Market Trends Analysis - Most Preferred Cybersecurity Certifications

Award Winning World’s Fastest Growing Cybersecurity Company

Cyble VISION

Beyond Threat Intelligence

The Best Ai-Powered Threat INtel PLATFORM

• Uncover hidden threats.

• Predict and prevent attacks.

• Empower informed decision-making.

• Stay ahead of evolving risks.

• Secure your digital ecosystem.

See Cyble Vision in Action

44 Abandoning Legacy Systems: Route To Establish A Cyber-Secure Healthcare

THE COVER

52 Mandy Andress on Conquering Complexity, Open Source, and Compliance Challenges in Cybersecurity

HOT SEAT

56 Beneath the Surface: How the Dark Web Drives the Underground Exotic Animal Trade

CYBERVILLE

62 Monthly Round Up: List Of The Most Prominent Cyber Attacks In August 2023

ROUND UP

STAFF

Editorial Management

Augustin Kurian Editor-in-Chief editor@thecyberexpress.com

Avantika Chopra Associate Editor avantika@thecyberexpress.com

Vishwa Pandagle Journalist vishwa@thecyberexpress.com

Ashish Khaitan Journalist ashish@thecyberexpress.com

Vittal Chowdry Design Lead vittal@thecyberexpress.com

Rajashakher Intha Head - Marketing & Sales raj@thecyberexpress.com

Ashish Jaiswal Conference Manager ashish.j@thecyberexpress.com

Priti Chaubey Content Strategist priti.c@thecyberexpress.com

Ravi Gupta SEO Analyst ravi@thecyberexpress.com

From The Editor’s DESK

Dear Readers,

The digital landscape is in constant flux, evolving at a pace that often astounds even the most seasoned professionals. As it undergoes these rapid transformations, the magnitude of threats intensifies, casting a shadow on our digital aspirations. With every gadget we use and every digital service we access, the importance of cybersecurity becomes more pronounced. As technology weaves its way more profoundly into our lives, its protection escalates from being just a professional obligation to a paramount societal duty. This month, The Cyber Express delves deeply into this pressing matter: Cybersecurity Education and the Role of Certifications.

The comprehensive survey we initiated was more than just an inquiry into numbers and trends. It was a profound exploration into the heart of the cybersecurity industry, a deep dive into the motivations, challenges, and aspirations of professionals navigating its intricate corridors. Our goal was not only to discern the reasons behind educational choices but also to shed light on the evolving landscape of cyber threats and defense strategies. By highlighting the most pivotal certifications and gauging employers’ perceptions of structured training, and with feedback from a diverse group of 2,384 IT and cybersecurity experts, I believe we’ve painted a

vivid and comprehensive picture of the present state of cybersecurity education.

Our second segment shifts gears, delving into the importance of regulations. It illustrates that cybersecurity is not just about following guidelines; it’s about understanding their historical evolution, recognizing the farreaching repercussions of noncompliance, and grasping the intricate mechanisms of digital law enforcement. The United States, with its dynamic cyber landscape, takes center stage in our discussion, offering invaluable insights into how agencies like the FTC, DHS, and NIST shape and enforce cyber laws.

Our cover story moves into an area of acute concern: healthcare. With relentless cyber threats looming, this sector’s vulnerabilities become glaringly evident. The pressing need to transition from outdated systems to resilient, modern technology isn’t just a recommendation—it’s a clarion call for proactive measures to secure invaluable data and ensure unwavering regulatory adherence.

The dark web, often shrouded in mystery, is a realm that intrigues yet poses perilous challenges. Our meticulous analysis ventures into its depths, revealing its disturbing role in driving the illicit exotic animal trade, further showcasing the multifaceted nature of cyber threats.

Rounding off this edition, our exclusive interaction with Mandy Andress, CISO of Elastic, is something I am particularly enthused about. With a vantage point carved from years of experience, Mandy’s insights offer a beacon of understanding in the ever-challenging world of cybersecurity. Through her seasoned perspective, we glean nuances that provide clarity on current challenges, effective strategies, and potential trajectories in our digital defense landscape.

Each article in this edition has been handpicked and meticulously curated, reflecting our unwavering commitment to empower, inform, and engage you. In this fast-paced digital era, staying apace with cybersecurity trends isn’t just beneficial—it’s imperative for our shared digital future.

My profound gratitude goes to our contributors, the experts we collaborated with, and especially to you, our steadfast readers. Your enthusiasm, constructive feedback, and insatiable thirst for knowledge inspire us daily, compelling us to push boundaries and consistently elevate our editorial standards.

Stay informed. Stay vigilant. Stay safe.

Most importantly,

We welcome your feedback at editorial@thecyberexpress.com

In an era where digital threats grow in complexity and scale, the cybersecurity industry stands as the frontline defense against potential digital catastrophes. As technology evolves, so does the imperative for industry professionals to be equipped with knowledge and skills.

Recognizing this need, The Cyber Express embarked on an exhaustive survey journey to decode the trends, preferences, and sentiments surrounding cybersecurity education and certifications.

Sourcing insights from a diverse cohort of 2,384 IT and cybersecurity experts, our survey aimed to shed light on what drives professionals in their educational choices, which certifications are paving the way for career advancements, and how employers perceive the value of formalized training.

Join us as we delve into the data, offering a comprehensive panorama of today’s cybersecurity educational landscape.

AUDIENCE DEMOGRAPHICS

Cybersecurity Analysts made up 27.16% of the respondents, followed by Security Engineers at 41.62%. Information Security Officers represented 23.90% of the pool, with IT Managers accounting for 6.94%.

A small fraction, 0.38%, comprised of professionals from other related fields. This diverse mix offers a holistic view on the state and direction of cybersecurity education and certification.

FORMAL CYBERSECURITY EDUCATION: AN ESSENTIAL PILLAR OR A SECONDARY CONSIDERATION?

When navigating the intricate world of cybersecurity, one question that often emerges is the value and importance of formal education and training in the field.

According to The Cyber Express’s survey, an overwhelming majority of the participants seem to recognize its significance.

Out of the 2,334 respondents who answered this question, a substantial 89.25%, which equates to 2,083 individuals, affirmed that they have completed formal cybersecurity education or training. On the flip side, 10.75% (251 respondents) indicated they haven’t pursued such educational avenues.

This data highlights the prevalent inclination towards structured learning and certification in cybersecurity, emphasizing its perceived importance in career progression and expertise development in the current digital landscape.

IF YOU HAVE COMPLETED ANY FORMAL CYBERSECURITY EDUCATION OR TRAINING, HOW DID YOU OBTAIN IT?

Around 80% of the respondents believed that AI will significantly transform cybersecurity, enhancing the security of computer systems, networks, and data. This suggests that AI has the potential to play a crucial role in the future of cybersecurity.

THE MODALITIES OF CYBERSECURITY EDUCATION: HOW PROFESSIONALS ACQUIRE THEIR SKILLS

The path to acquiring cybersecurity knowledge is as varied as the challenges the field itself presents. With a myriad of available learning channels, we tried to understand the preferences and tendencies of those in the industry.

• On-site/in-person training: This traditional form of education, involving direct interaction and classroom settings, was chosen by 34.61% of the respondents, translating to 812 individuals. This method, often prized for its hands-on and interactive nature, still holds significant value among professionals.

• Online courses: Evidently, the digital age has left its mark on learning as well. A majority of 49.53% (or 1,162 respondents) have turned to online courses to hone their cybersecurity skills. This mode’s flexibility, accessibility, and vast array of course options make it a favorite among many.

• Self-study: Autodidacticism is still a preferred method for some, with 15.64% (367 individuals) opting to chart their learning journey on their own terms, using resources and study materials they have curated themselves.

• Other: A niche group, representing 0.21% (or 5 respondents), mentioned an alternative route – acquiring skills through a “Cloud Cyber Security Professional Diploma.” While this specific avenue is less common, it points to the continually evolving and expanding opportunities for learning in the cybersecurity domain.

This data paints a vibrant picture of the eclectic mix of traditional and modern learning modalities leveraged by cybersecurity professionals, each catering to different needs, learning styles, and career goals.

HAVE YOU OBTAINED ANY CYBERSECURITY CERTIFICATIONS? IF SO, WHICH ONES?

DIVERSE CERTIFICATIONS IN CYBERSECURITY: PROFESSIONALS’ CHOICES AND CREDENTIALS

Cybersecurity is an ever-evolving landscape. With threats becoming increasingly sophisticated, there’s an imperative need for professionals to ensure they are adeptly trained and certified to manage and counteract these challenges.

Here’s a breakdown of the results:

• Certified Information Systems Security Professional (CISSP): 16.86% or 399 respondents possess this globally recognized certification, attesting to their ability to design, implement, and manage a cybersecurity program.

• Certified Ethical Hacker (CEH): 12.89% (305 respondents) have been trained to think and act like hackers (a white-hat hacker, of course). It’s a testament to their skills in finding and fixing vulnerabilities.

• CompTIA Security+: With 12.34% (292 individuals) having this certification, it emphasizes core security functions and is a springboard for those venturing into the cybersecurity world.

• Certified Information Security Manager (CISM): Chosen by 18.17% (430 respondents), CISM is a managementfocused certification that establishes the holder’s capability to manage and govern a company’s information security program.

• Certified Information Systems Auditor (CISA): Held by 13.18% (312 professionals), it underlines the individual’s expertise in auditing, control, and assurance.

