Source URL: https://blog.talosintelligence.com/threat-source-newsletter-sept-12-2024/
Source: Cisco Talos Blog
Title: We can try to bridge the cybersecurity skills gap, but that doesn’t necessarily mean more jobs for defenders
Feedly Summary: A June report from CyberSeek found that there are only enough skilled workers to fill 85 percent of cybersecurity jobs in America.
AI Summary and Description: Yes
Summary: The text discusses recent initiatives to close the cybersecurity skills gap in the U.S., particularly through a new government program aimed at training workers. It raises concerns regarding ongoing hiring freezes and budget cuts in cybersecurity despite the need for skilled workers. Additionally, it highlights recent cybersecurity threats and trends, providing insights into emerging attack vectors and new malware targeted at systems in various regions.
Detailed Description:
The text covers multiple significant points related to cybersecurity, workforce training initiatives, and emerging threats. Here are the key takeaways:
– **Cybersecurity Skills Gap**:
– The U.S. government’s new “Service for America” initiative aims to train workers for cybersecurity roles.
– The initiative focuses on skills-based hiring, removing degree prerequisites to broaden access to employment in the field.
– Additional support aims to assist neurodivergent candidates and individuals with visual impairments to enter cybersecurity roles.
– **Hiring Trends**:
– Current reports indicate that only 85% of cybersecurity jobs in the U.S. are able to be filled due to a shortage of skilled workers.
– Despite this shortage, reports highlight a stagnation in hiring within the cybersecurity sector, with a significant decrease (29%) in job postings year-over-year.
– Corporate hiring freezes and budget cuts are affecting the ability to recruit talented professionals into cybersecurity roles.
– **Emerging Threats**:
– The text introduces a new threat called “DragonRank,” which targets web application services to deploy malware and manipulate SEO rankings. This involves:
– Use of compromised Windows IIS servers for malware distribution.
– Exploitation for financial gains and reputation damage for targeted companies.
– **Other Noteworthy Cybersecurity Developments**:
– Introduction of a new attack method named “RAMBO,” capable of stealing data from air-gapped computers using electromagnetic radiation, posing a risk particularly in highly sensitive environments.
– Ongoing activities of commercial spyware firms, such as the NSO Group, which have adapted operations to evade sanctions and continue targeting high-risk individuals.
– U.S. and allied intelligence agencies have formally blamed the Russian GRU for various cyber attacks against Ukraine, which highlighted both espionage and disruption tactics.
– **Response and Mitigation**:
– Talos, a cybersecurity team, released detection and blocking measures against the malware used in various attacks mentioned in the discussion.
– **Future Considerations**:
– Professionals within the cybersecurity field must be aware of the ongoing skills shortage alongside the significant threat landscape and evolving attack vectors.
– Training programs should align with industry needs, addressing both the skills gap and ensuring mechanisms are in place to facilitate hiring of trained individuals.
This snapshot emphasizes the intersection of workforce development, security trends, and the socio-economic factors influencing the cybersecurity landscape.