What a Million Job Openings in Cybersecurity Means for Your Business

2016 saw a lot of discussion around the topics of state sponsored hacking, government surveillance and digital transformation. A broad term to group these discussions could be cybersecurity – once a fledgling field of minimal expertise usually undertaken by network engineers as a side job.

That was a decade ago, because as of now the industry is worth around US$ 75 billion and that is forecast to grow to US$ 170 by the year 2020. Where cybersecurity was once reserved for tech companies with a plethora of online representations, it is now an element of business in every market, country and sphere of life.

As the world as a whole has undergone the ‘digital transformation’, forcing companies to evolve and change their corporate culture, cybersecurity now affects everyone, everywhere. The importance of cybersecurity can be highlighted by discussions in the SEC to require public companies to disclose information about their cybersecurity measures and even if any of their directors have extensive experience in cybersecurity.

The boom in this highly technical and skilled industry has followed previous tech booms in how the demand for the skills needed for cybersecurity has far outweighed the supply of those skills from universities and colleges. Institutions of education and even the government are left playing catch up to try and fill vacancies in a wide-open cybersecurity market.

The pull of high paying, stable jobs with huge possibility of upward mobility has done and will continue to do little to solve the problem as a ‘one graduate, one job’ approach will fall far short of the number of openings in the field. It is estimated that globally, in 2017, there are 1 million job openings in the cybersecurity field, with over 200,000 of those in the US alone.

What has caused the dramatic vacancies and lack of skills?

It is hard to blame any one person or any one institution for not foreseeing the meteoric rise of the cybersecurity market and the demand for skills this rise will have because the technological space is notoriously fast-moving and unpredictable.

The cyclical nature of jobs/skill supply will always lag the industry as a whole. This was seen in financial jobs in the early 2000s and in the greater tech space at the same time. Cybersecurity was previously seen as a branch under the broader tech sphere, which meant that companies would delegate cybersecurity responsibilities to their software engineers, web designers and general technological analysts.

Only recently has the demand for highly specialized jobs in cybersecurity come to the fore. In the past, the digital footprint of companies was largely limited to their websites and maybe some sort of ERP that they used internally, but now digital touches all parts of the company. Employee data, customer data, transactional data and proprietary research all have to be secured and protected from the rising tide of hacks and breaches.
The demand for these jobs is spurred by this digital shift that has come across all companies at a similar time. All the way from low level analysts to senior advisors and even Chief Information Officers, the vacancies are obvious.

What this means for business

Businesses across the world are struggling to fill all levels of jobs, with higher levels proving to be particularly hard because of the lack of industry experts in a relatively new field. This has driven up median entry level salaries to around US$ 80,000 and mid-level jobs to just over US$ 100,000. This should help attract more college students and computer science majors to enter the field of cybersecurity but will not solve the problem alone.

Government initiatives aimed at raising awareness and excitement about the field have been started at a high school level. By increasing young people’s exposure to cybersecurity and the prospects of this fast-growing and developing market, they aim to generate an organic growth in job seekers.

Business initiatives are largely aimed at clearly defining and clarifying the roles and responsibility of positions within companies for cybersecurity. This will better help differentiate the jobs from other tech-related jobs and help raise awareness about the potential of a career in cybersecurity.

Biometrics Will Replace Passwords – This Is Why It’s Not Good News

It’s always been incredibly hard to imagine a world without passwords. You need one to get onto your phone, access your emails, log onto your work server, check your Facebook, Instagram, snapchat or anything else that contains vaguely sensitive or personal information.

Since the inception of the internet way back when, passwords have become commonplace in everyday life – and so have their benefits and hindrances. Let’s be honest with ourselves – we’ve all forgotten our password before.

But as the technology world rapidly evolved from massive computers to smartphones and email servers to the Internet of Things, why have passwords – a legacy technology in many ways – remained so prevalent?

In very recent times we have seen the rise of biometrics as an alternative to typing your first cat’s name or ‘123456’ into a textbox, and it seems inevitable that they represent the future. In the short space in which biometric technologies have come to consumers they have become widespread, largely because of their use in smartphones made by the giants like Apple and Samsung.

