The cyber security skills gap is real and growing; there simply aren’t enough cyber security employees to go around.

Cyber crime is rapidly escalating, and board rooms are taking notice. KPMG’s 2017 U.S. CEO Outlook survey shows cyber security risk to be among CEOs’ top concerns, yet only 40% of them feel that their organizations are fully prepared to handle a cyber attack. This isn’t surprising in light of the very serious – and worsening – cyber security skills gap. The cyber security unemployment rate was zero in 2016, and it’s expected to remain there until 2021. Coincidentally, that’s the same year by which Cybersecurity Ventures predicts there will be 3.5 million unfilled cyber security jobs.

Small and medium-sized firms are being hit the hardest by the cyber security skills gap, as the short supply of qualified talent is quickly snapped up by multinational firms that can afford to pay the high salaries and provide the “Cadillac” benefits and perks that this talent has the power to demand. The situation is expected to worsen in light of New York’s new cyber security law, which requires finance and insurance firms operating within the state to hire CISOs and “qualified cyber security personnel.”

Governments and private-sector organizations are wringing their hands over how to deal with the problem. The mayor of New York City has announced a plan to invest $30 million in in cybersecurity training, academic research, and development labs, with the goal of creating 10,000 new cyber security jobs over the next decade. IBM has launched what it’s calling a “new collar” jobs initiative to train both students and older workers in cyber security.

Outsourcing the Best Way to Immediately Bridge the Cyber Security Skills Gap

In light of the cyber security skills gap, the best option for most organizations is to outsource their cyber security functions to a reputable cyber security provider such as Lazarus Alliance. Our Cybervisors® service allows organizations of all sizes to immediately retain the services of the best and brightest subject matter experts in cyberspace law, cyber security, risk assessments and management, audit and compliance, governance and policies, and more.

In addition to getting the help you need right away, there are many other benefits to outsourcing your enterprise’s cyber security functions, including:

• Significant cost savings. It is almost always less expensive to outsource cyber security than to hire and maintain a security team full-time in-house. Even outsourcing just part of your cyber security functions, such as compliance, could result in significant savings.
• Allows you to focus on your business’ core competency. Most likely, you don’t hire in-house staff to handle your own legal matters or do your own taxes. You realize that law and accounting are not part of your core competency, so you outsource those functions to attorneys and accountants. (Along the same lines, you probably outsource your building security to a security firm!) Using this logic, why would your firm handle its own cyber security? Outsourcing this function to a professional frees up monetary and human resources that can be used to create, innovate, and drive your business.
• Allows you to access a level of expertise most companies don’t have internally. Cyber security is a highly specialized field, and the skill set it requires is quite different than those in other IT areas. It’s also highly dynamic, with new technologies and threat vectors emerging daily. Our Cybervisors® focus on only one thing: cyber security. They are highly experienced in this field, they are immersed in it, and they engage in continuous education to stay abreast of the cyber threat landscape.

Initiatives like the ones New York City and IBM have launched are positive steps in the direction of bridging the cyber security skills gap, but training new cyber security professionals takes time, and organizations need help right now. Your organization can’t wait 10 years, or even six months, to get the security help it needs, at a price it can actually afford. The cyber security skills gap is here for the long-haul, and outsourcing is the best way to handle the problem right now.

The cyber security experts at Lazarus Alliance have deep knowledge of the cyber security field, are continually monitoring the latest information security threats, and are committed to protecting organizations of all sizes from security breaches. Our full-service risk assessment services and Continuum GRC RegTech software will help protect your organization from data breaches, ransomware attacks, and other cyber threats.

Lazarus Alliance is proactive cyber security®. Call 1-888-896-7580 to discuss your organization’s cyber security needs and find out how we can help your organization adhere to cyber security regulations, maintain compliance, and secure your systems.

Cryptocurrency mining malware may end up being a bigger problem than WannaCry

Organizations that think they dodged a bullet when their older systems did not fall prey to the WannaCry ransomware may want to think again. Weeks prior to the WannaCry attacks, a group of hackers was taking advantage of the same Windows vulnerabilities that WannaCry exploited. Instead of locking down systems with ransomware, these cyber criminals were putting them to work, using a cryptocurrency mining malware called Adylkuzz.

