In the last few months, I have got increasingly more interested in the sphere of Cyber Security. Recent major hacks and ransomware from 2017 such as the Equifax Breach, WannaCry, and NotPetya have demonstrated the kind of impact cybersecurity breaches can have on companies and institutions.This branch of Computer Science is proving to grow in importance exponentially and every single industry is and will be affected by its development.
So what is Cyber Security really? Cybersecurity comprises technologies, processes, and controls that are designed to protect systems, networks, and data from cyber attacks. If you suffer a cyber attack, you stand to lose assets, reputation, and business, and potentially face regulatory fines and litigation – as well as the costs of remediation. One of the most problematic elements of cybersecurity is the quickly and constantly evolving nature of security risks. The majority of cyber attacks are automated and indiscriminate, exploiting known vulnerabilities rather than targeting specific organizations. In 2018, we are poised only to see more and more of these security breaches which present an opportunity for an industry to grow and many jobs to be created.
Furthermore, the regulation by different governments around the world has been quite relaxed and not really protecting the general public with appropriate legislation. This year, things are about to change, at least within the EU. The EU’s General Data Protection Regulation (GDPR) is the result of four years of work by the EU to bring data protection legislation into line with new, previously unforeseen ways that data is now used.The GDPR will apply in all EU member states from 25 May 2018. The regulation (rather than the current directive) is intended to establish one single set of rules across Europe which EU policymakers believe will make it simpler and cheaper for organizations to do business across the Union. This regulation is all about personal data. Data such as a name, an identification number, location data, online identifiers. The protection of this data which is the main target for hackers is to be covered under a fixed structure of rules that companies must comply with. Some of these rules include companies’ ability to ensure the ongoing confidentiality, integrity, availability, and resilience of systems and services processing personal data and its encryption. The ability to restore the availability and access to data in a timely manner in the event of a physical or technical incident. Finally, the process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. GDPR requires organizations to have a plan along with necessary processes and controls to detect data breaches, regularly evaluate the effectiveness of security practices, and document evidence of compliance. Companies have started asking themselves a certain type of questions on a daily basis in order to stay compliant and avoid any legal fines imposed by the regulatory bodies. Questions such as:
- Will you be able to identify and respond to a breach while demonstrating appropriate security controls?
- Are you aware of which systems and business are at risk and what kind of threats is the business facing?
First and foremost your key decision- makers and employees need to be aware of the possible threats and have the appropriate information on how to deal with them as well as how to handle the information your organization is working with. The implementation of this regulation means that there will be thousands of companies that would require at least a Data Protection officer to prepare and comply with this regulation.
Data Protection Officers must be appointed for all public authorities, and where the core activities of the controller or the processor involve “regular and systematic monitoring of data subjects on a large scale” or where the entity conducts large-scale processing of “special categories of personal data” (such as that revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, and the like).
Have you got a data protection officer? Who is a data protection officer?
Companies need to ensure that they have the right procedures in place as well as the right people to handle any issues. Here comes the great opportunity for people invested in the subject. Computer Sciences Graduates, IT professionals and enthusiast, Software Engineers or anyone who is quick enough to educate themselves and get into an industry that will experience unprecedented growth in the following years.
Why not even take it further? A career path in Ethical Hacking which compromises the main parts of the industry can be a rewarding choice that can solidify a stable employment in the future and fill a major gap in the market.
White hat hacking involves a great deal of problem-solving, as well as communication skills. A white hat hacker also requires a balance of intelligence and common sense, strong technical and organizational skills, impeccable judgment and the ability to remain cool under pressure.
What does it take to become an Ethical/White Hat Hacker? Well, Lynda has a pretty good course and outline of some basic building blocks and skillset that such professional should have:
- Starting off with Web Design and Web Development it is crucial for an ethical hacker to understand how the infrastructure and inner workings of websites work as these are one of the main entry points for the end user.
- Networking systems are the connecting point between all the users, data, systems and computers on the internet while cryptography is the gives us the key to protect it.
- Learning to use tools such as Wireshark to monitor and track the internet traffic going through your network.
- Learning programming languages such as python, scripting in bash and the basics of Kali Linux which is the go-to OS(Operating System) for hackers, pen testers, and digital forensics.
- Learning particular tools -DOS attacks, Footprinting, reconnaissance, password cracking, spyware, keyloggers, spoofing, tunneling, IDS detection, enumeration, etc.
- Finally, a number of offensive and defensive tools such as social engineering, sniffers, session hijacking, viruses, worms, trojan and backdoors and perimeter defences.
You can find Lynda’s course here . Although there is plenty of materials on youtube and all around the internet for anyone who would wish to educate themselves in this industry. Goal-oriented people could even focus themselves on getting the CEH qualification. Certified Ethical Hacker (CEH) is a qualification obtained by assessing the security of computer systems, using penetration testing techniques.
Most businesses and organizations are absolutely unprepared for this drastic regulation coming up as well as any future security breaches that may be experienced. There will be a lot of victims of both massive hacks and massive fines in the coming years where the cybersecurity threats would only increase year on year. Regulators will now have authority to issue penalties equal to the greater of €10 million or 2% of the entity’s global gross revenue for violations. If you are a tech-savvy person with spare time, loads of curiosity and potentially want to earn good money in the near future, then you should probably delve into the world of cybersecurity.