Cybercrime has never been so common and it’s now easier than ever for criminals to launch attacks. As a result of easy-to-use hacking tools, novices without programming experience can perform potentially devastating hacks.
In response to the growing demand for cybersecurity and to protect against increasingly complex attacks, security skills are in high demand. According to data from the Bureau of Labor Statistics, cybersecurity professionals earn an average salary of $116,000—nearly three times the national average.
In response to the rapidly evolving cybersecurity landscape, professionals must keep their skills sharp. These are 5 skills that cybersecurity professionals should consider investing in for 2018.
1. Cloud Security
Cloud computing has transformed the way organizations store data, use applications and manage workloads—but it’s also introduced a host of new security challenges.
The responsibility to maintain cloud security lies with the organization, not the service provider—something businesses transitioning to the cloud must realize. Organizations will also need to pivot from on-premise threats to investing in cloud security. To do this, they’ll need professionals with cloud security skills.
Threats to cloud security could include poor identity management and attackers may disguise themselves as legitimate users to secretly snoop, modify or delete data.
Insecure cloud-hosted applications are another threat to security. Most cloud services and apps use APIs to communicate. As a result, API security has a direct effect on the security of the cloud services. The potential for getting hacked increases when organizations grant third parties access to the APIs.
29 percent of businesses claim to possess a shortage of cloud security skills, according to 2017’s ISSA/ESG survey. And as businesses will continue to expand their use of cloud in 2018, demand for these skills is set to continue growing.
2. Data protection
Organizations must possess staff with the knowledge to both reduce the risk of data breaches and respond appropriately in the event of a breach.
Cybersecurity professionals should consider investing in the skills necessary to implement a sound data security strategy. Boosting data security may include utilizing encryption or implementing a need-to-know privilege policy—one long-forgotten admin account ago could be used by an attacker to compromise your data.
With the EU’s introduction of GDPR on May 25, 2018, US companies—and all companies around the world—that process personal information from EU residents must comply with the regulation or risk fines.
Cybersecurity professionals must be aware of the demands of GDPR and how it affects their role–it’s now or never to build your data protection skills. Luckily, with GDPR on the horizon, there are a number of ways for professionals to get GDPR training before the regulation is introduced.
3. Security Analysis and Investigation
The cybersecurity industry is shifting from a focus on perimeter-defense to detection and response. As a result, security professionals should consider expanding their knowledge of security analysis and investigation in 2018. This includes drilling down into digital forensic skills to identify and isolate ransomware.
33 percent of the 371 survey respondents said their organization had an acute shortage of security analysis and investigation skills, ESG/ISSA discovered in their Through the Eyes of Cybersecurity Professionals report.
4. Secure Application Development
With more organizations developing applications, including those for mobile, the importance of security cannot be understated. Security can no longer be considered an afterthought and must be baked into the development process from the beginning.
Application testing is a key aspect of application security which cannot be ignored. Without testing vulnerabilities may be left hidden, until one enterprising criminal discovers them. And instead of patching after attacks, applications must be tested during development.
Application developers should consider expanding their cybersecurity skills and cyber professionals will also benefit from a working knowledge of application security in 2018.
5. Internet of Things (IoT) Security
Powered in part by investment in smart assistants, like Amazon Echo and Google Home, the number of internet-connected devices is exploding. Research from Juniper predicts 15 billion Internet-of-Things (IoT) devices globally by 2021.
This presents a worrying picture for cybersecurity professionals; IoT devices are an easy opportunity for criminals as these devices are rarely secure. All too often, new IoT devices lack even basic security features, are not properly configured or rely on default passwords—all of which provide attackers with easy access.
Swathes of internet-connected devices have given rise to the largest botnets ever seen, used to barrage business IT services with traffic in gigantic denial-of-service attacks.
Network admins may not consider their internet-enabled printers as IoT devices and therefore potentially hackable targets. This must be a consideration for IT teams, and a basic awareness of IoT security is now essential.
Any type of IoT device could be hacked. An attack on CloudPets, creators of an internet-connected children’s toy, resulted in hackers uploading a database containing 2 million voice messages, mostly recorded by children.
New technologies and innovative exploits from attackers ensure some degree of job security for cybersecurity professionals. Focus on these skills in 2018 and employer will need your services.