Image for post
Image for post
Photo by Austin Distel on Unsplash

Want a job? Your chances can’t get much better than in an industry with low unemployment.

So if you’re looking, head for the door marked “cybersecurity.” Unemployment isn’t just low — it’s nonexistent. There has been a shortage of skilled labor in the field for years — although the global gap this year is smaller, down to 3.12 million from 4.07 million last year according to (ISC)², a nonprofit association of certified cybersecurity professionals.

But the organization reported that the number of qualified applicants in the field still needs to grow by approximately 41% in the U.S. …

Image for post
Image for post
Photo by Erik Mclean on Unsplash

Information is power, the saying goes. These days, information is also money.

So perhaps after hearing that “if you’re not paying for the product, you are the product” for a decade or more, consumers are starting to get more savvy about the reality of Big Data — that the data they generate in their increasingly connected lives is, collectively, worth very big bucks. Also that it can be very invasive to their personal privacy.

Which could explain, at least in part, why Massachusetts voters went 3–1 on Election Day in favor of an expanded “Right to Repair” law that will give them ownership and at least a measure of control over the streams of data they generate every time they use their car. …

Image for post
Image for post
Photo by National Cancer Institute on Unsplash

When it comes to evaluating risk, context may not be everything, but it’s a very big thing. That has been apparent for months now regarding the coronavirus pandemic. The same virus is not the same threat to everybody. While COVID-19 can kill anybody, the risk to an 80-year-old with asthma is vastly greater than it is to a healthy high-schooler.

Context applies to risks caused by vulnerabilities in connected medical devices as well. …

Image for post
Image for post
Photo by Lianhao Qu on Unsplash

That classic cliché “It’s difficult to make predictions, especially about the future,” has been attributed to a list of humorists ranging from Mark Twain to Yogi Berra.

But it’s true of just about everything, including the vast and explosively growing Internet of Things (IoT). Nobody really knows what it will look like or how it will work (or not work) a decade from now, even though the focus of this, the final week of National Cybersecurity Awareness Month (NCSAM) is: The future of connected devices.

A few things are relatively easy to predict, though. Barring some kind of cosmic upheaval or meltdown, one element of the future of connected devices is that there will be more of them — billions and billions more — as the IoT continues to morph into the IoE, the Internet of Everything. Just since 2018, the IoT has ballooned from about 7 billion devices to more than 30 billion. …

Image for post
Image for post
Photo by on Unsplash

Medical devices are among the greatest healthcare achievements of modern times. For millions of people, they improve both the quality and length of life.

But when they are connected to the internet, as millions are, malicious hackers could turn those healing tools into lethal weapons or leverage for ransom or blackmail.

One of the most prominent examples of that risk is former U.S. Vice President Dick Cheney, who famously had the wireless capabilities in his pacemaker disabled due to the threat of possible assassination attempts. He told a national audience about it on CBS’s “60 Minutes,” in 2013.

But even today, while threats like that are considered rare, they still exist. That’s because most devices in use, while built to work properly for years — even decades — weren’t designed to be connected. They weren’t built with cybersecurity in mind. …

Image for post
Image for post
Photo by Jens Kreuter on Unsplash

As most of us know by now, the devices in our homes and workplaces are also portals — digital windows to the world. That’s especially true for those with cutting-edge smart homes where everything from appliances to power tools, lights, thermostats, and door locks are part of the vast Internet of Things (IoT).

But even those whose homes aren’t “smart” are almost certainly connected. Most have a router through which the occupants communicate with others, get their entertainment, education, some healthcare, and who knows how many other conveniences and services through apps on their smartphones.

Unfortunately, those digital windows are, in many cases, broken. The devices that make up a smart home, or even an average home with a few computer games and a dozen or so apps on a phone, offer access to criminal hackers if they aren’t secure. …

Image for post
Image for post
Photo by Stephan Bechert on Unsplash

“If you connect it, protect it.”

That is the exhortation for this, the inaugural week of National Cyber Security Awareness Month (NCSAM), the overall theme of which is, “Do Your Part. #BeCyberSmart.”

NCSAM, an initiative by the federal Cybersecurity & Infrastructure Security Agency, within the Department of Homeland Security, is now in its 17th year and, sadly, more necessary than ever.

Protecting connected devices (which remain rampantly insecure) is a laudable goal. I just have a small quibble with the Week 1 slogan — it implies that there is still an “if” about connecting. The Internet of Things (IoT), now numbering somewhere in the 30-billion range, is rapidly becoming the Internet of Everything (IoE). …

Image for post
Image for post
Photo by BENCE BOROS on Unsplash

Good news: The U.S. House of Representatives just passed the Internet of Things (IoT) Cybersecurity Improvement Act of 2019.

Good because if any ubiquitous element of modern life needs improvement, it’s the security of the IoT, which is rapidly becoming the Internet of Everything and which is notoriously insecure. Blogger, activist, and author Cory Doctorow famously called it the “Internet of Sh — .”

The vast and endlessly growing IoT is the biggest attack surface in the world. And when hackers can compromise some of those devices there can be physical consequences — a “smart” home security system disabled, utility services interrupted, a vehicle or a connected medical device under the control of an attacker. …

Image for post
Image for post

If you’re a human, you should care about software — a lot. Which is why you should care about the Building Security In Maturity Model (BSIMM), an annual report that tracks the evolution of software security.

First a disclaimer: I write for the Synopsys Software Integrity Group, which produces the BSIMM. But I’d write about it anyway — there’s nothing like it out there that offers a free roadmap to better software security.

Which is important because software — those billions of lines of code that look like gibberish to most of us — is behind just about everything made by people. …

Image for post
Image for post
Photo by Mika Baumeister on Unsplash

Better software and data security can save you money, sometimes well into the millions of dollars.

That isn’t the main headline in this year’s Cost of a Data Breach Report from IBM Security, with research by the Ponemon Institute. But get into the weeds of the report a bit and it’s clear that security has been paying dividends for organizations that invest in it.

The annual report, now in its 15th year, collected data from 524 companies that had suffered a data breach between August 2019 and April 2020, in 17 countries and 17 industries.

And it leads with what the title promises: The global average total cost of a data breach and the average time it took to detect and contain a breach remained relatively constant. The average cost increased only 1.5%, to $3.86 million, although both the average cost and percentage increase in the U.S. were much more — $8.19 million, up 5.3%. …


Taylor Armerding

I’m a security advocate at the Synopsys Software Integrity Group. I write mainly about software security, data security and privacy.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store