650 million people are said to have used biometrics on their smartphones in 2015 and that number is set to grow exponentially as smartphone use grows and the implementation of biometric technology on them become more prevalent. As of now, fingerprint scanning technologies, such as Apple’s proprietary Touch ID, are the most common form of biometric authentication used in smartphones. From its initial use as a means of unlocking the phone to the set-up of Apple Pay and eventually on 3rd party apps, fingerprint access seems to be the natural solution to the old and annoying password.

The issue with legacy passwords

Most of us will have noticed the progression from fairly lax password requirements to the stringent one’s of today that require a capital letter, number, symbol, punctuation and must be at least 20 characters long. The task becomes even harder when we are recommended to use different passwords for different platforms, resulting in a copious amount of jumbled up letters and numbers that have to be remembered.

Some technologies, such as Apple’s iCloud, allow you to store very secure and long passwords on their servers which you can access with one single password. But that seems to defeat the point of having multiple passwords in the first place!

Our fixation with using memorable and similar passwords for all accounts has contributed to the rise in large-scale hacking and breaches of data that have become a daily occurrence in 2016.

So are biometrics the solution?

It’s easy, fast (most of the time) and secure – so what’s the problem?

Well, first we have to recognise that biometrics are not simply fingerprint scanning technologies, but instead represent a wide range of authentication methods including iris scanning, facial recognition, voice recognition, heart rate detection and even typing habit recognition.

Each of these technologies rely on a unique identifier that only we have. The problem is that the unique identifier is also the only one we have. We cannot change our fingerprint (easily) nor can we get a new face, voice, eyes or heart rate. Because the identifiers are so unique, if they are ever hacked or stolen, there is not much we can do to prevent their use other than to scrap that method of authentication completely.

Passwords can be changed in an instant, but if someone hacks a database and can make copies of your fingerprint – what then? Do you go back to arcane passwords or try a new biometric?

So, what do we do?

Don’t get me wrong, biometric authentication is sure to be the future of password technology and as of now, it is hardly profitable for any criminal to steal and replicate your fingerprint. But what we must understand is that biometrics do not solve all the problems of regular passwords, and even create some of their own.

We must not become complacent and think that our fingerprint-secured phone and bank accounts are impenetrable, but we must rather think of new and improved ways to make the likelihood of hacking and data breaches so improbable that they never even happen.

Why You Should Worry About Pokemon Go

Have you given any real thought to the game, Pokemon Go? The trend has not settled as players continue the craze of hunting down this character. While the game may seem harmless on the surface, some people think Pokemon Go has some dangers that players should consider.

The fact that Pokemon Go brings a crowd of people, not just kids, to a particular place and time simultaneously, is a tremendous reason why you should worry about Pokemon Go, especially when playing the game at night. It makes you question who else is playing a game… possibly lurking in the darkness while you stand there focusing on capturing this little cartoon-like creature.

Why worry about Pokemon Go?

Perhaps, we should be thankful to Nintendo and to those who are directly responsible for pursuing this activity as it brings families together and gets them out of the house. It’s a free interactive application that you play using a smartphone. Pokemon go is simple to use and it’s actually amusing, so what’s not to love about it?

Hunting down Pokemon could mean you need a tracking device to find out where the location is. Often times, these hot spots are close enough that you could walk or run to the next position. In the world of Pokemon Go, this is beneficial for the player and it means winning, however just as you are able to use a tracking system, so are others. If you are in a position where your phone’s security and individual trust are issues, can you see why you should worry about Pokemon Go?

The release of Pokemon Go

Upon its release, Pokemon Go signed over 10 million users in as little as seven days. Who knew it would break records? By the end of July 2016, the daily average of users outnumbered those who use Twitter, WhatsApp, Instagram, Facebook and Snapchat. What’s more exciting is that the companies took in over $75 million due to in-house purchases such as Poke Balls, but here are the facts that you should worry about.

