The Jaw-Dropping Range of Cybercrimes is Due to the Gap in the Cybersecurity Workforce Intensive training can eliminate the human risk factor within companies, and offer a lucrative career path in cybersecurity.
Opinions expressed by Entrepreneur contributors are their own.
Cybercrime got its start in the 1970s, through criminals who impersonated phone operators and exploited computerized phone systems to steal long-distance telephone time. Since then, especially with personal computers, the Internet, and smart mobile devices in the mix, hacking became much more sophisticated. Cybercrime quickly evolved into a billion-dollar illegal industry, and an industry that doesn't discriminate in pursuit of its victims.
From government institutions to companies of all sizes, to regular people of all ages on their mobile devices, anyone and everyone can easily become a target. Most average people and small businesses feel as though they're not at risk of hacking, under the assumption that hackers only target big wigs and conglomerates. Surprisingly enough however, 43 percent of cybercrimes target individuals and small businesses. That number has jumped from 18 percent just a few years ago. After all, larger businesses are dedicating more resources toward cybersecurity, leaving cybercriminals turning to smaller businesses for a speedier win. And the results are devastating: 60 percent of small businesses that suffer a cyber attack go out of business within half a year, especially those that do not have cyber liability insurance.
The range of cybercrimes is vast, and includes the likes of DDoS attacks, malware, and phishing. It's safe to say the exploitation of internal and external vulnerabilities in popular systems has reached the point of being considered an ugly form of weaponization. A decade ago, vulnerabilities were usually found by a criminal, then incorporated into attacks. It later became common to see professional teams of criminals develop attack software. The trend now is an overlap between criminal developers and the advanced persistent threat, or nation-state actors, to create a steady stream of zero-day tools targeting specific organizations and individuals.
From individuals of all demographics, to businesses of all sizes (regardless of industry or location,) to governments, nonprofits, and everything else in between—no individual or entity is exempt from being targeted from some form of a cybercrime. People who are not trained to be able to identify, prevent, respond to, and/or recover from cyber threats and attacks are at the greatest risk of falling prey to them. In some way shape, or form, we are all the first line of defense against cyber attacks that can spread like wildfire.
An uphill battle due to human naivety
Once the damage is done, it's often too late to reverse the effects of cybercrimes. Cybersecurity Ventures projected these attacks to have caused $6 trillion in damages, and that is only with reported numbers.
That's more than the GDP of the country of Japan.
At this rate, in 2023, it is estimated that cybercriminals will steal 33 billion records containing sensitive data. Without cybersecurity knowledge and/or preventative measures set in place, it can take 196 days on average to identify a data breach.
Human naivety is often the root cause of cybercrimes. Even seemingly small mistakes, such as weak passwords, leave individuals and companies vulnerable to attacks. The far-reaching intensity of this matter can be figured when you factor that there is an average of 38.4 passwords per individual, which adds up to more than 300 billion passwords in use globally.
Perhaps surprisingly, "password spraying" is the most commonly used method for hacking accounts, and this involves taking easy-to-guess passwords and going through a list of usernames until the right combination gives access to an account. Cybercriminals had a major win in January 2020, when roughly 1.2 million Microsoft accounts were compromised because they had easy passwords and did not make use of multi-factor authentication.
This naivety can also occur on the backend, such as when record leaks take place due to ignorance paired with platform vulnerabilities. It can also take place when businesses emails are compromised, and used to dry up bank accounts.
For most companies, it is an uphill battle to combat potential cyber threats, due to the shortage of specialists in the workforce. The companies that do have cybersecurity professionals are typically understaffed. The best way to fill the cyber skills and employment gap is by reskilling the workforce and upskilling the industry with intensive training.
Cybersecurity training: helping individuals and companies alike
The number of unfilled cyber positions stands at over 4.07 million professionals, up from 2.93 million this time last year. This includes 561,000 in North America and a staggering 2.6 million shortfall in APAC. Conservative estimates by the Bureau of Labor Statistics indicate the cybersecurity sector is expected to grow by 37 percent through 2022.
In response to the shortage and need, many companies are investing in proper cybersecurity training for all their employees. Doing so provides a high return on investment for the companies, as trained professionals are better able to identify and prevent cybercrimes. And for people looking to switch careers—entry level cyber professionals enjoy a series of benefits, as it is a highly lucrative and future-proofed career path. Compared to most other positions in IT, the positions that fall within the track of cybersecurity pay exceptionally well and are very stable, especially in the increasingly digital post-pandemic world. Some of the titles that are considered entry-level (and don't even require prior experience in IT) include IT technician, Network Engineer, Information Security Analyst, Junior Penetration Tester, and Systems Administrator. Most of these roles pay six-figure salaries, much higher than many of their IT counterparts.
Intensive cybersecurity training covers far more than basic certification programs. After employees complete cybersecurity training, they become equipped with all they must know for how to identify phishing schemes and social engineering attacks, in addition to being able to identify (and avoid) suspicious links, and evade hacking attempts.
Now more than ever, we must become equipped to thwart the wide range of cybercrimes and their devastating effects by eliminating the human risk factor internally, and closing the gap in the cybersecurity workforce.