• Offensive Security Certified Professional (OSCP): 10.44% (247 respondents) have this hands-on and challenging certification, demonstrating their persistence and clarity in the penetration testing environment.

• Certified Cloud Security Professional (CCSP): With cloud becoming ubiquitous, 6.97% (165 respondents) have this certification, underscoring their skills in designing, managing, and securing data, applications, and infrastructure in the cloud.

• Cisco Certified Network Associate (CCNA) Security: 4.52% (107 respondents) have taken this route to showcase their skills in developing a security infrastructure, recognizing threats, and mitigating security threats.

• GIAC Security Essentials Certification (GSEC): 3.30% or 78 professionals have this certification, which is a testament to their knowledge in information security concepts and practices.

• SANS GIAC Security Expert (GSE): While it’s one of the more niche certifications, 1.10% (26 respondents) still hold the GSE, reflecting its rigorous and elite nature.

• Other: A unique category of 0.25% (or 6 respondents) mentioned they currently do not possess any certification but are in the process of preparing for CISSP.

These statistics illuminate the vast array of certification paths available to cybersecurity professionals, each tailored to specific roles, responsibilities, and career goals within the industry. It is evident that continuous learning and certification remain at the heart of a successful cybersecurity career.

HOW IMPORTANT DO YOU THINK CYBERSECURITY EDUCATION AND CERTIFICATIONS ARE FOR A SUCCESSFUL CAREER IN THIS FIELD?

Somewhat important

Extremely important

Not very important

Not at all important

THE WEIGHT OF CYBERSECURITY EDUCATION AND CERTIFICATIONS: PERSPECTIVES FROM THE FIELD

The cybersecurity landscape has continued to evolve, with threats and challenges mounting each day. But just how vital are education and certifications in ensuring a professional’s success in this dynamic environment? Here’s a breakdown of the responses from the survey:

• Extremely important: A significant 38.75% (909 respondents) believe that cybersecurity education and certifications are crucial. They view these as instrumental in not only validating one’s expertise but also in propelling a successful career in the cybersecurity arena.

• Somewhat important: The majority at 46.46% (1,090 individuals) reckon that while education and certifications are vital, they may not be the only determinants of success. Instead, these professionals might weigh experience, hands-on skills, and continuous learning alongside formal credentials.

• Not very important: 13.09% (307 respondents) seem to have a more conservative view on the matter. They might believe that while certifications and education are beneficial, real-world experience and one’s ability to adapt and innovate could hold more weight in the industry.

• Not at all important: A small fraction, 1.71% (40 professionals), believe that formal cybersecurity education and certifications do not play any role in determining a successful career in the field. They might argue that the dynamic nature of cybersecurity requires more realtime problem-solving skills than what formal education can provide.

This diverse range of opinions underscores the multifaceted nature of cybersecurity as a profession. While formal education and certifications indisputably offer a foundational understanding and validation of one’s skills, the debate on their importance in comparison to real-world experience and adaptability continues.

WHICH CYBERSECURITY CERTIFICATION(S) DO YOU BELIEVE

ARE MOST VALUABLE FOR CAREER ADVANCEMENT?

18.00%

10.08%

11.55%

Certified Information Systems

Security Professional (CISSP)

Certified Ethical Hacker (CEH)

CompTIA Security+

Certified Information Security Manager (CISM)

Certified Information Systems Auditor (CISA)

Offensive Security Certified Professional (OSCP)

17.71%

Certified Cloud Security Professional (CCSP)

Cisco Certified Network Associate (CCNA)

Security

GIAC Security Essentials Certification (GSEC)

SANS GIAC Security Expert (GSE)

Others

CYBERSECURITY CERTIFICATIONS AND CAREER ADVANCEMENT: WHICH LEAD THE WAY?

In the labyrinth of cybersecurity, certain certifications act as guiding stars, illuminating paths and opening doors to greater career opportunities. But with a plethora of options available, which certifications are perceived as the most valuable for career advancement? Here’s a comprehensive breakdown of the responses:

• Certified Information Systems Security Professional (CISSP): Leading the chart, 18.00% (or 427 professionals) regard CISSP as the gold standard. Its comprehensive nature and global recognition position it as an instrumental credential for career growth.

• Certified Ethical Hacker (CEH): Garnering 10.08% (239 respondents), CEH is prized for its emphasis on hands-on techniques required to safeguard systems from cyberattacks.

• CompTIA Security+: 11.55% (274 respondents) find value in this foundational certification, emphasizing its role in laying down the basics of cybersecurity knowledge.

• Certified Information Security Manager (CISM): Close on the heels of CISSP, 17.71% (420 professionals) highlight CISM as invaluable, given its focus on management more than the technical details, making it apt for leadership roles.

• Certified Information Systems Auditor (CISA): Preferred by 13.11% (311 respondents), CISA stands out as a certification that cements one’s ability in audit control and assurance, vital for specific niche roles.

• Offensive Security Certified Professional (OSCP): 10.75% (255 respondents) acknowledge the OSCP’s rigorous and hands-on approach to penetration testing as a significant career booster.

• Certified Cloud Security Professional (CCSP): As cloud technologies proliferate, 9.06% (215 professionals) regard CCSP as key to mastering cloud security intricacies.

• Cisco Certified Network Associate (CCNA) Security: 5.27% (125 respondents) spotlight this certification, signaling its importance for those keen on diving deep into network security.

• GIAC Security Essentials Certification (GSEC): 3.16% (or 75 individuals) believe in the value GSEC brings, covering a broad range of topics without going too deep into any single one.

• SANS GIAC Security Expert (GSE): While it caters to a niche audience, 1.18% (28 respondents) still consider the GSE as valuable, possibly due to its rigorous nature and elite status.

• Other: A slim fraction of 0.13% had other views, possibly indicating either emerging certifications or a belief in alternative qualifications beyond the mainstream choices.

This data offers a clear vista of the certifications cybersecurity professionals deem as pivotal stepping stones. Whether one is starting out or looking to ascend the ranks, these certifications appear to be the keys to unlocking significant career milestones.

HAVE YOU OBSERVED AN INCREASE IN THE DEMAND FOR CYBERSECURITY PROFESSIONALS WITH SPECIFIC CERTIFICATIONS IN RECENT YEARS?

THE RISING DEMAND FOR CERTIFIED CYBERSECURITY PROFESSIONALS: A GLIMPSE INTO THE TRENDS

In a rapidly digitalizing world, where cyber threats loom large and frequent, the expertise of cybersecurity professionals becomes paramount. Not just any expertise, but validated, certified skills that assure employers and clients of an individual’s proficiency. So, has the demand for certified cybersecurity professionals witnessed an uptick?

According to the data:

• Yes, significantly: A substantial 40.46% (954 respondents) have observed a marked increase in the demand for cybersecurity professionals with specific certifications. This indicates a growing emphasis on validated skills and the trust employers place in recognized certifications.

• Yes, somewhat: Echoing the same trend, albeit with a softer tone, 48.85% (1,152 professionals) also acknowledge an uptick, though not as pronounced. This category may encompass those who have witnessed this rise in specific sectors or geographical regions.

• No, not really: A minority at 9.75% (230 respondents) believe the demand has remained somewhat stagnant. It’s possible that in certain sectors or regions, experience and hands-on skills still overshadow formal certifications.

• No, not at all: A small fraction, 0.93% (22 professionals), has not noticed any increase in the demand for certified cybersecurity professionals. Their perspective might stem from niches where certifications don’t play a pivotal role, or they may be in regions where the cybersecurity industry’s dynamics differ.

In essence, the overwhelming majority (nearly 90%) feels that the cybersecurity landscape is leaning more towards professionals with specific certifications. This trend highlights the evolving nature of the digital realm, where verified expertise is becoming an indispensable asset for organizations to ensure their digital security.

IN YOUR OPINION, WHICH CYBERSECURITY

CERTIFICATION(S)

ARE THE MOST POPULAR AND RECOGNIZED IN THE INDUSTRY? 15.61% 9.86% 16.79%

Certified Information Systems

Security Professional (CISSP)

Certified Ethical Hacker (CEH)

CompTIA Security+

Certified Information Security Manager (CISM)

Certified Information Systems Auditor (CISA)

Offensive Security Certified Professional (OSCP)

Certified Cloud Security Professional (CCSP)

Cisco Certified Network Associate (CCNA)

Security

GIAC Security Essentials Certification (GSEC)

SANS GIAC Security Expert (GSE)

Others

DECIPHERING THE POPULARITY OF CYBERSECURITY CERTIFICATIONS IN THE INDUSTRY

Navigating the expansive domain of cybersecurity, one would frequently stumble upon a recurring theme: the prominence of certifications. While hands-on skills, experience, and adaptability remain fundamental, certifications act as badges of honor, signifying expertise and dedication. But with a gamut of options available, which are perceived as the industry’s shining stars?

Delving into this very query, here’s a breakdown based on feedback:

• Certified Information Security Manager (CISM): With 16.79% (397 respondents), CISM emerges near the top. Revered for its managerial perspective, it’s especially pertinent for professionals looking at leadership roles in cybersecurity.

• Certified Information Systems Security Professional (CISSP): Close behind is CISSP with 15.61% (369 professionals). As a holistic certification that covers a vast spectrum of cybersecurity domains, its standing is undeniably solid in the industry.

• Certified Information Systems Auditor (CISA): Garnering a vote of confidence from 13.96% (330 respondents), CISA is prized for its focus on audit, control, and assurance, making it indispensable for professionals in these niches.

