Steve On Cyber

THE BUSINESS OF CYBERSECURITY

Q4 2017

Steve Morgan is the founder and Editor-In-Chief at Cybersecurity Ventures. His blogs and articles on cybercrime and cyber defense can be seen at CSO, Entrepreneur, Forbes, IDG, and others. View all of Steve’s stories.

TOP STORY

Top 5 cybersecurity facts, figures and statistics for 2017

Predictions and observations provide a 30,000-foot view of the cybersecurity industry

Steve Morgan, CSO Contributor

Oct. 19, 2017

This story was originally published on CSO.

These top level numbers summarize the cybersecurity industry over the past year and indicate what’s in store for the next five years.

What does it all mean? In 2015, Ginni Rometty, IBM’s chairman, president and CEO, said, “Cyber crime is the greatest threat to every company in the world.” And she was right. During the next five years, cyber crime might become the greatest threat to every person, place and thing in the world.

Billionaire businessman Warren Buffet takes it a step further and says that cyber attacks are the number one problem with mankind, even worse than nuclear weapons.

Read the full version of this story at CSO.

Want more like this? View all of Steve’s stories.

grayfooterline

Q3 2017

Steve Morgan is the founder and Editor-In-Chief at Cybersecurity Ventures. His blogs and articles on cybercrime and cyber defense can be seen at CSO, Entrepreneur, Forbes, IDG, and others. View all of Steve’s stories.

TOP STORY

Cybersecurity headhunter shares 10 secrets from Black Hat 2017

A security industry job recruiter goes undercover at the Black Hat 2017 Conference, and tells about it.

Steve Morgan, CSO Contributor

Aug. 4, 2017

This story was originally published on CSO.

Recruiting cybersecurity talent has never been more difficult. Cybersecurity Ventures predicts there will be 3.5 million unfilled cybersecurity jobs by 2021, and the unemployment rate is holding steady at zero percent.

Thousands of security-minded professionals gathered under one roof at the popular Black Hat USA 2017 Conference last week in Las Vegas. Recruiters from executive search firms, large organizations, and technology vendors were busy networking with the hacker crowd.

One security industry headhunter who attended Black Hat—speaking on the condition of anonymity—divulged some of the goings-on and his observations taken away from the exhibit hall and private rooms.

10 cybersecurity hiring insights from Black Hat

  • It’s a candidate’s market, and experienced cyber pros are holding out for pay packages that are 15 to 20 percent more than what most employers are offering.
  • Ex-cyber military experts are in hot demand by large commercial enterprises, but they’re more inclined to join firms led by other military men and women.
  • Colleges and universities are not turning out enough cybersecurity graduates to make a dent in the current openings for information security analysts and other entry-level jobs in our field.
  • Newbies to cybersecurity crossing over from IT positions are having a difficult time transitioning into their new roles due to a lack of real-world experience and subject matter expertise. This is leading to unexpected turnover at some organizations that have high threat levels.
  • Some large corporations are publicly stating they won’t hire black hat hackers, but privately they say they’re open to “rehabilitated” bad cyber guys and gals turned good.

Cybercrime damages are predicted to cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. The world is expected to spend more than $1 trillion cumulatively over the next five years on cybersecurity products and services aimed at combating hacks and breaches.

HR chiefs would be wise to add one more line item to their budgets to help cyber defend their enterprises: sending recruiters to security conferences.

Read the full version of this story at CSO.

Want more like this? View all of Steve’s stories.

grayfooterline

Q2 2017

Steve Morgan is the founder and Editor-In-Chief at Cybersecurity Ventures. His blogs and articles on cybercrime and cyber defense can be seen at CSO, Entrepreneur, Forbes, IDG, and others. View all of Steve’s stories.

TOP STORY

Cybersecurity labor crunch to hit 3.5 million unfilled jobs by 2021

The cyber crime epidemic is expected to triple the number of open positions over the next five years

Steve Morgan, CSO Contributor

Jun. 6, 2017

This story was originally published on CSO.

A new report out from Cybersecurity Ventures estimates there will be 3.5 million unfilled cybersecurity jobs by 2021, up from 1 million openings last year.

Employment figures from the U.S. and India highlight the cybersecurity labor crisis.

In 2017, the U.S. employs nearly 780,000 people in cybersecurity positions, with approximately 350,000 current cybersecurity openings, according to CyberSeek, a project supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce.

The current number of U.S. cybersecurity job openings is up from 209,000 in 2015. At that time, job postings were already up 74 percent over the previous five years, according to a Peninsula Press analysis of numbers from the Bureau of Labor Statistics.

At this rate, the U.S. is on pace to hit a half-million or more unfilled cybersecurity positions by 2021.

The National Association of Software and Services Companies (NASSCOM) recently estimated that India alone will need 1 million cybersecurity professionals by 2020 to meet the demands of its rapidly growing economy.

Demand for security professionals in India will increase in all sectors due to the unprecedented rise in the number of cyber attacks, according to NASSCOM. Despite having the largest information technology talent pool in the world, India is highly unlikely to produce an adequate number of professionals to close the cybersecurity skills gap.

“Every IT position is also a cybersecurity position now” according to the Cybersecurity Jobs Report, 2017. “Every IT worker, every technology worker, needs to be involved with protecting and defending apps, data, devices, infrastructure, and people.”

If that’s true, then the cybersecurity workforce shortage is even worse than what the jobs numbers suggest.

Read the full version of this story at CSO.

Want more like this? View all of Steve’s stories.

grayfooterline

Q1 2017

Steve Morgan is the founder and Editor-In-Chief at Cybersecurity Ventures. His blogs and articles on cybercrime and cyber defense can be seen at CSO, Entrepreneur, Forbes, IDG, and others. View all of Steve’s stories.

TOP STORY

Teenage hackers beware: Don’t do the cybercrime if you can’t do the jail time

The old adage “Don’t do the crime if you can’t do the time” applies to young cybercriminals.

Steve Morgan, CSO Contributor

Feb. 7, 2017

This story was originally published on CSO.

The latest Hack Blotter features a garden variety of cyber perps who’ve been investigated, apprehended, arrested, and/or convicted.

Local U.S. law enforcement agencies are devoting more resources to cybercrime in an effort to prosecute cybercriminals. Atlanta and New York are the latest cities to invest into new cybercrime units and labs.

International authorities are also stepping up arrests and convictions of hackers.

Some teenagers are learning the hard way that cybercrime doesn’t pay.

Hack Blotter:

  • Nine teenaged hackers associated with Anonymous hacktivism were arrested in Thailand.
  • A 17-year-old was sentenced to 12 months rehabilitation after hacking British telecom (as a 16-year-old). The hack was done with an iPhone.
  • Another 17-year-old was sentenced to four years in Massachusetts state custody for leading a group of villainous hackers.
  • A 19-year-old Australian was arrested for hacking the air traffic control system at Tullamarine Airport – which caused one plane to abort its scheduled landing.
  • Police arrested an 18-year old in Wales – in conjunction with the TalkTalk hack.
  • It was reported that a former teen Canadian hacker is serving a four-year prison sentence for hacking U.S. federal agencies.
  • Thirty-four suspects – many of them teenagers – were arrested in 13 countries in a massive DDoS-for-hire-scam.

Cybercurious teens ought to think about putting their tech skills to better use – such as attending a Hacker High School program.

Young people beware – there’s no such thing as cyberjail, only real jail with real criminals.

Read the full version of this story at CSO.

Want more like this? View all of Steve’s stories.