ICFE eNEWS #16-46 - December 20th 2016
Ransomware and Terrorism
Cybersecurity Risk Management: New Opportunities for Professional Employment
By Yan Ross, Director of Special Projects,
"Cybersecurity professionals needed; taskforce looking to
make Arizona cybersecurity capital of U.S."
So reads a
front-page headline of a current Arizona hometown newspaper.
What conclusions can Identity Theft Risk Management Specialists
draw from this feature news article?
According to the
Institute of Consumer Financial Education (ICFE), there are
several relevant aspects of this development. Chief among them
- Cybersecurity awareness is not limited to large
population centers or headquarters of Fortune 500 companies.
• The work of cybersecurity professionals can be done from
- An understanding of the role of cybersecurity within the
broader scope of identity theft risk management is key to
preparing for these good-paying jobs
- There are many resources available to people of all ages
to learn to perform this work
- ICFE provides an integrated approach to this important
"Cybersecurity" has become both an everyday word and also a
much misunderstood phenomenon. Technically, the term also may be
called "Computer Security" or "IT Security," and encompasses
"the protection of computer systems from the theft or damage to
the hardware, software or the information on them, as well as
from disruption or misdirection of the services they provide."
Just the use of such a tech-heavy name tends
to intimidate many people who would otherwise easily relate to
the underlying concepts. In practice, even though there are some
who prefer to maintain a magical, mystical unattainable nature
of this endeavor, it really consists of a system of building
blocks, each of which is in fact accessible to individuals with
intelligence and proper study skills.
To be sure, the
complexity of effective cybersecurity has grown immeasurably
over the past couple of years. It has spread from exploitations
of individual and social media data bases, to financial
institution account information, to medical patient history and
insurance coverage, and continues to go far beyond. Most
recently, failures in cybersecurity may even have affected the
way voters made their decisions in the presidential election
(although to date no claim has been made that there has been any
compromise of the electoral system itself).
But at the
foundation, the protection of information assets from
cyber-attacks still must be seen as a response to the motives of
the cyber-attackers themselves. What do they seek, what are the
values of the information accessed, and what is the context of
the business of cybersecurity?
Under current thinking,
the principal motives of cyber intruders appear to be three:
• Access to and resale of account information of financial
customers and medical patients; this appears to be a purely
economic undertaking. With an active market carried on via the
so-called "dark web," such information as credit card accounts,
medical patient history and insurance coverage, and other data
assets become the stock in trade.
Disruption of operations, which may be either for "sport" or
again to gain economic advantage. "Denial of Service" attacks
may be launched either directly (DOS) or by co-opting many
individual computer devices usually those connected to the
internet, referred to as "Distributed Denial of Service" (DDOS).
In this category the most rapid development has been in the
intrusion of ransomware, in which the target's system and data
are held hostage until payment in some form is made, often in
untraceable Bitcoin. Unfortunately, the target does not learn
whether the attacker can actually restore the original data
(usually via an encryption key) until after the ransom is paid.
Illicit access to and distribution of confidential
information, which may include trade secrets, proprietary
intellectual assets, and even political information. The
objectives of the attacker in these cases may be economic,
sociological, or political, depending on the circumstances.
There are mainly two aspect of the compromise of such
information: sale of confidential information to competitors and
the demand for payment to the attacker for not disclosing the
information to the public or to competitors.
While it's true that cybersecurity professionals may be
trained to accomplish a variety of menial and repetitive tasks
to install and maintain cybersecurity programs, the fundamental
understanding of the broader challenge gives the individual a
distinct advantage in understanding the playing field and
discharging responsibilities in an effective manner.
stands ready to provide this valuable educational resource as
this important initiative goes forward.
Ross is ICFE's Director of Special Projects, and the author of the
Certified Identity Theft Risk Management Specialist ® XV CITRMS®
course. As an accredited educator for over 20 years, he has addressed
Identity Theft Risk Assessment and management for consumers, organizations
holding personally identifiable information, and professionals who
work with individuals and organizations who are at risk of falling
victim to identity thieves.
The ICFE's Certified Identity
Theft Risk Management Specialist ® XV CITRMS® course is now available
both in printed format and online.
The Textbook and Desk
Reference edition of the course book is also available online. Bulk
pricing and discounts for veterans and students available. Inquire