• Offensive Security Certified Professional (OSCP): With 11.42% (270 professionals) endorsing it, OSCP stands out for its rigorous, hands-on approach, especially in the realm of penetration testing.

• Certified Ethical Hacker (CEH): Achieving 10.36% (245 respondents), CEH is recognized for its comprehensive knowledge on hacking tools and techniques, making it essential for ethical hackers and penetration testers.

• Cisco Certified Network Associate (CCNA) Security: 9.98% (236 professionals) underscore its importance, especially for those venturing deep into network security.

• CompTIA Security+: Garnering 9.86% (233 votes), it’s viewed as a foundational step, laying the bedrock for more advanced certifications.

• Certified Cloud Security Professional (CCSP): With the rise of cloud technologies, 8.08% (191 professionals) highlight the growing relevance of CCSP.

• GIAC Security Essentials Certification (GSEC): Achieving 2.62% (62 votes), GSEC offers a broad yet not too deep overview of cybersecurity topics, making it beneficial for those starting out or seeking a generalist perspective.

• SANS GIAC Security Expert (GSE): Though niche, 1.14% (27 respondents) value the GSE for its depth and elite status.

• Other: A mere 0.17% ventured outside the listed options, hinting at either emerging certifications or unique preferences beyond conventional choices.

In summary, while each certification has its unique place and value in the sprawling cybersecurity industry, certain ones, due to their comprehensive curriculum or industry recognition, are perceived as more popular and widely recognized by professionals.

HAVE YOU EVER HAD AN EMPLOYER REQUIRE OR INCENTIVIZE YOU TO OBTAIN A SPECIFIC CYBERSECURITY CERTIFICATION?

EMPLOYER INFLUENCE ON CYBERSECURITY CERTIFICATIONS: A DEEP DIVE

In the cybersecurity domain, the merit of certifications goes beyond mere validation of knowledge; it often acts as a strategic tool for organizations. As cyber threats grow in complexity, employers increasingly perceive certified professionals as a bulwark against these challenges. But how often do employers directly influence their employees’ certification paths?

A snapshot from the latest survey reveals:

• Yes: A striking 87.84% (or 2,066 respondents) have experienced either a requirement or an incentive from their employers to obtain a specific cybersecurity certification. This underscores the immense value employers place on certified skills and knowledge in the field. Whether it’s to meet compliance mandates, uplift their security stature, or foster employee growth, the trend

indicates a proactive push from organizations towards enhancing their cybersecurity defenses.

• No: On the flip side, 12.16% (286 professionals) have not felt any direct push from their employers to get certified. This doesn’t necessarily imply a devaluation of certifications; it might simply denote a greater focus on experience, hands-on skills, or perhaps the employees were already certified before joining the organization.

In summary, it’s evident that a vast majority of employers in the cybersecurity realm either mandate or incentivize certifications. As the cyber landscape continually evolves, this trend is likely a testament to the ever-growing need for recognized and standardized skills to combat digital threats effectively.

HAVE YOU RECEIVED ANY PROMOTIONS OR APPRAISALS AS A RESULT OF OBTAINING A CYBERSECURITY CERTIFICATION?

IMPACT OF CYBERSECURITY CERTIFICATIONS ON CAREER PROGRESSION: AN INSIGHT

The significance of cybersecurity certifications is multifaceted. While they undeniably bolster a professional’s knowledge and skills, an often-pondered question is: Do they tangibly impact one’s career trajectory?

Let’s explore the real-world effects of these certifications on promotions and appraisals:

• Yes: An overwhelming 78.73% (or 1,825 out of 2,318 respondents) affirmatively stated that they have received promotions or appraisals directly linked to obtaining a cybersecurity certification. This showcases that beyond the intrinsic value of knowledge enhancement, there’s a clear, palpable career advantage in earning these credentials. Employers evidently recognize and reward the commitment and expertise that come with these certifications.

• No: Conversely, 21.27% (or 493 respondents) have not experienced any immediate career benefits, such as promotions or appraisals, postcertification. This could be attributed to various factors: perhaps they already held a senior position, the organization’s appraisal cycle didn’t coincide, or other extraneous factors might have played a role.

In essence, the data underscores a compelling narrative: cybersecurity certifications are not just about acquiring knowledge; they’re substantial career catalysts.

For a majority, the journey of certification culminates in tangible recognition, making the endeavor both intellectually and professionally rewarding.

WHICH CYBERSECURITY CERTIFICATION(S) DO YOU BELIEVE HAVE HELPED YOUR CAREER GROWTH THE

Certified Information Systems Security Professional (CISSP)

Certified Ethical Hacker (CEH)

CompTIA Security+

Certified Information Security Manager (CISM)

Certified Information Systems Auditor (CISA)

Offensive Security Certified Professional (OSCP)

Certified Cloud Security Professional (CCSP)

Cisco Certified Network Associate (CCNA) Security

GIAC Security Essentials Certification (GSEC)

SANS GIAC Security Expert (GSE)

Others

None of the above certifications have helped my career growth

THE CATALYSTS OF CAREER GROWTH: EVALUATING THE IMPACT OF CYBERSECURITY CERTIFICATIONS

As the cybersecurity landscape becomes increasingly intricate, certifications provide professionals with both the tools to navigate this terrain and the credentials to be recognized for their expertise. With numerous certifications available, professionals often weigh the benefits of each.

Let’s uncover which certifications are perceived as major career growth propellants:

• Certified Information Security Manager (CISM): Securing 16.40% (or 391 out of 2,384 respondents), CISM is renowned for its emphasis on management — more than just technical expertise. This cert is often pursued by those seeking leadership roles, thus the strong linkage to career advancement.

• Certified Information Systems Security Professional (CISSP): Close behind, CISSP, chosen by 16.11% (384 respondents), is a comprehensive certification covering a vast range of security domains. Its holistic nature likely provides an edge in diverse roles, propelling professionals forward.

• Certified Information Systems Auditor (CISA): Garnering 13.46% (321 votes), CISA’s focus on audit, control, and assurance gives it a unique niche, aiding auditors and related professionals in climbing the corporate ladder.

• CompTIA Security+: Representing 11.03% (263 respondents), this foundational certification often acts as a gateway into more specialized roles, laying the foundation for further growth.

• Offensive Security Certified Professional (OSCP): With 10.57% (252 votes), OSCP’s rigorous hands-on approach to penetration testing makes it invaluable for those in

offensive security roles, undoubtedly influencing their upward trajectory.

• Certified Ethical Hacker (CEH): At 9.73% (232 respondents), CEH’s deep dive into ethical hacking tools and methodologies likely opens doors to specialized roles and growth opportunities.

• Certified Cloud Security Professional (CCSP): Chosen by 8.68% (207 professionals), CCSP’s increasing relevance in today’s cloud-centric world might explain its positive impact on careers.

• Cisco Certified Network Associate (CCNA) Security: Garnering 7.30% (174 votes), it underscores its significance for those delving deep into network security.

• GIAC Security Essentials Certification (GSEC): At 4.36% (104 votes), GSEC’s broad cybersecurity overview can be a stepping stone for many.

• SANS GIAC Security Expert (GSE): This niche cert, selected by 1.59% (38 respondents), stands out for its depth, possibly aiding a select elite in their career aspirations.

• Other: A small fraction (0.34%) ventured beyond the standard choices, pointing towards niche or emerging certifications not listed.

In summation, while each certification aids professionals in unique ways, certain credentials, due to their comprehensive coverage or industry demand, are perceived to be particularly influential in fueling career growth in the cybersecurity arena.

WOULD YOU CONSIDER PURSUING A CYBERSECURITY CERTIFICATION IN THE FUTURE TO ENHANCE YOUR CAREER PROSPECTS?

Probably

Definitely Unsure

Probably not

Definitely not

WOULD YOU CONSIDER PURSUING A CYBERSECURITY CERTIFICATION IN THE FUTURE TO ENHANCE YOUR CAREER PROSPECTS?

• Definitely: 34.19% of respondents answered that they would definitely consider pursuing a cybersecurity certification to enhance their career prospects.

• Probably: 44.00% of respondents answered that they would probably consider getting a cybersecurity certification to boost their career opportunities.

• Unsure: 15.10% of respondents are unsure about whether they would pursue such a certification.

• Probably not: 6.04% of respondents probably would not consider getting a cybersecurity certification for career advancement.

• Definitely not: A minimal 0.67% of respondents are certain they would not pursue a cybersecurity certification in the future.

In summary, a significant majority (78.19% combining “Definitely” and “Probably”) are inclined towards pursuing a cybersecurity certification, indicating a strong belief in its potential benefits for career growth. On the other hand, a small fraction (6.71% combining “Probably not” and “Definitely not”) are not inclined to do so.

WHAT IS YOUR OVERALL PERCEPTION OF THE QUALITY OF CYBERSECURITY EDUCATION AND CERTIFICATIONS

TODAY?

PERCEPTIONS ON MODERN CYBERSECURITY EDUCATION AND CERTIFICATIONS: AN ANALYSIS

In the rapidly changing landscape of cyber threats and challenges, the need for adaptable educational and certification strategies is evident. As the stakes rise in the world of cybersecurity, how do professionals feel about the current quality of education and certifications tailored for this domain?

Let’s unpack the sentiments from the latest survey:

• Excellent: Representing the pinnacle of satisfaction, 29.53% (or 704 out of the respondents) believe that the current cybersecurity education and certifications are of “excellent” quality. This substantial fraction suggests that many professionals believe the industry is offering top-tier education, equipping them with the skills and knowledge needed to tackle complex cyber challenges effectively.

