accessing the POS environment in addition to segregating the infrastructure.

This begs the question, would retailers know if their POS infrastructure was compromised? Do they have a plan to respond to indicators of compromise? Does your response plan affect your ability to conduct commerce?

Customer Trust and Engagement

The NRF created a comprehensive playbook for its members that highlighted three key areas in which retailers need to focus: trust, community and anticipation. Customers will quickly lose trust in retailers that don’t focus on securing their environments and technologies.

How retailers engage their customer will speak volumes to how seriously they take security. Are you asking the customer to provide data that you are not able to protect? Do you send emails containing hotlinks to get your customer to click and buy? Do your privacy and terms of service statements clearly articulate how you protect customers’ data? Can customers quickly engage with your support teams if they report cybercrime? Are your support teams trained to handle social engineering attempts to access customer accounts?

Improve Online Habits for the Holidays

First and foremost, only deal with retail organizations you trust. Understand how they operate. More importantly, understand that every entity can be spoofed in email or online.

Practice good online hygiene as part of the overall retail cybersecurity solution. Resist the urge to click on Cyber Monday coupons in emails — type the URLs into your browser window instead. Ensure your devices are up to date with both your security suite and your operating system. Download apps only from trusted environments.

We asked Rebecca Herold, The Privacy Professor and industry thought leader on privacy, what consumers can do to protect their online engagements. Not surprisingly, her advice addressed the need for authenticating yourself with the vendor.

“Use two-factor authentication wherever it is offered,” Herold advised. “This way, if a password is one of the factors and the password file gets hacked, that second factor will help to prevent unauthorized access into your accounts.”

Speaking of passwords, remember to use a unique password for every online account. It sounds cumbersome, but give it some thought. If you reuse passwords and the password file of the company with the least secure infrastructure is compromised, then your user ID and password combination are the keys to all your other accounts, especially for those that lack two-factor authentication.

The holiday season is upon us. Make it a joyous occasion by keeping your company, customers and yourself safe online.


Security Intelligence

Thousands of security professionals flock to cybersecurity conferences such as RSA Conference and Black Hat, but...

what is the value of conferences to CISOs? Are any cybersecurity conferences more valuable than others for hiring and security strategizing?

Cybersecurity conferences have become a lucrative business for the organizers, the venues and the vendors that seek face time they would not otherwise have with participants. Multi-track, multi-session conferences introduce new concepts and approaches, and can provide a refresher in a particular topic. They can also be a means to comply with continuing professional education credits for maintaining a certification. Conferences do not help security professionals develop proficiency in any particular topic since the sessions are typically 50 to 90 minutes long. Even more technical seminars that include hands-on training for a certification do not replace actual on-the-job experience.

Thousands of people attend the RSA Conference, Black Hat, DEFCON and ISACA conferences. The majority of those who attend are professional cybersecurity practitioners, auditors, cybersecurity consultants, vendors and developers. But should the CISO attend or should she be satisfied with sending staff and focusing on those skills they deem necessary for their development?

CISOs are key targets for cybersecurity vendors. They will receive numerous calls and emails per day from vendors touting the best products and services in the market for their needs. Vendors will offer to pay for luncheons, free demos of their product, and even pay for a flight to their headquarters to try out their product and visit with key vendor staff and management. But, over time, the CISO will have most of her calls screened. Cybersecurity conferences are the perfect place for vendors to meet CISOs they would have otherwise had a difficult time meeting.

Most cybersecurity conferences will have CISO luncheons or special events for CISOs by invitation only. Free conference registration for CISOs is also likely. But is this of any value to the CISO? Of course they can and should be valuable. Cybersecurity conferences are a great opportunity for CISOs to become aware of new technologies, new cybersecurity protection and monitoring tools, and to network with other cybersecurity professionals and other CISOs.

