Australia has one of the largest talent gaps for cyber security specialists in the world. The demand for cyber security experts has traditionally been examined in terms of solutions, security type and geography. But which industries are in need of cyber security experts? As we conduct more work online, in the cloud and on the Internet of Things (IoT), different sectors are facing unique and complex cyber security challenges.
It took a while for healthcare organisations to move from paper-based to digital records, but as soon as they did, they became a target for cyber attacks. Large organisations like hospitals and medical laboratories hold some of our most private information, including Medicare numbers, medical history and even our DNA. Healthcare records can be more valuable on the black market than financial data because they have a longer life — while we can change our bank details, we can’t change our medical history.
In the United States, the Breach Barometer Report: Year in Review reveals that there’s at least one data breach in the healthcare industry every single day. It also shows that while the number of breaches is increasing, the volume of patient records being affected is drastically declining. This suggests that cyber security experts are helping to protect the industry, even though criminals are becoming more creative in their cyber attacks.
Hospitals in regional Victoria were taken offline in 2019 after the Emotet malware attack blocked access to financial management, patient bookings and other systems. In the wake of the attack, several cyber security experts came out and declared the Victorian healthcare system “woefully under-protected”. To avoid a similar fate, cyber security experts at Queensland Health went on the offensive and blocked staff from accessing personal emails.
In addition to the threat of the malware that hit Victoria, the Queensland Audit Office revealed that it had successfully accessed three different government entities using penetration testing techniques, also known as ethical hacking. Incidentally, government auditors achieved this months before the Emotet attack, accessing regional Victorian hospitals as well as major metropolitan hospitals and water authorities. Working in cyber security in healthcare is a rewarding job as you’ll be protecting the systems from attacks and preventing disruption to patient care.
A 2019 study found that almost all global media brands are using a corporate domain register for their websites, but only a third have a registrar lock that protects those domains from hijacking. Perhaps even more alarming is that only 3 per cent have Domain Name System Security Extensions (DNSSEC) configured; the security protocol prevents cyber criminals from redirecting web traffic to deceptive websites.
Cyber security expert Scott Borg puts this shortfall in cyber security in context by highlighting the Russian efforts to manipulate the 2016 U.S. election. “[The attack] was larger and more sophisticated than has been recognised. The Russians have been using cyber attacks directly designed to manipulate the news,” Borg warns.
In addition to their websites, the content of media companies is also at risk. HBO found out the hard way when an episode of the much-anticipated “Game of Thrones” was leaked online, while Netflix lost 10 episodes of “Orange Is the New Black.” These breaches also have the potential to put user data at risk. Streaming companies collect massive amounts of personal user data, which may be appealing to cyber criminals.
In Hollywood, that personal data extends to the large numbers of employees that work on blockbuster films. Sony was forced to cancel the release of a comedy film about a plot to assassinate North Korean leader Kim Jong-un called “The Interview.” A group of hackers who called themselves ‘Guardians of Peace’ got into Sony’s system and released personal information about employees and their families.
As a result, maybe the next article you see about record-breaking salaries in Hollywood won’t be about an actor, but about a cyber security expert.
When car manufacturers began introducing smart features in their automobiles, many used third-party components. That process opened them up to cyber risks, as Volkswagen discovered when its Internet-connected music system allowed penetration testers to access the car. These days, car brands are hiring cyber security experts to bring smart technology production in-house as original equipment manufacturers.
As cars become more autonomous, the need for cyber security increases. Right now, cyber security experts are developing intrusion detection systems to protect cars and their passengers from the actions of cyber criminals. As these cars come online, there’ll be a growing need for security operations centres (SOC) to monitor, analyse and handle alerts from intrusion detection systems.
Already, cyber security experts across the world are working on solutions to protect the smart and autonomous features of future cars.
While many of the risks for passenger cars may still be in the future, heavy haulage trucks and buses are already connected continuously to the Internet. Many of these vehicles use an open standard network system that hackers can manipulate to control acceleration, braking and on-screen displays. Industry experts are now encouraging the trucking industry to “bake cyber security into the entire development cycle and lifespan of future truck lines”.
With an emerging security risk in the transportation sector, it’s never been a better time to use your cyber security expertise to make sure that the sector develops safely.
The world of retail has moved rapidly from brick-and-mortar shops to online stores that make the most of cloud computing solutions. Retailers hold their customers’ personal and financial details as well as valuable data on their shopping habits. Besides making them valuable targets for cyber criminals, operators in the retail industry now have obligations under the General Data Protection Regulation (GDPR) in Europe and Notifiable Data Breach (NDB) legislation in Australia. As a result, large retailers are tooling up with in-house cyber security teams, while smaller retailers are more likely to employ a security-as-a-service solution.