• Good: Serving as a testament to general satisfaction, a significant 39.22% (or 935 respondents) rate the available offerings as “good.” This indicates that, for many, while there might be room for improvement, the present scenario is more than adequate to foster a competent cybersecurity workforce.

• Average: Falling in the middle of the spectrum, 22.23% (or 530 professionals) perceive the current landscape of cybersecurity education

and certifications as “average.” This segment might be advocating for more advancements, specialization, or perhaps better accessibility to quality education.

• Poor: Reflecting a need for reassessment or enhancement, 7.93% (189 respondents) have rated the available cybersecurity educational and certification avenues as “poor.” These opinions emphasize areas where the industry might be lagging or not meeting certain expectations.

• Very Poor: At the tail end of the spectrum, 1.09% (or 26 professionals) hold the view that the current offerings are “very poor.” Though this is a small percentage, it’s crucial to delve into their concerns, as they might point out critical gaps or shortcomings.

In summary, the majority of professionals in the cybersecurity realm have a positive outlook on the current education and certification landscape, with most categorizing them as either “excellent” or “good.” However, the voices from the “average,” “poor,” and “very poor” categories emphasize the necessity for continuous improvement and innovation to cater to the dynamic needs of this critical sector.

MOST PREFERRED CYBERSECURITY CERTIFICATIONS IN 2023

The cybersecurity realm is vast and constantly evolving. Given this dynamic nature, it’s no wonder that professionals are perpetually on the lookout for certifications that not only bolster their skillset but also elevate their marketability.

Preferred Certifications:

The survey highlighted a strong preference for certifications such as CISM, CISSP, and CISA among cybersecurity professionals. Surprisingly, some widely recognized certifications ranked as the least preferred.

1. Certified Information Security Manager (CISM):

• Why it’s preferred: Beyond just the 16.40% favorability rating, CISM stands out for its emphasis on bridging technical proficiency with managerial acumen.

• Benefits: The unique blend of management and technical training prepares aspirants for roles that demand leadership in orchestrating security initiatives.

• Potential Limitations: It may not delve as deeply into the granular technical aspects, which some specialized roles might require.

2. Certified Information Systems Security Professional (CISSP):

• Why it’s preferred: Its broad-spectrum approach, evident from the 16.11% favorability, offers a panoramic view of cybersecurity.

Below, we outline the key reasons that contributed to the popularity of the mentioned certifications and the lack of favorability for others.

• Benefits: With its global acclaim, CISSP holders are often seen as possessing a versatile and comprehensive skillset suitable for various security roles.

• Potential Limitations: Its breadth might sometimes overshadow depth, possibly leaving certain niche areas less explored.

3. Certified Information Systems Auditor (CISA):

• Why it’s preferred: Its 13.46% favorability underscores the need for a certification that delves deep into the realms of audit and assurance.

• Benefits: It’s the gold standard for roles focused on ensuring adherence to security standards and protocols.

• Potential Limitations: Its specialization might not find much traction outside its core area of focus.

4. Offensive Security Certified Professional (OSCP):

• Why it’s preferred: Representing the vanguard of offensive security with a 10.57% favorability, OSCP is the go-to for hands-on security enthusiasts.

• Benefits: It’s not just theory; OSCP trains professionals to think and act like attackers, a skill invaluable in preemptive defense strategies.

• Potential Limitations: Its intense practical orientation might not be everyone’s cup of tea, especially those eyeing more holistic roles.

5. Certified Ethical Hacker (CEH):

• Why it’s preferred: The 9.73% favorability speaks of its comprehensive stance on ethical hacking.

• Benefits: CEH holders are equipped to understand and emulate hacker methodologies, making them invaluable in vulnerability assessments.

• Potential Limitations: The specific focus on hacking techniques might not align with broader, strategy-centric roles.

Less Preferred Certifications:

1. GIAC Security Essentials Certification (GSEC):

• Potential Limitations: Despite its 4.36% favorability, GSEC, with its generalist approach, may not provide the depth desired by many in specialized roles.

2. SANS GIAC Security Expert (GSE):

• Potential Limitations: Its 1.59% favorability might be reflective of its niche orientation, which, while rigorous, might not resonate with everyone’s aspirations.

3. Cisco Certified Network Associate (CCNA) Security:

• Potential Limitations: Its 7.30% favorability indicates that while it’s respected, its specific tilt towards network security might not align with the diverse cybersecurity roles of today.

Conclusion:

The shifting sands of the cybersecurity landscape necessitate a dual approach: professionals need a blend of broad-based knowledge and specialized expertise.

Certifications play a pivotal role in this, serving as both a testament to one’s skill and a roadmap for further learning.

However, as our analysis reveals, the right certification depends on both individual aspirations and industry relevance. As the industry’s demands evolve, so will the hierarchy of these certifications, making continuous learning the only constant in the cybersecurity arena.

CYBERSECURITY REGULATIONS: TRACING THE PAST AND PREDICTING THE FUTURE

Cybersecurity regulations aim to secure computer systems and offer guidelines for companies to follow. Not following them can lead to penalties and legal action as maintained in the cybersecurity regulations. While regulations vary among nations, they have transformed over time in response to the evolving threat landscape.

In the United States of America, federal and state laws form the basis of cybersecurity regulations. The Federal

Trade Commission (FTC), the Department of Homeland Security (DHS), and the National Institute of Standards and Technology (NIST) work to ensure the smooth enforcement of cyber laws.

The Federal Trade Commission Act is the main law that governs cybersecurity in the US, especially for businesses. The Gramm-Leach-Bliley Act (GLB) also guides organizations to protect customer data in keeping with the policy.

FORESIGHT

Decoding the Progression of Cybersecurity and Regulations

Voted as one of the most influential women in Cyber & Diversity Champion, Holly Foxcroft conveyed her observations on the evolution of cybersecurity over time.

“We can date the beginning of ‘regulation’ back to the 1970s,” Foxcroft, a Committee Member of BCS NeurodiverIT Specialist Group, told The Cyber Express.

She reiterated that there was an increased focus on the use (or misuse) of data now than before. Addressing how conflicts can arise in terms of regulations, Foxcroft added, “Regulation of technology and the use of cyberspace is not only limited to nation-states but also the organizations who own platforms, which can cause conflict such as to the protection of freedom of speech.”

Keeping the present focus on AI technology, enhanced machine learning, and quantum, Foxcroft expressed concern over the lack of clarity in its regulations.

Chuck Brooks, a recognized authority in cybersecurity with more than two decades of experience, shared insights on the cybersecurity evolution with The Cyber Express. “Since the formal establishment of the Internet in 1983, the digital landscape has greatly evolved in capabilities, speed, and connectivity,” said Brooks.

“It has also become more perilous from threat actors engaged in criminal and state-sponsored hacking,” he stated.

He noted that the United States developed a significant emphasis on cyberspace starting around 2003, marked by the formulation of the President’s National Strategy to Secure Cyberspace by the Department of Homeland Security (DHS).

The plan focused on expanding collaboration between government and industry and protecting critical infrastructure.

“Since then, there have been many regulatory initiatives and mandates across the globe, including Europe’s GDPR, the recent Security Exchange Commission’s requirements for breach disclosure in the US, India requiring CERTIn incident reporting, and many other countries having enacted regulations,” Chuck elaborated.

“Most of those regulations have been privacy-oriented, but that is now changing to be cybersecurity-oriented,” Chuck added.

Foxcroft further said that the rapid growth and development of artificial intelligence without any clear regulation or clarity between companies and governments is worrying how these systems are being built, deployed, and monitored both ethically and responsibly.

Let us investigate the changing cybersecurity regulations in the US and what contributed to the modifications in policies.

CCPA

In the United States, the California Consumer Privacy Act (CCPA) offers the most comprehensive cyber laws to secure the data of California residents.

Initially, CCPA promoted the right to know how one’s personal information was shared, and the right to delete the same. It noted that people can opt out of having their data shared and have the right to non-discrimination ensuring the CCPA protects all without discrimination on the basis of race, age, gender, etc.

With time, newer rights were added to the CCPA after getting approval and being amended on January 1, 2023. It entailed the right to correct one’s data, and the right to limit the disclosure of their information with those including third parties.

HIPAA

Industry-specific US cybersecurity regulations are the Health Insurance Portability and Accountability Act (HIPAA) of 1996 for healthcare. Also called Kennedy-Kassebaum Act shares how personally identifiable information must be handled by healthcare and health insurance industries.

HIPAA amended the Employee Retirement Income Security Act, the Internal Revenue Code, and the Public Health Service Act. The various Titles of HIPAA were modified to make better group health plans, health insurance policies, and job locks.

Earlier job locks led employees to stick to their jobs or lose their health coverage which was amended in Title I of HIPAA. It offered protection to employees to keep their and their family’s health insurance coverage.

It was in July 2005, when a provision was announced to file electronic claims using HIPAA standards to be eligible for payment. In 2006, it was made mandatory to use a single new National Provider Identifier (NPI) by all the covered entities including hospitals, and insurance companies that used electronic communications.

The use of 10-character NPIs replaced all other identifiers while keeping the state license number and

other critical identifiers intact. In 2006 the Health and Human Services (HHS) which is the department of the US federal government for safeguarding the health of the American people issued a few critical rules for HIPAA compliance.

It included civil financial penalties for the violation of the HIPAA rules.

FORESIGHT

GLBA

The Gramm-Leach-Bliley Act (GLBA) of 1999 regulates data privacy mainly in the financial sector. It changed and modified several barriers found in the Glass-Steagall legislation of 1933.