Also at the time of launching, Pokemon Go players gave Google, Nintendo and Niantic access to their personal data, possibly without realizing it could have an adverse outcome. When you give thought to this revelation, you become aware of the real dangers around this game. Maybe the person prowling isn’t after you or your loved ones, but rather something else.

Think about all of the personal information found on your phone. We store pictures, emails, text messages, address and phone numbers of customers, clients, organizations, attorneys, physicians and government officials even, on our phones… it’s all in there.

With your permission

In the beginning, when someone would sign up for Pokemon Go using Google, they also consented to give Nintendo and Niantic total access to their accounts and personal data. This meant social profiles were at risk as well. A person’s web search history and location were visible long before the user played one, single game.

This was an oversight and error, which received prompt attention. Management verified this glitch and immediately went to work submitting an email assuring users that only basic profile information was being used or collected. Subscribers need not do anything but keep playing.

Designers, fakes, and phonies

Not only was there a glitch in Pokemon’s registration, but some people are making their own versions of this game and are infecting hundreds of individuals with viruses that could harm the user. Pokemon Go entertains around 21 million US users per day, according to a survey completed in July 2016. With this in mind, users should be careful to only download directly from the official site and not from a third party. Do not involve yourselves in applications, which are not affiliated with Google, Apple or Nintendo.

For additional safety, we recommend that parents join their children when playing this game. The more adults participate, the more they are familiar with how you play the game, how people view it and the possible risks.

The associated risks

The truth of the matter is that at least 11,000 people have suffered injuries at the hands of Pokemon Go, but when a group of evil minds gets together disaster strikes. This is such the case with one unsuspecting teen when his lifeless body was recovered by authorities. Another gang robbed a bunch of Pokemon addicts by luring them to a specific location or “Pokestops.” This, people, is why you should worry about Pokemon Go.

To lessen the risks of foul play, only go out with a group of responsible friends and only go to those places that are familiar to you and your party. Do not go out at night. Pokemon Go is a game and it’s not that serious. Be fully alert, sober and aware of where you are or where your loved ones are at all times. Pay attention to where you are going and if something doesn’t feel right, leave! Your gut instinct is your best advisor, so listen to it. Please, don’t be a statistic… refrain from playing Pokemon and driving.

The Overview of the New SMTP Strict Transport Security Mechanism

The new standard has policies and rules set up for mail service providers to establish encrypted email communications.

E-mail is an important tool for many, but it is widely recognized that it is not always as secure as it could be with a risk of user connections to email servers being intercepted by attackers. In response to this vulnerability, Microsoft, Yahoo, Comcast, LinkedIn, 1&1 Mail & Media Development & Technology, and Google published a new draft security standard on March 18th 2016 called SMTP Strict Transport Security (STS). The draft was published to be considered as an Internet Engineering Task Force (IETF) standard. This effort marked the coming together of engineers from some of the world’s most prestigious e-mail providers with a vision of improving email security.

So how does this standard differ from Simple Mail Transfer Protocol SMTP which is the current prevailing standard? SMTP was established in 1982 and at the time was not produced with any encryption option. SMTP is used as a method of moving e-mail messages between e-mail servers and email clients, and between the providers themselves. SMTP does not require end users to connect using a secure connection to mail servers. In 2002 an extension was added to the protocol as a way to integrate Transport Layer Security (TLS) with SMTP connections. The extension was not widely adopted and therefore e-mail traffic remained mainly unencrypted which clearly has posed a significant security risk.

This risk came to the forefront of people’s minds in 2013 when Edward Snowden, a former US National Security Agency employee, leaked documents that exposed widespread surveillance of e-mail communications by a number of intelligence agencies globally. The US and UK government agencies were exposed as being involved which attracted a huge amount of public and media interest. In 2014, Facebook did some research and found that 58% of notification e-mails it sent to users passed a STARTTLS encryption. This had increased to 95% by August 2014. STARTTLS was an improvement from no encryption whatsoever, but is did have two key vulnerabilities. The first being a susceptibility to man-in-the-middle attacks where hackers were intercepting traffic and the second being where hackers were able to simply remove the encryption; this is called an encryption downgrade attack.

