BlockchainBTM’s CTO, Andre Szykier is a cybersecurity professional with over 20 years in the space. He discusses here the growing need for dedicated professionals in this ever-changing industry.
Cybersecurity is an Evolving Target
Cybersecurity is an evolving target impacted by the very nature of how people and IT systems communicate using the Internet and wireless services. From the late 70s until 2000, the focus was on server-side security in centralized systems connected to computer devices. The emergence of wireless handheld phones, today known to as smartphones, has led to the capability of processing diverse tasks in the form of embedded application software, at the edge. Today, computer-based services are no longer dependent on a client-server architecture; it’s now all about mobile computing in a peer to peer network. This introduces myriads of ways to penetrate and inject malware into software.
Multiple Points of Attack Require More from Experts
The traditional approach to managing server-side security is no longer enough to guarantee detection and avoidance of hacks to data stores and applications. Security trained experts now have to address multiple points of attack. Mobile wireless operating systems, network traffic inspection and redirection, server system types such as Unix and its variants or Microsoft OS, mobile OS frameworks such as Android and iOS and distributed data storage across public and hybrid clouds.
For any security consulting group or expert to claim a deep understanding of this environment is nonsensical – it is too complex. Existing training courses target subsets of the security challenges but there are few experts that offer a holistic view of how to handle the forensics of data protection given the growth of non-centralized IT. More important are the qualifications of trained cybersecurity personnel, up to now garnered from the ranks of computer trained people.
Why Finding Well-Trained Professionals in Cybersecurity is a Challenge.
Cybersecurity requires more than just knowing about operating systems, network protocols encryption schemas and authentication methods. There is also a big gap in understanding the social determinants behind bad actors attempting to compromise security. For example, embedding malware in a point of sale terminal (Target), forging identities for online banking (HSBC) or stealing cryptocurrency from an exchange (MtGox) are all examples with little overlap on tactics used by attackers. There is a need for multi-disciplinary teams whose training spans more than just computer knowledge and should now include pattern recognition, data science algorithms, machine learning, psychology, and understanding global group behavior social customs.
The constant undetected extraction of hundreds of millions of account holder information from dozens of major corporations is a systemic problem but this is just the most obvious reported example. As the Web moves to peer to peer applications without a central point of processing, the existing methods for cybersecurity fail. As communications becomes less human to human and more machine to machine (IOT), cybersecurity methods that exist today are inadequate.
Attracting the right people to cybersecurity faces a problem of understanding more than the technical issues. A better knowledge of the behavior of those attacking the digital world of data management is paramount. Especially since attackers can come from anywhere in the world.