The Glass-Steagall legislation’s conflict of interest prohibition, which limited the concurrent service of specific officials in a bank or firm, was lifted. While the GLBA facilitated smoother mergers among financial services firms, it mandated these companies to comply with the Community Reinvestment Act (CRA). Mergers were needed to pass the CRA exams of the regulatory bodies.

The GLBA covered the Financial Privacy Rule, The Safeguard Rule, and the Pretexting Protection. The Financial Privacy Rule made it mandatory for financial institutions to offer privacy notices and explain data usage to consumers. The Safeguard Rule stated the need for organizations to develop a written information security plan detailing the handling of their clients’ personal information. Between 2021 and 2022, newer guidelines were created by the FTC asking the board of directors to be accountable and answerable for security.

HSA, FISMA and CISPA

The Homeland Security Act (HSA) of 2002 for securing the national security of the United States and its borders included the Federal Information Security Management Act (FISMA). FISMA is for all US government agencies to safeguard their systems and data.

Among the earlier cyber laws in the United States of America, the Department of Defense released the Cyber Intelligence Sharing and Protection Act (CISPA) 2011. The CISPA was formed by making specific amendments to the National Security Act of 1947.

CISPA instituted the Cybersecurity National Security Action Plan the Cyber Intelligence Sharing and Protection Act. These US cybersecurity regulations and others focused on threat intelligence sharing with the private sector.

Procedures were outlined with criteria for sharing security and threat information between federal departments and agencies.

Collaborative Efforts Between Government Organizations for Cybersecurity

A cybersecurity regulation may pass through several stages to be passed into law besides garnering votes and negation from involved departments, organizations, and people. Cybersecurity regulations impose fines when policies are not followed up to set standards and hence are often considered costly by companies.

However, information security regulations cannot be based on the acceptance of a handful of individuals, organizations, and departments. This is why key government agencies propose, safeguard, enhance, and uphold US cybersecurity regulations with the power vested in them.

Some of the US government organizations working around cybersecurity and security

Federal Trade Commission

The Federal Trade Commission (FTC) is a government agency in the US that works toward consumer protection

and enforcing consumer protection laws. The website of FTC states – “Every day we: Pursue strong and effective law enforcement against deceptive, unfair and anticompetitive business practices,” defining its mission.

“Develop policy and research tools through workshops conferences, and hearings,” the FTC website further adds.

Department of Homeland Security

The United States Department of Homeland Security (DHS) ensures public security. Among the list of incorporated agencies within the DHS includes the Federal Computer Response Center and the National Communications Systems.

These offices within the DHS are entrusted with the responsibility of maintaining national security, and communications among other duties.

Government Accountability Office

The U.S. Government Accountability Office (GAO) is tasked with auditing, and investigating for the United States Congress. The mission team – Information Technology and Cybersecurity (ITC) is part of the GAO.

The reports by GAO in the field of security and data protection have contributed to increased awareness and development of science and technology policies.

National Institute of Standards and Technology

The National Institute of Standards and Technology (NIST) agency is a part of the United States Department of Commerce. The team of NIST promotes innovation via physical science laboratory programs.

NIST is a non-regulatory agency that creates voluntary guidance however, do not draft laws or cybersecurity regulations.

The Cybersecurity Framework provided by NIST helped organizations handle threats and defend against online threats.

The Cybersecurity Maturity Model offered deep insights into compliance and help in assessing performance and zero trust architecture based on set parameters.

Cybersecurity and Infrastructure Security Agency

The Cybersecurity and Infrastructure Security Agency (CISA) is an agency of the US Department of Homeland Security with a prime focus on the nation’s cybersecurity. CISA records software vulnerabilities, cybercriminals, and cybercrimes to improve security posture across all levels of the US government.

CISA was established in 2018 and is a continuation of the National Protection and Programs Directorate (NPPD) that worked for national security defending threats to critical infrastructure.

These organizations collaborate and synchronize their efforts as needed, recognizing that no country is immune to cyber threats.

The Cyber Express contacted industry experts and veterans to find out more about the impact of collaboration for the sake of better cybersecurity.

In response to The Cyber Express, a spokesperson from the U.S. Embassy emphasized the nation’s dedication to partnering with allies and stakeholders to cultivate a secure, open, and dependable Internet environment.

This commitment aims to facilitate secure and inclusive online participation, ensure access to vital services and government information, uphold human rights, and stimulate economic progress.

“The United States is committed to working with allies and partners to promote an open, interoperable, secure, and reliable Internet in order to enable people to safely and openly engage online, reliably receive critical services and information from their governments, exercise their human rights and fundamental freedoms, and drive inclusive economic growth.”

“We were pleased to hold the Cyber Dialogue with India last September, during which we discussed ongoing cooperation in cybersecurity and cyber policy, including efforts to advance the framework for responsible state behavior in cyberspace and strengthen responses to cybercrime threats, including ransomware.”

Furthermore, the U.S. administration’s National Cybersecurity Strategy, introduced earlier this year, underscores the promotion of substantial changes, as emphasized by the spokesperson.

“The Biden Administration’s National Cybersecurity Strategy calls for two fundamental shifts:

1. Calling for the digital ecosystem’s biggest, most capable, and best-positioned actors – be they in the public or private sectors – to assume a greater share of the burden for mitigating cyber risk; and

2. A shift to realign incentives to favor long-term investments.”

An important facet of the U.S. approach is the urging of prioritizing trusted suppliers for 5G infrastructure and across the broader ICT ecosystem. This stance aims to fortify the security and integrity of critical technology networks.

The message by the US Embassy comes with a promise that a joint cybersecurity collaboration is the need of the hour with which the threat to privacy and data must be stopped.

Such malicious activities must be curbed with nations, organizations, governments, and people joining hands with one mission – to fight cybercrime. The history of cybersecurity shows that global collaboration and an evolution in regulations is the answer to deter threat actors.

Cybersecurity regulations and jointly working towards their effective application is a must to keep a watch on any happenings across the globe.

Cybersecurity regulations have been modified and will continue to be updated based on changing threat landscape.

Addressing the same, Chuck Brooks stated, “Common regulatory themes are now centered on cybersecurity awareness, threat detection and information sharing, resilience, and incident response.”

Chuck concluded with his analysis of how regulations are expected to transform in the near future. He said, “As the ecosystem grows and is further enabled by emerging technologies such as artificial intelligence, the need for government/industry collaboration will grow and strategies such as security by design, and zero trust will become bigger pillars for directing regulations and policies.”

ABANDONING LEGACY SYSTEMS: ROUTE TO ESTABLISH A CYBER-SECURE HEALTHCARE

The healthcare industry has become a prime target for cyber threats due to its wealth of sensitive data and the vulnerabilities present in its devices. To ensure data security and compliance, it’s imperative to replace outdated legacy systems in healthcare with modern technology.

In the digital age, healthcare systems stand as vast repositories of personal and sensitive data, containing a wealth of personally identifiable information and intimate

health records. However, this treasure trove has also attracted the attention of malicious threat actors with ulterior motives. These individuals exploit the valuable

nature of healthcare data to orchestrate extortion schemes, leveraging the sensitive content they possess.

THE COVER

The existence of legacy systems in healthcare remains a vulnerability, exposing both the sector and its stakeholders to potential attacks. This includes the prominent concern of patient data exposure, which is still prevalent in almost 73% of organizations

Legacy systems are any outdated computing software, hardware, technology, or data system that may not be supported by the manufacturer and, thereby do not get the required maintenance.

Windows 7 is a legacy system that some people continue to use despite Microsoft no longer supporting it after 2020. Sticking to legacy devices has been associated with risks of increased costs due to the lack of knowledge on the part of system users, and negligence leading to cybersecurity threats.

Such usage of legacy devices exposes data to cyber criminals as system updates are also no longer made available for outdated devices that can be exploited more readily.

Mayurakshi Ray, a business advisor with a wealth of experience spanning more than 25 years, communicated her insights to The Cyber Express regarding the utilization of legacy devices.

“People are at the heart of the healthcare industry, and to serve a great deal of people the automation required is, unfortunately, not often considered the highest business priority,” Ray said.

“Legacy applications, legacy hardware (with out-of-support OS), and even legacy processes continue in the healthcare sector, across India and the world,” she added.

Among the reasons for this was the focus on data privacy rather than regulatory guidelines focus more on data privacy rather than systems.

Ray also shed light on the shortage of healthcare application and stated, “Health Information Management Systems (HIMS) are still few in number, owned by big healthcare organizations and are largely beyond affordability of the majority of hospitals and healthcare organizations, including Business Associates (BAs).”

She shared that new functionalities are hardcoded instead of programmed onto the application codes making them prone to errors.

Navigating Legacy Devices and the Modernization Challenge

Keeping the exploitation and risks in mind, the White House announced work towards a 10-year modernization plan for the federal civilian agencies. This plan will help drop all the legacy devices across Federal Civilian Executive Branch. Chris DeRusha, Federal CISO and deputy national cyber director for federal cybersecurity shed light on the implications of relying on legacy IT systems. He told Nextgove/ FCW that there was a need for a 10-year modernization plan.

“Legacy IT modernization is the number one biggest rock that needs to get moved for us to be able to secure our systems,” he added.

Legacy systems have created a modernization barrier that made implementation of guidance around encryption and multi-factor authentication complex.

It is imperative for all sectors including the healthcare to follow suite and replace legacy systems to safeguard data from cybercriminals that hack devices and leak exfiltrated information on the dark web.