Not only did users have no idea their machines had been turned into cryptocurrency mining zombies, but Adylkuzz acted as a sort of vaccine for machines against the WannaCry malware so that mining operations would continue unimpeded. So, in a bizarre twist, had it not been for Adylkuzz, the WannaCry attacks may have been even larger and more destructive.

That’s not to say Adylkuzz is benign. Just as WannaCry was a warning shot for the destructive potential of ransomware, Adylkuzz sounded the alarm about the next threat on the horizon: cryptocurrency mining malware.

Cryptocurrency 101

Cryptocurrencies are digital or virtual currencies that use cryptography to prevent counterfeiting. They are distinguished from “fiat currency” – the dollars, euros, and other money issued by governments – because they are not issued by a central authority or representative of debts. They are sometimes referred to as “hard” or “sound” money and are more similar to gold bars than dollar bills. The most well-known and widely used cryptocurrency is Bitcoin, which was invented in 2009 as a byproduct of the blockchain technology that enables it.

Although there is nothing inherently nefarious about cryptocurrencies, they have come under fire for their popularity among cyber criminals. While many perfectly legitimate businesses accept payment in Bitcoin, it also is the de facto currency of the Dark Net, and most ransomware variants demand payments be rendered in it.

New units of digital currencies are created through a process known as cryptocurrency mining. “Miners” solve highly complex cryptography problems that allow them to add blocks to the blockchain, and they are rewarded for their efforts with free cryptocurrency units. To prevent devaluation, all digital currencies have a cap on how many units can ultimately be mined; Bitcoin’s cap is 21 million units and, as of this writing, about 5 million are left to be mined.

Cryptocurrencies have another failsafe to prevent devaluation and other forms of abuse: The problems miners must solve suck up enormous amounts of processing power, which means that miners who want to use their own equipment are looking at a capital investment in highly specialized hardware. For those who don’t want to spend the money, cryptocurrency mining malware such as Adylkuzz has emerged. Although Adylkuzz takes advantage of the same Windows vulnerabilities as WannaCry, it behaves more like the Mirai botnet. It does not lock down systems or access data; instead, it goes after a machine’s processing power, hijacking it and using it to mine units of a Bitcoin competitor called Monero, a “next-generation” cryptocurrency that is growing in popularity among cyber criminals because it promises even stronger anonymity than Bitcoin.

Adylkuzz has proven to be far more lucrative than WannaCry; it’s estimated that rogue Monero miners have raked in 10 times more money than the WannaCry hackers. It’s also not the only cryptocurrency mining malware in town. There’s a Samba bug that attacks Linux machines, and, in a surprising twist, another form of malware that goes after Raspberry Pi devices, tiny computers that are popular among tech enthusiasts. While it may seem counterintuitive to target such a small machine, the idea is not to hijack one device but tens of thousands, as the Mirai botnet did, and harness the combined power of a “zombie army.”

Protecting Your Systems from Cryptocurrency Mining Malware

One of the reasons why Adylkuzz and similar malware are so successful is that many victims have no idea they’ve been hijacked. The symptoms of an infection are vague, consisting of general system sluggishness and a loss of access to shared network resources.

Critics of cryptocurrencies have long been calling for governments to regulate or even ban them, and WannaCry and Adylkuzz have added fuel to their arguments. However, because of the very nature of cryptocurrencies, any attempts to legislate them face a protracted, uphill battle. The best defense against cryptocurrency mining malware is to employ the same proactive cyber security measures used to defend against ransomware, data breaches, and other cyber attacks: ensure that all systems and software are up-to-date; install new manufacturer patches as soon as possible; always change manufacturer default passwords; perform regular penetration testing; continuously monitor networks for anomalies; and address the human factor by training employees on cyber security best practices.

The cyber security experts at Lazarus Alliance have deep knowledge of the cyber security field, are continually monitoring the latest information security threats, and are committed to protecting organizations of all sizes from security breaches. Our full-service risk assessment services and Continuum GRC RegTech software will help protect your organization from data breaches, ransomware attacks, and other cyber threats.

Lazarus Alliance is proactive cyber security®. Call 1-888-896-7580 to discuss your organization’s cyber security needs and find out how we can help your organization adhere to cyber security regulations, maintain compliance, and secure your systems.