With the digitalization of the economy, organization security not being just an ‘IT matter’ and a large bridge between the demand and the supply of trained professionals, Cyber Security, in India and globally, is of the utmost importance.
On the morning of July 18, 2020, we all woke up to a piece of rather disturbing news. The news was of the infamous cyberattack on Twitter, which targeted prominent international personalities like Jeff Bezos, Elon Musk, and Bill Gates, to name a few. While the breach was forgotten quickly amidst pressing news about the global pandemic, it got us all questioning the security, or the lack thereof, offered by one of the biggest and most influential social media platforms there are.
In the words of Tim Cook, “We shouldn’t ask our customers to make a tradeoff between privacy and security. We need to offer them the best of both.”
In a digital world like ours, where everything, right from ordering groceries to making financial transactions, is just a click away, it needs no saying that setting up and maintaining updated security systems in any business, private or public, is of utmost importance.
Cyber Security includes all processes and practices programmed to safeguard not just server-side networks but also client-side devices and data from unwanted attacks and unauthorized access.
While conventional security measures, also known as defensive technologies, look at a defensive approach against vulnerabilities, offensive technologies resort to a proactive style of keeping out unwanted access.
Presented by Paul Asadoorian and John Strand at the RSA 2012 conference, this form of security mechanism lists methods to seek would-be attackers before-hand, obtain their details, and set up measures to counter their attacks. One of the ways to do this, they suggest, is for companies to place alerts in network entrances, alerting users trying to access their services. This check, similar to an NAC check, would gather the user’s machine data, including their MAC and IP addresses, allowing for companies to keep track of the traffic on their online presence.
Asadoorian and Strand’s method focuses on three main components in offensive technologies: Annoyance, Attribution, and Attack.
The first component, Annoyance, includes ways to disrupt the attacker’s attempt. This can be achieved by setting up false ports and directories. This misdirects the attacker into a false system where, when they enter, they end up looping through it without a direct hit on the actual network, thus, protecting it.
The second component, Attribution, underlines the identification of the attacker and their system. This can be achieved by introducing a web bug in sensitive documents. When that document is opened or checked by the attacker, the bug obtains all the system information and sends it back, thus, correctly locating the attacker.
The last component, the Attack, according to Asadoorian, should be dealt with caution. Care needs to be taken that it should be complementary to both the Annoyance and Attribution techniques, keeping in mind to just intimidate the attacker rather than resorting to a malicious or an illegal assault on them.
Regardless of what you do, matters of digital security affect you. Especially now, in the face of a global pandemic, there has been an exponential rise in cybercrimes worldwide. With the traffic on hacker websites and forums rising to nearly 66% more than the usual, it has been observed that most of these attacks target home-based workers. Institutions, mostly banks all across the world, have seen a 238% rise in cyberattacks since March 2020. Nearly 27% of the attacks measured from March have been intended for healthcare sectors.
All institutions, corporate, financial, medical, military organizations, and most Government bodies have digitized the process of gathering and storing vast amounts of consumer data. A major chunk of this data is sensitive information, including intellectual property information, financial records, and personal information. This online storage also houses data of national importance relating to national security. Such a vast quantity of sensitive data exposed in the wrong hands would have negative and irreparable consequences.
Security is a major concern regarding digital transactions as well. Between January and April 2020, cloud-based and phishing attacks have risen to 630% and 600%, respectively. Nearly 80% of the firms worldwide have reported a rise in cyberattacks ever since the global pandemic.
Institutions transmit sensitive data across networks, to and fro, as a part of their businesses. India alone touched a total of INR 3,434.56 crores in March 2020 in terms of digital transactions. With more businesses adopting the digital way, this number is expected to scale upwards and at a rate higher than the current.
Given the statistics of digital proceedings and how the rates of cybercrime are on the rise, it is definitely not an option to undergo any of these tradings without the right kind of security overlooking them. While a sturdy fortress of security mechanisms ensures firms’ reputation and assures consumers the privacy of their data, processing these transactions with appropriate security practices over channels and networks helps contribute to the economy as a whole.
However, there will always be cases of leaked vulnerabilities and loopholes. A 2019 Juniper Research report on cybercrime predicts the cost of recovering from such malicious attacks will rise to USD 5 trillion by the year 2024. This amount includes everything from destruction and damage caused by the misuse of stolen data, theft in terms of intellectual property, financial losses in terms of embezzlement and fraud, post-attack mitigation measures to restore the business’s disruption, take upon an investigation and restoration of systems and data.
In the words of the renowned author, Susan Morrow, “All businesses need to be aware of the holistic nature of cybercrime and, in turn, act holistically in their mitigation attempts.”
It is no news that the job market has seen a downward trend this year. However, most of the companies have undergone a digital transformation, and this shift to the digital domain is an invitation to cyberattacks. As a result, a niche of technical jobs is left not as affected as their other counterparts. Roles of architectural set-up, back end management, and Cyber Security handling have seen a rise in the demand. Even without the pandemic, Cyber Security Ventures has predicted that a talent crunch in the respective domain would have created nearly 3.5 million unfilled jobs globally by the year 2021.