Healthcare Sector Cyber Attacks

While revenue from medical devices is expected to reach $400 billion in 2023 yet healthcare remains one of the most targeted sectors.

According to reports, over 40% of healthcare data breaches were due to third-party insiders who had advanced permissions.

Nearly 94% of organizations work with third-party insiders giving testimony to the threat landscape if adequate precautions are not taken.

Giving system access to third-party insiders has created a bigger threat landscape posing increased privacy concerns. An example is the MOVEit file transfer vulnerability exploitation which was the third-party file-sharing platform breached by hackers. This led to the compromise of over 600 of its client organizations.

The victims included several healthcare organizations in the US with the recent victims being the Colorado Department of Health Care Policy & Financing and PH Tech. This chain of cyber attacks is expected to affect over 47 million people drawing attention to the need for better cybersecurity in the healthcare sector.

Impact of Relying on Legacy Systems

“Maintaining legacy systems can pose significant challenges for the federal government,” said Chuck Young, the Managing Director, Public Affairs, GAO (US Government Accountability Office) when asked about the impact of using legacy systems.

Elaborating on the negative impact, Chuck wrote, “The consequences of not updating legacy systems can include operating with known security vulnerabilities, reduced ability to meet mission needs, difficulty finding knowledgeable staff, and increased operating costs.”

Thus, he further stated that it is important for agencies to identify and develop plans for their most critical legacy systems in need of modernization.

Legacy systems have outdated software and hardware with a framework that is no longer supported by the manufacturer creating what is known as a technical debt.

THE COVER

Let’s understand the issues with technical debt due to legacy systems –

1. Cyber risk due to no software updates

2. Non-compliance

3. Non-compatibility with other software and security update

4. Missed scalability reducing chances of expansion

5. Lack of flexibility in pairing with devices

6. Reduced interoperability leading to limited resource sharing

7. Increased power consumption without powersaving parts

Legacy systems in healthcare decrease clinician productivity and increase patient stay in the hospitals.

According to reports, the utilization of legacy systems incurs an annual expense of $8.3 billion for US hospitals due to outdated technology leading to communication delays of approximately 45 minutes.

When IT staff take time to understand the changing use and application of technology, it is only understood that hospital and related healthcare staff will need more time to migrate to modern tech. This is also because healthcare staff gain training that is hyper-focused in their field of study alone.

This brings to mind the question if healthcare staff and teams are trained in cybersecurity in medical schools as well.

If not, which most likely is the case, when would they be trained for cybersecurity? Seeing the rapid increase in cyberattacks on healthcare, it is imperative to train each and every healthcare employee in cybersecurity.

Delayed Migration From Legacy Devices in Healthcare and its Consequences

The losses due to the use of legacy systems in healthcare give rise to the question, of why people and organizations still use them.

Of the many reasons, two of the striking ones includeddifficulty in migrating to modernized versions because of the lack of technical knowledge and resistance in doing so by the key decision-makers.

Reiterating the same and adding new inputs, Tony Jaros, CEO of Legacy Data Access gave a glimpse of the changing facets of tech usage in the healthcare sector.

“Often, only the most experienced IT employees – many of whom are retiring or mo.ving on from healthcare – have deep knowledge of these systems,” he told Healthcare IT News.

“Newer talent coming in can be hesitant to mess with existing infrastructure for fear of breaking something and losing valuable data,” Tony added.

With the groundbreaking changes made in the cybersecurity industry each day, regulations, and federal agency reports, it is unavoidable to turn to modern versions of devices. The migration may seem daunting as old staff who understood and got used to the same tools over the years may face difficulty in adjusting to the latest tech.

However, it is essential to be done and must be done sooner than later for healthcare data privacy. Legacy systems in healthcare must be replaced with the updated and latest versions also because failure in doing so calls for legal actions against organizations.

An Upgrade report summed up the same by adding, “One of the most common HIPAA violations that healthcare systems are penalized for is failing to encrypt their digital devices because they still use outdated security policies.”

Risk Management Plan in Healthcare Organizations

Further, Mayurakshi Ray reiterated that there is a need to have a comprehensive risk management plan in healthcare organizations. She said that there must be a risk inventory of all legacy systems in the organization. Moreover, to curb risks, they must identify risks associated with each type/ group of legacy systems. She noted the following steps to curtail risk in the healthcare sector using legacy systems –

• Conduct regular system audits and vulnerability scans and develop plans to address any vulnerability.

• Ensure that systems are regularly updated with the latest security protocols.

• Additionally, implement security controls such as data encryption, access control and user authentication to ensure the security of patient data

• Lastly, where the assessment shows that it’s not feasible or possible to manage the operations securely, look at retiring the systems, after appropriate measures to delete all patient and confidential data.

THE COVER

Migration from legacy healthcare systems: The need to work with the times

Pros and cons in migrating from legacy systems

Migrating with a view to transition from legacy medical systems to the upgraded versions would offer many benefits.

Besides rebuilding to increase the scope and specification of the legacy systems in healthcare, the following could be attained with the long-awaited switch

1. Reassembled software modules with newer interfaces via software engineering methods for seamless integration of older and newer system components as needed.

2. Redeployed legacy applications to other platforms without having to revise its code sources and capabilities.

3. Optimized codes that reduce risks and technical issues via refactoring.

4. Shift to a different technology that allows reconceptualization of legacy systems in healthcare for newer capabilities.

Legacy software modernization and migration to upgraded systems and applications can be done with the help of a qualified software developer, engineer, or a chief technology officer. The process may take some

time before which backups and other operations can done.

This will allow seamless continuation of the healthcare services as the migration gets done. It would need all the staff of connected entities to be alerted, and trained, into using the latest technology once the system migration in the hospital takes place.

Legacy systems modernization can either mean completely changing all the systems or keeping some systems with a multi-phased approach. Revolutionary modernization would mean a complete transformation to modern systems while evolutionary modernization approaches modernization in parts.

However, choosing a hybrid solution can lead to complications while data migration to the cloud and other processes. Hence, it would be best to go for the complete overhaul especially if the systems, applications, programming language and technology no longer receive software upgrades or tech support.

Even after migrating from legacy devices, there may be complications for which the healthcare staff will have to maintain a regular flow of communication with the engineers to get clarity over the issue. No migration can be done leaving doubts and loopholes unattended because of the critical nature of the service provided by the healthcare and how a single mistake can cause danger to lives and data.

The staff will need to practice using the changed systems and have all the users openly discuss doubts because there are going to be several after using the older technology for a prolonged duration.

Accommodating with the healthcare system upgradation from legacy systems may need practice just like the profession of medicine itself. However, it could all be done with patience and collaborative team effort.

The migration of healthcare systems will add to the security of data and reduce accidents involving human error with advanced alerts and notices. It is better to move with time and stay safer even if it means changing traditional methods of working in the healthcare sector.

Mandy Andress on Conquering Complexity, Open Source, and Compliance Challenges in Cybersecurity

In an era where technology is continuously evolving, safeguarding critical infrastructure and sensitive data is an ever-growing challenge. The complexities of modern technological ecosystems, coupled with cyber threats, have necessitated a paradigm shift in cybersecurity strategies.

To shed light on these critical matters, Mandy Andress, Chief Information Security Officer at Elastic, elaborated on the prevailing challenges and the pivotal role played by a CISO.

With a remarkable career spanning over 25 years, Mandy brings a wealth of experience and insights to the forefront of the cybersecurity discourse.

In this exclusive interview with The Cyber Express, Mandy delves into the intricate domain of securing infrastructure and data. The impact of Elastic’s open-source ethos on cybersecurity, and the ever-evolving landscape of compliance and data protection regulations.

Furthermore, Mandy elaborates on the transformative potential of Elastic’s solutions and the proactive measures undertaken to counter emergent cyber threats.

As we navigate through the dynamic contours of cybersecurity, Mandy Andress provides invaluable insights into the strategies, principles, and approaches that drive Elastic’s commitment to securing the digital realm.

HOT SEAT

In your experience as a CISO, what are the key challenges you face when it comes to securing infrastructure and data, particularly in the context of cybersecurity threats?

You can’t secure what you can’t see. That’s the heart of the two big challenges we see as security practitioners, the complexity and sprawl of an organization’s infrastructure, coupled with the rapid pace of technological change. As data becomes more and more decentralized across on-premise, SaaS services, hybrid and multi-cloud environments, organizations are increasingly grappling with how to effectively secure that data. The more complex and distributed an organization’s system, the harder it is to see all the data that lives within it. Security teams should consider adopting tools and practices that provide deeper visibility and control over the data within their environments, which will ultimately help them better understand potential risks and threats while giving them the insights needed to further bolster their security postures.

Elastic is known for its open-source products like Elasticsearch and Kibana. How does your team address security concerns related to open-source software, including vulnerability management and ensuring the integrity of the codebase?

Elastic has a proud heritage of open, community collaboration, and we take that same open approach to security. Many would assume that open security—where security vendors share open detection rules, open artifacts, and open code—is incompatible with true security and will only lead to weaker security postures. But it’s just the opposite: open security provides practitioners with a

better understanding of how threat detections work and how security technology operates within an environment, allowing them to focus on identifying gaps and addressing vulnerabilities in their own technology stacks. Much like open source collaboration, security teams can leverage the cybersecurity community to simplify their overall security processes more efficiently than any security operations center can achieve on its own.

