by Brian Shilhavy, Health Impact News:
As the full effects of the Microsoft glitch that took down so many businesses and government agencies this past Friday are still being evaluated, the vulnerability of a software system run by a cyber security firm is presenting new information to hackers and exposing just how unprepared the U.S. Government is to protect our country against cyber attacks that are a real threat to national security.
After the CrowdStrike failed software update that infected 8.1 million devices with cascading effects spreading to millions, if not billions, of other devices and computer systems, the threat of a Cyber Pandemic is now very real.
TRUTH LIVES on at https://sgtreport.tv/
And the main reason that the U.S. Government is powerless to stop something like a Cyber Pandemic is not because of a lack of technology or computer resources, since the U.S. is home to the largest technology companies in the world, but it is due to a lack of human resources: Cybersecurity professionals.
In 2021 CNN published an article with the title: Wanted: Millions of cybersecurity pros. Salary: Whatever you want
The article highlighted the increasing cyber attacks in the U.S. and the lack of cybersecurity experts to prevent these attacks.
A series of major digital security breaches over the past year are serving as a wake-up call to Corporate America about the need to invest in cybersecurity.
Friday brought yet another reminder of the risk of cyberattacks, when Microsoft (MSFT) said the hackers behind the 2020 Solar Winds breach launched a new attack on more than 150 government agencies, think tanks and other organizations globally.
But perhaps the most striking recent example is the Colonial Pipeline ransomware attack, which forced the company to shut down the pipeline temporarily — resulting in gas shortages and price spikes in multiple states over several days. The debacle cost Colonial at least $4.4 million, the amount its CEO admitted to paying the hackers.
In the weeks before the attack, the company had posted a job listing for a cybersecurity manager.
“As far as I know, this is the first cybersecurity incident that has led to a measurable economic impact on the American population,” said Jonathan Reiber, senior director for cybersecurity and policy at AttackIQ and the chief strategy officer for cyber policy under the Obama administration’s secretary of defense.
The takeaway from such security breaches, according to experts, is that it’s high time for companies to start investing in robust controls and, in particular, adding cybersecurity professionals to their teams.
The only hitch: There’s a massive, longstanding labor shortage in the cybersecurity industry.
“It’s a talent war,” said Bryan Orme, principal at GuidePoint Security. “There’s a shortage of supply and increased demand.”
Experts have been tracking the cybersecurity labor shortage for at least a decade — and now, a new surge in companies looking to hire following recent attacks could exacerbate the problem.
In the United States, there are around 879,000 cybersecurity professionals in the workforce and an unfilled need for another 359,000 workers, according to a 2020 survey by (ISC)2, an international nonprofit that offers cybersecurity training and certification programs. (Full article.)
Fast forward to today in 2024, and the situation has only become worse.
A few weeks ago (June, 2024), members of Congress raised concerns over the shortage of cybersecurity professionals, which has now grown to a half million open jobs that cannot be filled.
Lawmakers Raise Concerns Over Cybersecurity Workforce Shortage
Members of Congress are sounding the alarm on the shortage of cybersecurity and IT workers across the United States, with lawmakers noting that there are over 500,000 open cyber positions.
During a House Homeland Security Committee hearing on June 26, Rep. Andrew Garbarino, R-N.Y., on behalf of the absent Chairman Mark E. Green, R-Tenn., underscored the bipartisan concern about the need to address the cybersecurity workforce gap.
“Experts predict that by the end of 2024, a cyberattack will strike every 13 seconds. That’s 6,822 attacks a day, or about 2 million by the end of the year,” stated Rep. Green in his opening statement.
“It is alarming, then, that our nation is suffering from such a massive cyber workforce gap. We currently need at least 500,000 cyber professionals if we hope to protect and defend our way of life,” added Rep. Green. “Now, that’s not just any 500,000 people – we need 500,000 skilled, talented cyber workers dedicated to contending with the threats of today while preparing for the threats of tomorrow.” (Full article.)
Earlier this month, on July 1, 2024, the House Committee on Homeland Security held two hearings to address America’s cybersecurity vulnerabilities.
WASHINGTON, D.C. –– Last week, the House Committee on Homeland Security held two hearings to address America’s cybersecurity vulnerabilities and examine potential solutions for the estimated two million cyberattacks the nation could face this year alone.
On Wednesday, the Committee held a hearing with government witnesses to examine the nation’s cybersecurity workforce shortage of 500,000 vacancies and help the United States maintain an edge in the cyber domain.
On Thursday, Subcommittee on Cybersecurity and Infrastructure Protection Chairman Andrew Garbarino (R-NY) led a hearing to examine the United States’ critical infrastructure vulnerabilities and the role that cyber insurance can play in planning, response, and recovery efforts. (Source.)
On Thursday last week, the day before the Microsoft glitch, a top cybersecurity official at the State Department actually stated that he believed AI could help fill the gap of all those 500,000 unfilled cybersecurity job openings.
Computer’s policing themselves without human intervention?
State Dept. Paying Down Cyber Skills Debt With AI
A top cybersecurity official at the State Department said Tuesday that the agency is leveraging artificial intelligence (AI) to “buy back time” for the cyber workforce.
During a Federal News Network webinar titled “Paying down the cyber skills debt,” State Department Deputy Assistant Director for Cyber Threat and Investigations Ray Romano explained that the workforce is using AI broader than large language models (LLMs) to help increase efficiency.
“We truly believe that artificial intelligence can be an aide to our cyber workforce,” Romano said. “We look at it a little bit broader than just [LLMs]. That’s absolutely part of the conversation. But we are actually looking towards getting to automation.”
“We’re looking at anything that we can to buy back time for our employees. Our analysts, our SOC analysts, our threat intelligence analysts, our threat hunters, they just have too much work and there are just things that are not getting done,” he said. “We’re looking at all of our high-fidelity alerts, but our mediums and our lows aren’t getting as much love as maybe they should.”
Romano emphasized that AI can help the cyber workforce at the State Department automate some of its workflows, but that “we’re not there yet.”
“We’re in the in the crawl stage of crawl, walk, and run,” he said. (Full article.)
Of course then the very next day, one of the top cyber security firms in the U.S. took down millions of computers worldwide, by simply publishing a software update.
Government officials are none too happy with Microsoft this week.
Read More @ HealthImpactNews.com