But, digital transformation or not, the surge of digitalization over the last couple of years in the country has seen most of the companies establish systems over the internet. All these systems need maintenance, irrespective of the traffic they generate. Cloud architecture and administration, along with the maintenance and upgradation of existing security standards on these digital spaces, demand skilled professionals who can handle a threefold role: an engineer, architect, and an analyst.
This digital expansion and a dearth of professionals who excel in skillfully handling the relay between the three roles leave a large gap between the demand and supply for the Cyber Security job market in India.
Bengaluru, India’s IT hub, ranks first with a maximum concentration of Cyber Security employees, followed by Delhi NCR. Mumbai has seen a significant drop in the concentration and is followed closely by Pune.
Irrespective of an increase in demand for the recruitment of Cyber Security professionals, the shortage of a trained workforce in these roles have upped the importance of these jobs.
A report by NASSCOM states that despite being home to the largest IT talent pool globally, India lacks skilled Cyber Security professionals, creating a large bridge between the demand and provision for them.
Mumbai serves as the promising career destination housing Cyber Security Professionals with the highest average industry experience (7.7 years). Chennai’s median industry experience lies at 7.2 years, beating Bengaluru by 0.3 years, which stands at the third position with 6.9 years of industry experience.
A few of the top Cyber Security roles, trending in India right now, are mentioned below to give you a better idea.
A Network Security Engineer looks after all the security aspects implemented within the organization. They ensure that the systems set up are strong enough to counter and stop threats. The main responsibilities include maintenance of the security systems like firewalls, routers, switches, and virtual private networks, identification of potential vulnerabilities, and action on improving them.
A Cyber Security Analyst helps in implementing and upgrading security measures and controls them in an organization. While continuously monitoring the existing systems’ security performance, they perform security tests, both internal and external, to look for any loopholes or security lapses. They are also responsible for testing vulnerabilities, analyzing risks, and running assessments on the networks to measure their stability.
A Security Architect helps with the design and implementation of the networks and security architecture for their organization. They offer research to aid with the planning and architecture of the various elements of organizational security. They also develop policies and procedures for the company to be used by the employees in handling internal security issues and lapses.
A Cyber Security Manager looks after the maintenance of the existing security protocols throughout the organization. Their main job is to strategize network performance and security-related issues for achieving higher standards of privacy. They review current policies, suggest plans to update them based on new trends and recent threats, and incorporate them into the organization.
The role of a Cyber Security Consultant is to offer leadership in the process of identification and mitigation of plans, ensuring minimal risk and improved performance for an organization’s security network. They majorly act as subject matter experts, making recommendations, and offering expertise in executing proposed changes and preparing extensive reports.
The Chief Information Security Officer is a senior-level position. These professionals ensure that the current security plan of the organization aligns with the vision, operations, and technologies of the business. They work with the security team in detecting and diffusing security breaches and loopholes. They ensure that the security standards are always up to date and have enough capacity to mitigate lapses or risks with minimal effects on the day to day businesses.
The median salary of Cyber Security Professionals in various metro cities differs according to the sector-location niche. With INR 12.9 lakhs of average annual salary, Mumbai ranks as the highest paying location for Cyber Security Professionals. Bengaluru is not very far behind with INR 12.5 lakhs of yearly average remuneration.
Skills Required To Become An Expert Cyber Security Professional (Offensive Security)
For starters, the basic skill a Cyber Security professional must have is a thorough understanding of network and system infrastructure. This includes familiarity with network and virtualization software. In-depth knowledge of operating system management like Windows and various Linux distros is an add-on. A command over assembly languages, disassemblers, common programming, and scripting languages like Python and PHP helps in making a profile stronger. Some employers also look for certifications while considering a profile. Some of the popular certifications are:
We are all living in a world where Darwin’s theory of survival of the fittest holds true entirely. With a competitive market, upskilling to emerging technologies has become the need of the hour. Digital expansion of companies and businesses will continue to grow.
While not all job roles can be recession-proof, Venkatesh Radhakrishnan, global head of talent acquisition at UST Global, says, “Candidates trained in Cyber Security are currently hot in the job market. By the time the world returns to the conventional office system, the digital space occupied by businesses, both big and small, will demand professionals equipped with the necessary skill sets for the seamless management and maintenance of these networks.”
Keeping this in mind, Jigsaw Academy offers a guaranteed placement Master Certificate in Cyber Security (Red Team) to help you stay updated in your career landscape. This Master Certificate in Cyber Security will help learners make their careers recession-proof. Let’s understand how:
Upskilling in the Cyber Security domain can help you immensely in accelerating your career. Visit Jigsaw Academy’s Master Certificate in Cyber Security (Red Team) for more details.