CISOs need training just like anyone else. This training should not just cover how to be a better CISO, but should also include technical training to help better manage projects in the enterprise. However, the last thing a CISO wants is to get railroaded during vendor fairs by those whose calls she has purposely avoided -- which can be hundreds during a given month. The CISO can sometimes be a bit of a celebrity at these conferences. Vendors stumble over themselves to greet the CISO and grab whatever amount of time they can to introduce their product or service.

Another question is whether cybersecurity conferences are good venues to meet and identify potential candidates for hire. Unless the CISO happens to meet someone she likes, most cybersecurity conferences are geared toward providing education and vendor exhibits, not for hiring.

Regardless of the aim, CISOs should attend these conferences. They should go to keynote addresses, sessions of interest and the vendor fairs. CISOs can blend into the crowd of attendees if they do not want to be noticed, but they should attend the CISO luncheons to meet other CISOs and exchange business cards. Cybersecurity conferences are a good opportunity for CISOs to earn their continuing professional education credits. However, they should not feel obligated to have sponsoring vendors visit or have a proof of concept done unless there is a particular value.

Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)

Next Steps

Learn how to hire for specialized cybersecurity positions

Check out the pros and cons of untraditional security staffing

Find out more about the changes in CISO responsibilities

This was last published in November 2016


SearchSecurity: Security Wire Daily News

Meet Apache Spot, a new open source project for cybersecurity

The Apache Spot project was announced at Strata+Hadoop World on Wednesday, Sept. 28, 2016.

Credit: Katherine Noyes

Hard on the heels of the discovery of the largest known data breach in history, Cloudera and Intel on Wednesday announced that they've donated a new open source project to the Apache Software Foundation with a focus on using big data analytics and machine learning for cybersecurity.

Originally created by Intel and launched as the Open Network Insight (ONI) project in February, the effort is now called Apache Spot and has been accepted into the ASF Incubator.

[ Also on InfoWorld: 19 open source GitHub projects for security pros. | Discover how to secure your systems with InfoWorld's Security newsletter. ]

"The idea is, let's create a common data model that any application developer can take advantage of to bring new analytic capabilities to bear on cybersecurity problems," Mike Olson, Cloudera co-founder and chief strategy officer, told an audience at the Strata+Hadoop World show in New York. "This is a big deal, and could have a huge impact around the world."

Based on Cloudera's big data platform, Spot taps Apache Hadoop for infinite log management and data storage scale along with Apache Spark for machine learning and near real-time anomaly detection. The software can analyze billions of events in order to detect unknown and insider threats and provide new network visibility.

Essentially, it uses machine learning as a filter to separate bad traffic from benign and to characterize network traffic behavior. It also uses a process including context enrichment, noise filtering, whitelisting and heuristics to produce a shortlist of most likely security threats.

By providing common open data models for network, endpoint, and user, meanwhile, Spot makes it easier to integrate cross-application data for better enterprise visibility and new analytic functionality. Those open data models also make it easier for organizations to share analytics as new threats are discovered.

Other contributors to the project so far include eBay, Webroot, Jask, Cybraics, Cloudwick, and Endgame.

“The open source community is the perfect environment for Apache Spot to take a collective, peer-driven approach to fighting cybercrime,” said Ron Kasabian, vice president and general manager for Intel's Analytics and Artificial Intelligence Solutions Group. “The combined expertise of contributors will help further Apache Spot’s open data model vision and provide the grounds for collaboration on the world’s toughest and constantly evolving challenges in cybersecurity analytics.”

The shortage of trained cybersecurity professionals is a global challenge, and India is no stranger to the situation. An alarming 87 percent of respondents to ISACA’s “2015 Global Cybersecurity Status Report — India Data” admitted India is facing a severe cybersecurity skills gap, whereas only 41 percent felt prepared to fend off sophisticated cyberattacks.

The National Association of Software and Services Companies (NASSCOM) estimated that India will need 1 million cybersecurity professionals by 2020 to meet the demands of its rapidly growing economy. Demand for security professionals will increase in all sectors due to the unprecedented rise in the number of cyberattacks. Despite having the largest information technology talent pool in the world, India is highly unlikely to produce an adequate number of professionals to close the cybersecurity skills gap.

