National security is now the number one security concern for Americans, according to the recently-released global 2017 Unisys Security Index, replacing financial security as the top fear from the 2014 survey. Americans’ concerns about internet security, specifically viruses and hacking, rose most dramatically over the last three years, coming in as the number two security concern in this year’s index.
In a world more interconnected by technology than ever, the cyber threat landscape has never been more daunting. Alarmingly, one in three website visitors last year were attack bots and over 94 percent of 100,000 websites analyzed over a 90-day survey period experienced at least one bot attack, according to Imperva’s Bot Traffic Report 2016. Companies and agencies at the frontline of protecting the country and consumers from cyber-attack face countless challenges beyond the cybersecurity threats themselves.
NVTC 2017 Cybersecurity SitRep
NVTC’s newest infographic provides an updated look into NVTC members’ cybersecurity hiring and resource allocation trends while reiterating the key takeaway of last year’s cyber infographic: The human element exposes us to the greatest cyber risk, from cyber talent to employee training to insider threats.
Acquiring top cyber talent remains a priority to NVTC members, with 50 percent reporting they will hire cyber professionals over the next 12 months, a five percent decrease from last year. Employee training is the single greatest focus for our members with 50 percent reporting it as their greatest cyber resource allocation, while 42 percent are targeting a technical solution first. The human element – both human error and insider threats – was acknowledged as the greatest cyber threat facing the country today.
Cybersecurity Talent Gap Continues to Widen in 2017
Organizations are experiencing tremendous difficulties filling cybersecurity positions and retaining skilled talent in these positions. By 2022, it is predicted there will be a shortfall of 1.8 million cybersecurity professionals in the U.S. In Greater Washington alone, there are over 44,000 open cybersecurity positions.
The 50 percent of NVTC members reporting cyber hiring needs are in stiff competition to attract the cyber talent with the experience, skills and certifications they require to be competitive in today’s marketplace. Local tech employers are looking for creative ways to engage new talent pools to fill their cyber workforces, using models such as NVTC’s own Tech Talent Employer Collective, which uses the U.S. Chamber of Commerce Foundation’s Talent Pipeline Management methodology to put employers into the driver’s seat, setting the workforce development requirements around shared employer needs.
Cybersecurity Venture Funding In the Region Remains Steady
While it is unlikely we will again see cyber ventures play such an outsized role in venture funding such as in 2015 when 46 percent of all funding went to cybersecurity services and products, a steady stream of cyber venture funding continues in Greater Washington, with $210 million collected in calendar year 2016 and $173.2 million from Q4 2016 through Q3 2017.
This support network, including incubators and innovators from MACH37 to In-Q-Tel to CYBERCOM at Ft. Meade, enables a community with innovation capacity and the agility to rapidly evolve to meet the ever-growing cyber threat.
Evolving Cyber Threat Vectors
Internet crimes reported to the FBI’s Internet Crime Complaint Center (IC3) in 2016 represented more than $1.3 billion in losses. Those nearly 300,000 reported crimes are only estimated to be 15 percent of all internet crimes that took place. This year’s numbers so far show that things continue to rise – distributed denial of service (DDoS) attacks alone showed a 380 percent increase in Q1 2017 over Q1 2016.
Even with the rise of more sophisticated bot attacks and ransomware, 63 percent of NVTC members rank the human element as the cyber threat requiring their greatest focus. A recent study on email threats estimates that one in four emails appearing to come from a dot-gov domain is a phishing attempt and three out of four organizations reported being the victim of a phishing attack in 2016.
The threat landscape seems even more ominous when you add in the increasing sophistication of the methods used in spear phishing, a more targeted attack that often spoofs more realistic identities known to the victim; the days of being asked to help move royal gold reserves out of Africa are being replaced by seemingly innocuous requests from “Randy in accounting” to take a look at an attached spreadsheet. Despite this increasing threat, progress is being made through awareness and training programs teaching how to stay secure and safe in the current environment, an approach being adopted by all industry sectors, not just IT.
Community Threats Need a Community Response
We are lucky to reside in the nation’s cyber capital, where the resources and environment support cyber innovation and where the nation’s most qualified cyber workforce lives and works. Perhaps Greater Washington’s biggest advantage in cybersecurity is the collaboration happening in the region. Each day stakeholders from the private, public, incubator and academic communities come together to work on the biggest cyber threats.
To deepen cyber collaboration in the region, NVTC will be hosting the second annual Capital Cybersecurity Summit on November 14-15, 2017 at The Ritz-Carlton, Tysons Corner. At the Summit, the nation’s cyber leaders will share their unique insights and best practices into topics such as attracting top cyber talent, cloud security, cyber risk management, strengthening cybersecurity through public-private partnerships and more. Attendees will have unmatched networking opportunities to discuss their latest innovations and the cyber challenges they face. Get the latest Summit agenda here.
View NVTC’s 2017 cybersecurity infographic at www.NVTC.org/2017CybersecurityInfographic