With technology playing an increasingly integral role in day-to-day life, security is now more important than ever. Yet, the talent required to ensure businesses, governments and individuals are adequately protected is glaringly absent. As cyber criminals continue to attack organizations, critical infrastructure and governments across the world, in nearly every sector and every industry, are feeling the effects of the cyber security talent shortage. There are a few industries, however, that are feeling the pain particularly acutely, with an urgent need for experienced and educated cyber security professionals. If you are considering a career in cyber security, salaries are soaring and the job market is flush with opportunity, especially in these top industries for cyber security.
It comes as no surprise that cyber criminals are targeting financial institutions. In 2017 hackers targeted the Securities and Exchange Commission, Equifax, HSBC, Lloyds Banking Group and countless other lesser-known financial institutions. Fraud incidents increased 130% in 2017, “resulting in significant monetary and reputational losses for financial institutions,” according to Price Waterhouse Coopers.
The opportunity for hackers is huge in financial services. Customers pay bills online, shop online, check account balances online and send money to friends online. The RSA Conference reported on a poll conducted by TD Bank in 2017, which surveyed 400 financial professionals and found that 9 out of 10 believe payment fraud will be a bigger threat over the next two to three years. “What’s more, nearly two-thirds said that either their organizations or one of their clients was on the wrong end of a cyber security event in the past year, with the most-cited incidents being business email compromises (20 percent), account takeovers (19 percent) and data breaches (15 percent),” wrote RSA.
While financial institutions know security is an issue, many of them aren’t prepared and don’t know how to combat the increasingly sophisticated tactics of cyber criminals. As RSA explained, “Recent surveys paint a picture of an industry that sees the writing on the wall but often finds itself working with the technological equivalent of whiteout.”
The 2016 Financial Industry Cybersecurity Report, found that among the top 20 U.S. commercial banks, 19 received a network security grade of C or below with issues ranging from expired SSL certificates to open FTP and SMB ports to insecure TLS cipher suites.
To begin to combat the threat, financial institutions must attract and retain experienced cyber security professionals to help guide them on mitigating business risk and putting a plan in place for the future.
The government isn’t known for speed and when it comes to cyber security it’s lagging dangerously behind. In a report by Security Scorecard analyzing 552 local, state and federal organizations, researchers discovered that government security is inadequate in several significant areas, including replacing outdated software, patching current software, individual endpoint defense and IP address reputation.
The vulnerabilities in government systems are alarming considering the vast amount of data stored there, arguably the largest repository of data in the world. Compared to the private sector, the government is a treasure trove of information for hackers that when exposed puts national security at risk.
Unfortunately, the government’s inability to adequately secure its data is due in large part to its inability to attract talent. “The recruiting and retention of cyber workers is hampered by a cumbersome hiring process, the failure to devise government-wide certification standards, insufficient training and salaries, and a lack of an overall strategy for recruiting and retaining cyber workers,” wrote ABC news.
Yet, for cyber security professionals that want to make a significant impact on national security, the government offers an attractive option — especially once administrators streamline many of the obstacles deterring would-be government cyber security employees from applying in the first place.
Like the government, healthcare organizations are privy to a plethora of sensitive information. And like the government, many organizations are not adequately protecting that data. In 2015, the healthcare industry experienced more breaches stemming from cyber attacks than any other industry, according to a Health Care Industry Cybersecurity Task Force report published by the Department of Health and Human Services. With ransomware attacks increasing since this 2015 report, the situation has only worsened. The healthcare industry was the victim of 88% of all ransomware attacks in U.S. industries last year, according to Solutionary, an NTT Group security company. And according to the Ponemon Institute, 89% of healthcare organizations have experienced a data breach in the past two years.
The healthcare industry has been a frequent target of cyber attacks for two primary reasons, the high value of data which these organizations possess and the ease with which hackers are able to access this data. Data gleaned from insecure systems is then sold on the black market, where cyber criminals purchase and sell personal data for a multitude of purposes including espionage and identity fraud.
The digitalization of healthcare over the past decade and the increasing interconnectedness of devices has created many efficiencies for healthcare organizations while simultaneously creating a massive security challenge — one that, if not remedied, will have serious implications for providers and patients alike.
Manufacturing is the second most attacked industry behind healthcare, according to Industry Week. Attacks on critical infrastructure, industrial espionage, phishing emails and drive-by downloads are just a few of the tactics employed by cyber criminals that can lead to defective products, production downtime, physical damage, injuries and death, the loss of sensitive information and more.
The manufacturing industry is an especially attractive target for cyber criminals for several reasons. These reasons include (source: Cisco):
- Legacy equipment or industrial IoT devices that were not built with security in mind
- Gaps between IT and Operations Technology
- Lack of documented training, processes and procedures that outline responsibility and access
- Failure to conduct risk assessments
The Internet of Things (IoT) is one of the greatest potential weak spots for manufacturers when it comes to cyber security. While they gain efficiencies and improve production processes with connected devices and intelligent machinery, the IoT exposes manufacturers to a network easily infiltrated by those looking to do harm.
“Not too long ago, there was a gap in connected devices — a security measure ensuring that an industrial network was physically isolated from the rest of the world,” explained Alexander Polyakov a member of the Forbes Technology Council. “Now, due to the rapid pace of technological change, all pieces of critical infrastructure are connected to each other and, most importantly, to the internet. As a result, there is a lack of adoption of basic information security practices.”
Cyber security professionals are needed across every sector and industry, but it is clear that there is particularly urgent need in financial services, healthcare, government and manufacturing. If you are considering a career in cyber security, seeking out opportunities in these especially needy industries will offer a rewarding career path, likely with high pay and excellent job security.