Your company caters to a diverse range of customers across different industries. Could you highlight any specific challenges or considerations you face when it comes to meeting the unique security requirements of various sectors, such as healthcare, finance, or government?

Sectors may have different regulatory requirements and focus areas for threat actors, but overall security challenges remain very similar across industries and organizations. Focusing on the ability to find and explore relevant, quality data quickly and at scale is crucial to understanding what is happening in your environment—especially across very large and often decentralized data sets. Additionally, with generative AI augmenting the pace and effectiveness of threat actors, organizations across industries will have to adapt their security practices to successfully mitigate increasingly sophisticated attacks.

For global companies, data sovereignty is also an important consideration. At Elastic, this means providing customers with the foundational architecture that gives them full jurisdictional control over their data in the country where it resides while enabling analytics across all their data globally.

Compliance with data protection regulations, such as GDPR and CCPA, is a significant concern for organizations handling sensitive customer information. Could you discuss your experience in managing data privacy and compliance in ensuring adherence to these regulations?

It’s important to ensure that we are not implementing activities just for the sake of compliance. Data protection regulations each exist to achieve a certain goal, and I prefer to focus on the objectives and implement requirements in a way that aligns with a company’s overall business philosophy and operating model. This helps ensure that the necessary activities are just part of doing business as well as doing what is right for our customers.

Could you share a specific example of a complex compliance issue you faced and how you effectively navigated through it, ensuring both regulatory compliance and maintaining a strong security posture for the organization?

Compliance requirements can be very complex and costly, significantly impacting an organization’s cost structure and efficiency. The approach I have found to be most successful is to first focus on the “why” of the requirement – what objective is trying to be achieved? With this in mind, we then look at our business processes and identify where we need to make changes, collaborating with the business owners. With this approach, you are best positioned to

meet compliance requirements in a way that aligns with your company’s operating philosophy and not just an added on extra process.

How have the recent cyber attacks associated with the MOVEit third-party data breaches influenced your security framework? Has it prompted any adjustments or changes in your security teams’ approach to their work?

Elastic was not impacted by this breach or prior security issues with other file sharing tools in the same space and it did not alter anything in our security framework. For many organizations, these types of cyber attacks serve as a necessary reminder of the challenges of continuing to use older technologies that are not always able to adapt to modern threats and threat actor knowledge.

Given the dynamic nature of cybersecurity, how do you and your security team stay up-to-date with emerging threats and vulnerabilities, and how do you incorporate this knowledge into your security strategies and practices?

In addition to the standard cybersecurity websites, podcasts, social media resources that we monitor, I believe there is great value in sharing what we learn with our peers and providing insights from our experiences. As with having an open approach to security, leveraging our communities, building on their collective knowledge, and sharing the common code and techniques that keep systems safe is what allows us to create more robust securities and practices—quickly and at scale.

Beneath the Surface: How the Dark Web Drives the Underground Exotic Animal Trade

CYBERVILLE

South America, Central America and Southeast Asia, and several parts of Africa have been blessed with abundant flora and fauna — so much so that many exotic animals are found in forests in these regions. But why are we talking about exotic animals, and what does it have to do with the dark web?

Back in the early 1900s, fashion flaunted real animal materials like fur, crocodile skin, and chinchilla fur, sparking controversy among people, fashion enthusiasts, and fashion brands. Although some luxury brands abandoned these practices, many persist.

Animal rights groups like PETA rallied designers and celebrities against this trend, significantly reducing animal exploitation. “Animals are not ours to experiment on, eat, wear, use for entertainment, or abuse in any other way,” says PETA.

Yet, the dark web remains a hub for trading exotic creatures, sustained by modern technology and hacker communities.

The world of the dark web remains shrouded in mystery and infamy, often associated with illicit activities ranging from drug trafficking to cybercrime. However, a disturbing phenomenon has taken root in the deep dark corners of the dark web – the illegal trade of wild and exotic animals.

While the internet has become a vast marketplace for legitimate transactions, the dark web has emerged as a platform where these forbidden exchanges thrive, hidden from mainstream visibility and has become a haven for those seeking to profit from the trade of rare and endangered species.

The role of Dark web in exotic animal trade

The materialization of the dark web has brought a new level of efficiency and anonymity to illegal trades.

Unlike traditional black markets that rely on personal connections, the dark web provides a virtual haven where individuals can buy and sell exotic animals, drugs, smuggled items, and more while evading the eyes of law enforcement and animal protection services.

This unregulated landscape has facilitated the growth of a market that caters to those seeking more than just exotic pets.

Recent research by National Geographic has uncovered a myriad of species being traded, including those coveted for their drug properties.

A shocking 90% of the dark web wildlife trade revolves around plants and fungi used for drug consumption.

For instance, the Sonoran desert toad, whose toxic glands contain the psychedelic 5-MeO-DMT, is sought after for its mind-altering effects. The motivations behind these trades are as varied as the species involved –from seeking a high to indulging in exotic culinary experiences.

In a recent study, ecologists from the University of Adelaide meticulously scanned 2 million dark web advertisements spanning six years, revealing a staggering 153 species being traded.

Of these, nearly 70 have known drug properties.

The study highlights the key players in this nefarious trade, including vendors like “ivoryking,” which boasts the most extensive presence on the dark web in relation to the wildlife trade. These findings expose the deep-rooted connections between the dark web and the illegal wildlife trade industry.

The constant struggle against illicit trade

Efforts to combat the illegal trade of exotic animals have been ongoing for years. However, despite international law enforcement’s best endeavors, the dark web wildlife trade persists due to the inherent anonymity of the network.

In a paradoxical twist, some wildlife poachers have migrated from the shadows of the dark web to openly trading on popular platforms like eBay and Facebook, leveraging their sense of impunity.

The dark web’s wildlife trade thrives on human desire, manifesting in both extravagant fashion choices and the insatiable urge for psychotropic experiences. While some argue that the trade’s current scale is minor, the potential for growth and its far-reaching implications on biosecurity and biodiversity warrant sustained attention.

The dark web, a subset of the deep web, is a hidden network intentionally concealed from standard search engines.

Accessed through specialized software like Tor (The Onion Router), individuals can enter online domains denoted by addresses concluding with “.onion.” Originally conceived by the U.S. Naval Research Laboratory to safeguard communication among government agents, this internet layer swiftly expanded its utility to realms beyond its initial purpose.

One of dark web’s defining features is its emphasis on anonymity.

Tor bounces users’ communications through a network of volunteeroperated servers, making it difficult to trace back to the user. This anonymity extends to website operators, providing a cloak for illegal activities such as the wildlife trade.

The ecology of dark web transactions

Darknet markets, the digital counterparts of physical black markets, operate on the dark web. These markets offer a range of illicit goods and services, all accessible with the help of specialized software. Transactions within these markets are anonymized, leveraging cryptocurrency transactions to ensure buyers’ and sellers’ privacy and security.

The transaction process typically involves the use of cryptocurrencies like Bitcoin, which offers a degree of anonymity due to its decentralized nature. Dark wallets are used to protect the identities of parties involved in the transaction.

The marketplace operator often holds the payment in escrow to deter potential scammers. The only vulnerable link in this chain is the actual delivery of goods, which is carried out through postal systems.

The history of the dark web’s illicit trade can be traced back to one of the most infamous platforms: the Silk Road.

Launched in 2011 by Ross Ulbricht, Silk Road was the pioneering darknet marketplace that revolutionized the concept of online black markets.

It operated as a platform for anonymous buyers and sellers to trade various goods, particularly drugs. The site’s use of Bitcoin for transactions and its sophisticated privacy measures made it a breeding ground for illegal activities.

Silk Road’s prominence was short-lived, as law enforcement agencies worldwide intensified their efforts to shut down the site. In 2013, Ross Ulbricht was arrested, and the original Silk Road was seized and closed.

However, Silk Road’s legacy lives on in the proliferation of subsequent darknet markets that have filled the void left by its demise.

The ongoing battle against wildlife trafficking

Efforts to combat the illegal trade of exotic animals have spanned decades, involving international organizations, law enforcement agencies, and conservation groups. Despite these collective endeavors, the allure of financial gain and the perceived impunity of the dark web has allowed the wildlife trade to persist.

One of the challenges in curbing the dark web wildlife trade lies in the very nature of the network itself. The anonymity provided by the dark web’s encrypted communication and decentralized infrastructure makes it difficult for authorities to trace the identities of those involved.

Consequently, law enforcement agencies face an uphill battle as they strive to identify, apprehend, and prosecute individuals engaged in this illegal activity.

The dark web’s role in facilitating the illegal trade of wild and exotic animals has far-reaching consequences for global conservation efforts and biodiversity.

The rampant exploitation of endangered species threatens delicate ecosystems and disrupts natural balance. Additionally, using rare species for drug consumption or other purposes can drive these creatures towards extinction.

Conservationists and researchers emphasize the urgent need for stricter regulation and law enforcement to counteract the dark web’s impact on wildlife trafficking.

International collaboration is vital to address this transnational issue effectively. However, achieving this is no small feat, given the challenges posed by the dark web’s inherent anonymity and the ever-evolving tactics used by those involved in the trade.

The dark web’s role in facilitating the illegal trade of wild and exotic animals paints a grim picture of humanity’s darker inclinations. Driven by greed, curiosity, and a desire for altered experiences, individuals exploit the anonymity and secrecy offered by the dark web to profit from the suffering of life forms.

While efforts to combat this issue persist, the resilient nature of the dark web and the lucrative incentives involved pose significant challenges.