While the aim of cyber criminals is often to extract a ransom from their victims, in retail, the customer details can be of more value. Adobe Creative Cloud encountered a breach that published the details of almost 7.5 million users online. The information included users’ email addresses, account creation dates and Adobe products customers use. When used by cyber criminals, these details could be very effective in phishing emails and scams.
With retail’s dependency on cloud computing, there’s a high demand for cyber security experts who have cloud security skills. Job advertisements that emphasise public cloud security skills remain unfilled for 79 days on average — longer than any other type of information technology (IT) job.
5. Cyber security
Of course, with security as a service, global security operations centres and IT businesses, cyber security has become an industry in itself. The global cyber security market was valued at around US$100 billion in 2017, and by 2023, that value is expected to rise to almost US$250 billion.
This rapid growth has led to a “cyber workforce gap” — a shortage of cyber security experts to fill jobs. Leading IT security companies, including Symantec, Cloudflare and Unisys, have come together with Apple, Facebook, Google and others to address the expertise drought. The sector is fast-moving, needing to stay at least two steps ahead of criminals, and is constantly looking for new technology solutions to beat cyber crime.
6. Information technology and services
Amazon is the largest online retailer in the world, and its subsidiary Amazon Web Services (AWS) is one of the major cloud computing providers. Amazon the retailer arrived in Australia in 2017, while AWS just signed a $39 million deal with the Australian Federal, State and Territory governments to provide cloud computing services. And they’re hiring cyber security professionals.
One area where the AWS cyber security team is working is with other major IT and service providers, such as Telstra. AWS supported Telstra to consolidate data storage and to provide secure data paths for offline networks and third parties like Telstra’s own managed cyber security services customers.
Oracle and IBM are tech giants that both have operations in Australia that employ a variety of cyber security professionals. There are also several large businesses offering software as a service (SaaS) that have increasing cyber security needs. Given that SaaS and bring-your-own-device (BYOD) practices have eroded the old perimeter approach to cyber security, organisations like these are looking for cyber security professionals who can approach defence from a different angle.
The protection of critical networks for the Australian Federal Government is managed by the Australian Signals Directorate (ASD). In addition to being a foreign intelligence collection agency, the ASD houses the Australian Cyber Security Centre. The ASD currently provides cyber security advice to the private sector, but there’s a proposal to embed the directorate within business networks. This could give those businesses, as well as the country, a better chance of defending against cyber attacks.
Working with the ASD as a cyber security expert is a job for those who like a little more excitement in their careers. In fact, the ASD is banking on it. With the high demand for cyber security experts in the private sector, the ASD admits that it can’t match the salaries of big business, but it does offer other enticements. For example, with the ASD, you can do work that would be illegal outside of the ASD, including offensive (rather than defensive) cyber operations.
Another government department that has interesting roles for cyber security experts is the Australian Security Intelligence Organisation (ASIO). While the ASD comes from a military background, ASIO has more of an intelligence focus, like the FBI in the United States. Cyber security specialists with the ASIO earn between AU$82,281 and $156,789 for roles that focus on digital forensics, software reverse engineering and cyber network analysis. Experience in this sector would easily transfer to other specialities and give you some unique opportunities for your portfolio or resume.
8. Financial services
One of the key motivators for many cyber criminals is money, so it makes sense that many roles for cyber security professionals exist in the financial services sector. Australia’s Big Four banks — ANZ, CBA, NAB and Westpac — have taken a military approach to defence, with bunkers, war rooms and cyberwar games. These war games pit penetration testers and hackers against intrusion detectors and incident responders. This allows them to not only sharpen their skills but also review the impact they had on each other. This means they can assess the strength and effectiveness of defences.
All this preparation appears to have averted a major data breach in the Westpac incident in which customer details were exposed in the PayID hack. Westpac wouldn’t confirm how many customers were affected but asserted that no bank accounts were compromised.
Other financial services that offer motivating roles for cyber security professionals include KPMG, EY and Deloitte. In the case of Deloitte, in addition to contributing to its cyber defence, these roles also work downstream with clients and have the opportunity to participate in cyber security research. When you work in financial security, you’re not only helping a major institution stay safe. Many cyber criminals prey on the elderly and vulnerable, so you’ll be making a difference to these people as well.
Become a cyber security expert
It’s clear there is a high demand for cyber security experts across a range of industries. With ECU Online’s Master of Cyber Security, you will gain the skills you need to identify and mitigate risks and stand out as an expert. Get in touch with our Enrolment team on 1300 707 760.