Cybersecurity Crisis: Marriott, Google+ Latest Security Victims
These days you hear a lot of talk about keeping up with the news can be like trying to drink from a firehose. And that’s just the political and international news. Factor in the news about data breaches and cybersecurity issues, and it’s almost like drinking from two fire hoses—at the same time.
However, many data breaches happen without making headlines because we can’t keep up. As of July of this year, we already had over 600 data breaches involving big brands such as Under Amour and their nutrition app, Saks Fifth Avenue and Lord & Taylor, Facebook (which you no doubt already knew about but it can be hard to keep track), Panera and MyHeritage. Whew! And that’s just in the first 7 months of 2018!
But don’t think the data breaches came in a rush and then slowed down because we should be so lucky. No, they just keep on coming, like the water from the firehose, even if many happen without headlines. And now we have the two newest headline making cybersecurity issues, both made public within 10 days of each other and at the time of this writing: Marriott and Google+.
Marriott Data Breach Went on for Four Years
On the last day of November 2018, hotel chain Marriott admitted their reservation system had been hacked, exposing the personal data of up to 500 million people. (That’s half a billion.) The data breach started way back in 2014, but Marriott claims to have only just discovered it.
For 327 million of the guests who had their information potentially compromised, that data included email addresses, passport numbers, dates of birth and information on arrivals and departures. The credit card numbers and expiration dates of other members were possibly compromised as well. Although the credit card numbers were encrypted, Marriott can’t say whether or not the hackers were able to decrypt them.
Google not Immune to Security Failings
Now you might argue that Marriott is a hotel chain, and technology isn’t necessarily the hotel industry’s thing. But we just found out about one of the biggest tech companies in the world also unknowingly exposing user data: Google. Up to 500,000 Google+ users might have had their information exposed between 2015 and 2018, which is admittedly a fraction of the number of Marriott’s victim list. But Google then discovered another security glitch affecting over 52 million Google+ users, news that the search engine giant made public in December 2018. Google plans to shut down the social network in April 2019.
These aren’t the biggest data breaches to date. Yahoo and Adult FriendFinder get first and second place for biggest data breaches, at 3 billion accounts and 412 accounts million respectively. And the Equifax data breach in 2017 caused a lot of anguish not just for sheer volume—143 million people had their data exposed–but because of the type of data stolen and the fact that executives knew about it, but kept it quiet while selling off stock before the news went public.
But the Marriott case is disturbing because it went on for so long and included passport information, as well as possibly decrypted credit card numbers. And the Google+ one, well, it’s Google! If Google can’t keep data secure, is there any hope?
The Takeaway? Get a Cybersecurity Job!
The frequency with which we now seem to hear about data breaches is depressing. Yet the main takeaway from all this bad news about data breaches is job related. You might think the main takeaway would be about taking steps to protect ourselves, but that’s simply not possible in the world we live in. Unless you want to go off-grid, you’re going to be online and your data is going to be collected and you’re going to be at risk. Period. There’s no way around that. All we can do is demand the businesses we trust with our data try harder to fortify the defenses to thwart the would-be hackers.
And it’s not necessarily that they don’t want to do better at cybersecurity. They might simply lack the staff to do so because people aren’t choosing cybersecurity careers.
Why Aren’t People Choosing Cybersecurity Careers?
We lack cybersecurity professionals in a big way. Experts predict we will have 3.5 million unfilled cyber security jobs by 2021, because we already have a shortage, but the number of jobs available will continue to grow: the number of cyber security jobs is growing three times faster than other technical jobs. The Bureau of Labor Statistics says the rate of job growth in information security will be 37 percent from 2012 to 2022—much faster than other jobs.
Why is this? Why don’t people want to go into cybersecurity, a lucrative field with jobs that pay six-figure incomes in many parts of the U.S., according to a study by Indeed.com? We can’t say for sure, but there are four causes we can easily point to:
- Lack of awareness: Cybersecurity is not typically a career choice that’s widely talked about or considered. Most kids don’t even know what it is!
- Misconception: People assume you need some kind of computer science background to get into cybersecurity, but that’s not true. In fact, you don’t need a 4-year degree to get started in the field, and 87 percent of today’s cybersecurity professionals started out in another field—often something that wasn’t even IT-related.
- Misdirection: Companies tend to look for recruits in the wrong places, concentrating on those in STEM when people with liberal arts backgrounds are just as qualified to learn the skills and do the jobs. In fact, some say non-technical people can be better at cybersecurity because they can have strong analytical, research and communication skills.
- Confusion: Cybersecurity has so many different facets to it that it can confuse potential candidates. Even with an organization cybersecurity can seem to lack cohesiveness because of the many different roles, from ethical hacking to penetration testing to analytics to much more.
Cybersecurity also lacks luster as a brand, and so has a shortage of Millennials: According to research, only 7 percent are under age 29, and 13 percent are between ages 30 and 34. We also have a shortage of women: Only 11 percent are women. And we really need to turn those numbers around. Are you in?
Today's Skills for Tomorrow's Workforce
If you hadn’t considered a cybersecurity career before for one of the reasons cited above—or another reason altogether—it’s time to give this fast-growing field another look. Getting trained for cybersecurity today will position you for tomorrow’s workforce, one that has a desperate need for people trained to thwart the evil-doers. And getting trained is fairly easy to do, because you can get an entry-level cybersecurity job without a 4-year degree. How? Start with a certification. Learn the basics and get your foot in the door, then see where this career might take you.
Are the hackers letting up because they see a lack of opposition? Do they want to give the good guys a chance to catch up? Not at all. They see opportunities and they jump at them. There isn’t any time to lose. We don’t have any kind of handicap or grace period. The hackers are winning and our team is too small. Join that team and make a difference.
Recommended articles for you
Update Your IT Career with a Move into Cyber SecurityArticle
Top Cyber Security Trends for 2019Article
Why Cyber Security is Critical to Your OrganizationArticle