SMTP STS addresses the man-in-the-middle and downgrades attack vulnerabilities that are present in STARTTLS. The SMTP STS mechanism has a clear approach which enables mail servers to manage and report on the secured status of the connection. SMTP STS allows mail service providers to state their ability to accept TLS secured connections. In the event that there is no secure connection in place, the mail transmission will be unsuccessful. In essence the new standard has policies and rules set up for mail service providers to establish encrypted email communications.

In summary, SMTP STS is an attempt to succeed where STARTTLS failed. The standard is in the draft phase currently and it is not set to become reality for a while yet. The IETF has a few more months to consider the possibilities presented by this proposal before the motion expires in September 2016.

Does IoT Need 5G Protocol? Answers Revealed Here

The momentum builds as we wait for the new generation of wireless devices. The next life changing announcement in mobile technology is the introduction of 5G. These kinds of upgrades take up to a decade to design, and should be treated as all other newly installed extensions or improvements.

Developers should expect a level of doubt or pessimism and tension. Many 4g users will wonder what is 5G’s purpose and what is it suppose to fix exactly? Well, each new development is created to repair the existing flaws of the current application. The manufacturers revise the outdated versions and eventually, the user would end up having a more pleasurable experience retrieving and storing data.

However, once the technologies are in place and have taken off, usually they remain that way for an average of ten years. The process of an upgrade likely begins as the latest template has left the design floor. The outlook on 5G is that the framework must be compatible with devices well into the 2020s and greater.

What’s the Role of IOT in a 5G World?

Every decade or so there’s a big break in the mobile network. Is 5G a friend of the Internet of Things? The hope is that the impact of 5G will increase the capabilities of wireless phones, however, the primary focus is giving support to companies such as Cisco, Intel and Ericsson on the side of IOT.

Gartner, Inc predicts that the IOT will eventually expand to gross over $3 trillion dollars with over 20 billion devices in use by 2020. Also according to Gartner, 6.4 billion devices will connect to other applications and stampede smart homes and smart devices.

A smooth connection is critical to the framework and 5G is a tremendous opportunity to supply this. Right now, IoT are disconnected systems and that is what’s standing in the way. Short­range techniques used for communication are commonly the Blue Tooth and things like UWB. If you look beyond today, this could really be a problem for the future of smart electronics.

Although we can do different things remotely, such as turn off appliances and open doors with our cell phones, the value of such devices is still under used. Homeowners are able to control the temperature of a room with a command to a cellular device or electronic device where there’s internet.

Speculators say that 5G will change things in a major way. Speeds will vastly improve; downloading a movie will literally take seconds. In addition, 5G data will permit more connections than 4G, of course, and consume a lot less energy.

You’re The 5th Generation, So What?

The forthcoming generation or 5G is the spine of the IoT when you think about it. The wireless world will handle hundreds times more volume that what it currently rates. Once linked to mobile devices, it will open a new era of vending, architecture, communications and economically, the possibilities are endless.

Experimentalist at the Southwest Jiaotong University and a team of volunteers at Lancaster University (Zhiguo Ding) dug out the pros and cons of the future of 5G and revealed the results to Spectrum in an interview (see Science China in pdf) via Skype.

Will There Be Adequate Bandwidth to Handle the Load?

Ding acknowledges that the previous and current systems are supported by orthogonal multiple access. If you understand this split second process, then you know that it’s going to be difficult to support the multiple access needed for the IoT application. Allocating time slots for the masses in the future of 5G with the current availability would be impossible. The resources are just not there.

Where Do We Go From Here?

Although the date has not been set for the introduction of 5G, it is highly possible that activity will start in the coming year for a 2020 debut. According to Ding, professional teams in the industry are working closely with academics to discover techniques and standards.

While it’s true, 5G and IoT are expected to have its strains and cuts, the outcome can have enormous effects on individuals, organizations and governments. It will take some time before its full potential is realized, however, but for now, it’s merely a thought, an idea running through the minds of a few techno geeks and wireless powerhouses.