As the world grapples with the complexities of technological advancements and ethical considerations, it becomes increasingly clear that a multidimensional approach is necessary to combat the dark web’s impact on wildlife trafficking effectively.

Stricter regulations, international cooperation, and innovative technological solutions are vital to ensure a brighter future for both the species that inhabit our planet and the ecosystems that sustain us all.

Monthly Round Up: List of the most prominent cyber attacks in August 2023

The year 2023 introduced a notable level of complexity to the world of cybersecurity. On the one hand, a surge of innovative startups had been diligently reinforcing security infrastructures, while on the other, a wave of fresh threat actors had been asserting their presence through high-profile cyberattacks

This contrasting dynamic had been further accelerated by a proliferation of new names within the hackers’ community, often linked to well-

known threat actors and occasionally emerging as entirely new entities.

Regrettably, the arrival of those ransomware groups had steered in a period of heightened damage, overshadowing even the most robust cybersecurity efforts. Employing a spectrum of new hacking techniques, ranging from intricate mechanisms to time-tested ploys, those groups had displayed an aggressive arsenal, leveraging all available means to target organizations for personal

gain or, at times, to align with specific groups or communities.

In that context, The Cyber Express presented the August 2023 monthly roundup, spotlighting the most significant and impactful cyberattacks of the month. Encompassing several methods, from DDoS attacks and defacements to exploitations and fully-fledged cyberattack campaigns, their coverage had left no aspect untouched.

Top Cyber Attacks of August 2023

The Monthly Round-Up

Cyber attack Trinkwasserverband Stader Land

A cyberattack targeted Trinkwasserverband Stader Land in Dollern, Lower Saxony, Germany. The drinking water association had acknowledged a security incident on its website, hinting at a hacker intrusion affecting email systems. Although the critical water supply had remained unaffected, the association had striven to minimize damage by restoring IT systems with external expertise.

Following the Russian-Ukraine conflict, concerns have risen over similar threats. Authorities had been informed, and police had been investigating the attack. Maintaining the integrity of clean water distribution had been vital within critical infrastructure, and the association had been committed to safeguarding this lifeline against cyber threats.

DDoS Attack on ECOreporter

ECOreporter, based in Dortmund, Germany, had faced another cyber attack targeting its server, potentially causing limited access to content, particularly from abroad. Technicians had diligently worked to resolve the issue. Notably, that attack had seemed focused on disrupting the site and hadn’t compromised customer data. ECOreporter had previously suffered a similar attack in July. Despite a weekend assault that had briefly rendered the site inaccessible, the security team promptly restored access without data loss.

Ransomware attack on Comprehensive Medical Care Program

Argentina’s Comprehensive Medical Care Program (PAMI) in Buenos Aires had fallen victim to a ransomware cyber attack that temporarily turned off its website. Despite the disruption, PAMI ensured the continuity of medical appointments and medication purchases. The attack, a form of malware that had encrypted files to demand a ransom, had prompted investigations into the intrusion’s source. While PAMI’s statement had not explicitly labeled it as ransomware, official sources had confirmed the attack’s ransomware nature, reminiscent of malware encrypting data for extortion. PAMI’s swift response had mitigated the attack, preserving server information.

Waterbury Health in Connecticut, USA, Affected by a Cyber Attack

Waterbury Health, situated in Connecticut, USA, had faced patient operation disruptions due to a cyber attack. The incident triggered a computer system outage, impacting both inpatient and outpatient services.

The hospital had initiated downtime measures, including resorting to paper records, while collaborating with IT security specialists to expedite resolution. Patient visitation had remained unaffected.

Specific services such as blood draws, radiology and imaging were temporarily closed in response to the situation. Waterbury Health had continued evaluating downtime capacities and had considered rescheduling appointments. The hospital had reassured patients that despite the cyber attack’s impact on systems, diligent efforts had been underway to restore normal operations swiftly.

Agence Nationale de l’Aviation Civile et de la Météorologie Faces Cyber Attack

The Agence Nationale de l’Aviation Civile et de la Météorologie (ANACIM) in Senegal had confirmed that a recent cyberattack on its website had not compromised agency data due to real-time backups. ANACIM officials had stated that only the homepage had been affected to convey a message.

The hackers, yet unidentified, had left a plea to “Free Juan Branco.” The agency’s digital operations had remained unaffected, as it had employed multiple platforms beyond the website. ANACIM had assured ongoing recovery efforts and alternative digital channels, such as email and phone, for user interaction.

Verdeil Foundation Targeted

The Verdeil Foundation in Lausanne, Switzerland, had experienced a cyberattack on August 8, 2023. The authorities have taken action to address the breach, with a dedicated team formed to manage the incident. Despite the attack, the Foundation’s operations and upcoming school year had remained unaffected.

An evaluation of the impact has been ongoing, supported by cybersecurity experts. Data theft had been confirmed, though the exact nature had been unknown. The Foundation had been enhancing security measures and had reported the incident to authorities.

Freeport-McMoRan, the US Mining Company, Hit by Cyber Attack

On August 11, 2023, Freeport-McMoRan, located in Phoenix, Arizona, reported a cybersecurity incident affecting its information systems. While limited production impact had occurred, the company had diligently investigated and implemented proactive measures to manage the situation.

Collaborating with third-party experts and law enforcement, Freeport-McMoRan had aimed to secure their systems swiftly. The company’s commitment to safety and responsible practices had remained, yet prolonged disruption may have influenced future operations.

Updates could have been expected on fcx.com. The copper miner’s shares had dropped by 1.7% in response to the news, with concerns over potential extended repercussions.

ROUND UP

$2.1 Million Stolen from Zunami Protocol

Decentralized finance platform Zunami Protocol had suffered a stablecoin pool attack, resulting in an estimated loss of $2.1 million due to price manipulation. Security firm PeckShield has detected the exploit on Curve Finance’s zStables pools, prompting Zunami to caution against purchasing Zunami Ether (zETH) or Zunami USD (UZD) stablecoins.

The attack had impacted the project’s major stable pools on Curve, with collateral remaining secure as investigations began. PeckShield and Ironblocks had concurred on the $2.1 million estimation, with the former detecting the breach first and Zunami confirmation shortly after.

Ransomware Attack on Cleveland City Schools in Tennessee

Cleveland City Schools in Tennessee, USA, had experienced a ransomware attack. Fortunately, personal data remained unaffected, with less than 5% of faculty and staff devices impacted. While some devices within the network had been compromised, the majority used by students, faculty, and staff had continued to operate.

The school had assured parents that sensitive student information, including PowerSchool data, had been secured offsite, and no current evidence of data compromise existed. Assistance from a third-party recovery company had been underway, aided by the Cleveland City Police Department and Homeland Security.

Cyber Attack Strikes Sartrouville Town Hall in Île-de-France Region

Sartrouville Town Hall in Île-de-France, France, had fallen victim to a recent cyberattack, crippling its services for a full day. While initially impacting hospitals, cyberattacks have increasingly been targeting French municipalities. The latest casualty had been Sartrouville Town Hall.

In the early hours of the attack, the intranet system had abruptly shut down due to ransomware “Medusa,” encrypting all data on work and backup servers. The attack had rendered all services except the municipal police and identity/passport issuance inoperative. Despite a €200,000 estimated damage, the town had refused to pay the hackers’ ransom demand.

DDoS Attack on the Websites of a State Government in Germany

Hackers had targeted government and police websites in Schwerin, Germany. The Mecklenburg-Western Pomerania state had faced cyberattacks, impacting ministries, police, and service portals. State IT experts had noticed intensified assaults on websites, mainly a server overload attempt.

The state’s IT provider, DVZ, and CERT MV had swiftly responded, rendering attacks largely ineffective. Although security measures had been held, the minister had warned of potential weekend attacks, vowing readiness to counteract swiftly.

Patriot Legal Defense Fund Faces Data Breach

The Patriot Legal Defense Fund in the USA, designed to aid former President Donald Trump’s associates with mounting legal costs, appeared to have been hacked. The website’s homepage had been defaced, crossing out Trump’s name and adding an “America Is Already Great!” slogan.

The hack had gone beyond visuals, featuring an essay criticizing Trump and replacing donation links to support various organizations. The defacement had occurred on August 18 and had still been present. The fund’s legitimacy had previously been questioned, with reports suggesting links to Trump’s campaign website.

Energy One Falls Victim to Severe Cyber Attack

Energy One, a prominent player in Australia’s energy sector, had fallen victim to a cyber attack affecting systems in Australia and the UK. The attack, which had occurred on August 18, had led the company to deactivate connections between corporate and customer systems. Energy One had enlisted cybersecurity experts from CyberCX and notified relevant authorities. The extent of the breach and potential personal data compromise had been under investigation.

Clients, including global power firm InterGen, had awaited updates about the incident’s impact and resolution timeline. The company had pledged to keep stakeholders informed as details emerged, though attacker identity and data impact specifics had remained undisclosed.

Breach at Centre Public d’Action Sociale de Charleroi

The Centre Public d’Action Sociale de Charleroi (CPAS Charleroi) in Belgium had fallen victim to a cyberattack, disrupting its services. Consequently, all social branches had been closed on Wednesday, August 23, 2023, barring emergencies. The debt mediation and energy house services had also been unavailable.

Normal operations had been expected to resume on Thursday, August 24. While other CPAS services had continued unaffected, the organization had diligently worked to rectify the situation. A recent cyberattack on August 21, 2023, might have compromised CPAS data, including personal information. Immediate measures had been taken to mitigate potential consequences.