Skills Shortage Exposes Indian Businesses

The cybersecurity skills gap is ever widening due to the fluid nature of threats, innovative new cybercrime techniques, a lack of formal training and, most importantly, a lack of awareness about careers in cybersecurity. This scarcity exposes Indian businesses to cyberattacks and reduces their ability to quickly respond to complex threats. In the long run, the skills gap may discourage Indian companies from implementing new technologies or making new investments.

The shortage of cybersecurity professionals is also pushing up the cost of hiring experienced cybersecurity staff and forcing Indian businesses to increase their cybersecurity budgets. The “Global State of Information Security Survey 2016” from PwC reported a 117 percent increase in cyberattacks in India and a 71 percent increase in budget.

High Stakes for India

Because several global IT corporations operate in India, the cybersecurity skills gaps also impacts the global economy at large. The IT sector is one of the major employment generators in India, employing over 2.5 million people. A major breach could significantly jeopardize future growth within this critical IT sector.

NASSCOM launched cybersecurity training initiatives in collaboration with key IT companies. Along with the Data Security Council of India (DSCI), it launched a new Cyber Security Task Force (CSTF) to improve the supply of trained cybersecurity professionals. However, it will take some time before the CSTF starts making an impact on the ground. And it’s but a drop in the ocean given the escalating onslaught of cyberattacks that the Indian government and local businesses are facing.

Cognitive Security Bridges the Cybersecurity Skills Gap

While promoting cybersecurity education can help address the skills gap to some degree, it will not be enough to address rapidly multiplying cyberthreats. Luckily, Watson for Cybersecurity can help offset the skill shortage in India.

Watson for Cybersecurity is a first-of-its-kind, cloud-based cognitive technology. It’s trained to reason and learn from unstructured data — or 80 percent of all data on the internet that traditional security tools cannot process, including blogs, articles, videos, reports, alerts and other information.

“By leveraging Watson’s ability to bring context to staggering amounts of unstructured data, impossible for people alone to process, we will bring new insights, recommendations and knowledge to security professionals, bringing greater speed and precision to the most advanced cybersecurity analysts and providing novice analysts with on-the-job training,” said Marc van Zadelhoff, general manager of IBM Security.

Watson can empower cybersecurity professionals with superior capabilities and help them become more efficient. As Caleb Barlow, vice president of IBM Security, aptly told Fortune, “It’s not about replacing humans, but about making them superhumans.”

Discover how Cognitive Security can help bridge the Cybersecurity skill gap


Security Intelligence

Heading into the first presidential debate, 58 percent of Americans feel the presidential candidates are not paying enough attention to cybersecurity, according to LifeLock.

cybersecurity presidential candidates

The results of the survey, conducted online Sept. 9-13 by Harris Poll among more than 2,000 U.S. adults, come as hacked emails from the personal accounts of public officials, most recently former secretary of state Colin Powell, continue to draw headlines.

In fact, more Americans believe they are likely to become a victim of a data breach (39 percent) than catch Zika (8 percent) in the next 12 months, according to the survey.

Older Americans (age 65+) are more likely than younger adults (age 18 – 34) to believe that they are likely to have their personal information compromised in a data breach in the next 12 months (43 percent vs. 34 percent).

The survey also asked Americans about the perceived threat of foreign-government hackers and found 60 percent of Americans are worried about foreign-government sponsored cyberattacks.

The majority of Americans (70 percent) said the U.S. government should be responsible for protecting their personal information. More than half (54 percent) think the U.S. government should spend more on cybersecurity, while only 44 percent say we should spend more on national defense.

The vast majority of Americans (96 percent) agree that it’s important for companies like retailers and financial institutions to make every effort to protect their personal information. And 92 percent also acknowledged that it is ultimately their own responsibility to ensure their personal data is secure.


Help Net Security