All IT Jobs Are Cybersecurity Jobs Now

By Christopher Mims as written on wsj.com
The rise of cyberthreats means that the people once assigned to setting up computers and email servers must now treat security as top priority
In the Appalachian mountain town of West Jefferson, N.C., on an otherwise typical Monday afternoon in September 2014, country radio station WKSK was kicked off the air by international hackers.
Just as the station rolled into its afternoon news broadcast, a staple for locals in this hamlet of about 1,300, a warning message popped up on the screen of the program director’s Windows PC. His computer was locked and its files—including much of the music and advertisements the station aired—were being encrypted. The attackers demanded $600 in ransom. If station officials waited, the price would double.
The station’s part-time IT person, Marty Norris, was cruising in his truck when he got the call that something was amiss. He rushed to the station. “I immediately pulled the plug on his computer,” says Mr. Norris.
In a quick huddle, the possibility of paying the ransom was raised, but the idea didn’t get far. “We’re a little bit stubborn in the mountains,” says General Manager Jan Caddell. “It’s kind of like being held up. We thought if we paid, they’d just ask for more.”
Security experts believe this particular strain of ransomware has netted criminals at least $325 million in extorted payments so far, but the real figure could easily be twice that.
The global “WannaCry” ransomware attack that peaked last week, and has affected at least 200,000 computers in 150 countries, as well as the growing threat of Adylkuzz, another new piece of malware, illustrate a basic problem that will only become more pressing as ever more of our systems become connected: The internet wasn’t designed with security in mind, and dealing with that reality isn’t cheap or easy.
Despite all the money we’ve spent—Gartner estimates $81.6 billion on cybersecurity in 2016—things are, on the whole, getting worse, says Chris Bronk, associate director of the Center for Information Security Research and Education at the University of Houston. “Some individual companies are doing better,” adds Dr. Bronk. “But as an entire society, we’re not doing better yet.”
Ever greater profits from cyberattacks mean cybercriminals have professionalized to the point where they are effectively criminal corporations, says Matthew Gardiner, a cybersecurity strategist for Mimecast, which manages businesses’ email in the cloud. Instead of hackers fumbling their way through complicated financial transactions, or money whizzes fumbling their way through malware design, there is true division of labor. As in any other industry, specialization begets efficiency.
Large (legitimate) corporations have the resources to hire talent to protect their digital assets, but for small- and medium-size businesses, it’s harder. There’s no shortage of good advice on how to perform basic security hygiene, but who’s there to implement it? The solution is resource management, with a focus on cybersecurity. Dr. Bronk lays it out like this:
1. Retrain IT staff on security—or replace them. In today’s world of ever-multiplying threats and dependence on connected assets, all IT staff must now be cybersecurity staff first. “The good news is that you don’t need that dedicated person to run your email server anymore—they can run security,” says Dr. Bronk.
2. Push everything to the cloud. It used to be the job of IT personnel was to build and maintain the tools employees need. Now, pretty much anything can be done better with a cloud-based service.“I mean, even the CIA uses Amazon’s web services,” says Dr. Bronk. “If there’s a best of breed, why not use it? If you want a safe car, go buy a Volvo.”
Marty Norris tests program back up at WKSK in West Jefferson, N.C. Photo: Andy McMillan for The Wall Street Journal
 3. New IT investment will need baked-in security. Data from the Bureau of Labor Statistics indicates jobs in IT security are one of the fastest-growing categories in tech, up 33% in the past four years alone. That’s probably due to companies simply catching up on investing in cybersecurity after years of under-investment, says Mr. Gardiner.
Diana Kelley, global executive security adviser at IBM Security, a division ofInternational Business Machines Corp. , compares the current state of network security to graphical user interfaces in their earliest days, when they weren’t particularly intuitive. Collectively designers and engineers learned to prioritize and improve them. “Security can be like that, too,” she adds. “We can think about it upfront and weave it into the process in a much more effective way.”
The cloud isn’t perfect, of course. A , disclosed last week, exposed customer email addresses, allowing attackers to target them with convincing emails that included a malware attachment disguised as a Microsoft Word doc. And then there’s the fact that massivedenial-of-service attacks like Mirai can make the cloud inaccessible at critical times.
WannaCry is a good example of how increasing cybersecurity can be relatively simple—thwarting it was as simple as keeping Windows up-to-date. On the other hand, it used a sophisticated exploit lifted from a hack of National Security Agency tools that allowed it to spread directly from one computer to another, infecting systems in companies that might have been prepared for other kinds of attacks. These kinds of systemic
weaknesses employed by or stolen from governments have led Microsoft to plead for a “Geneva Convention” on cyber weapons
President and general manager Jan Caddell, program director Nathan Roland and IT staffer Marty Norris monitor things at radio station WKSK in West Jefferson, N.C., on Friday. Photo: Andy McMillan for The Wall Street Journal
As for West Jefferson’s own WKSK, the station was lucky. Mr. Norris, its IT consultant, had backed up the computers. He was able to wipe the slate clean and get everyone back on the air in a few hours. It’s a good illustration of how prioritizing even the most basic cybersecurity practices can be a life-saver.
Since then, he has implemented offline backups of the station’s computers, just in case. He’s also become a keen student of the kind of attacks, such as WannaCry, that can affect small organizations. As soon as he read that it could hit older systems, he rushed to protect them at his day job—as the IT person for the local school district.
Appeared in the May 22, 2017, print edition as 'All IT Jobs Are Security Jobs Now.'

Looking for a technology partner to assist with a specific project? Call Managed Solution at 800-208-3617  or contact us to schedule a full analysis on the performance of your network.

Network Assessment & Technology Roadmap


Wanna Decrypter 2.0 ransomware attack: what you need to know

By Bill Brenner as written on nakedsecurity.sophos.com
Updates as of 05/15/2017:
  • Multiple news reports have focused on how this attack was launched using NSA code leaked by a group of hackers known as the Shadow Brokers. That’s certainly what seems to have happened based on SophosLabs’ own investigation. A more detailed report on that is planned for early next week.
  • Sophos will continue to update its Knowledge Base Article (KBA) for customers as events unfold. Several updates were added today, and are summarized below in the “More guidance from Sophos” section.
  • Microsoft took the highly unusual step of making a security update for platforms in custom support (such as Windows XP) available to everyone. The software giant said in a statement: “We know some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download here.”
  • With the code behind Friday’s attack in the wild, we should expect copycats to cook up their own campaigns in the coming days to capitalize on the money-making opportunity in front of them, said Dave Kennedy, CEO and founder of information security consultancy TrustedSec.
  • The attack could have been worse, if not for an accidental discovery from a researcher using the Twitter handle @MalwareTechBlog, who found a kill switch of sorts hidden in the code. The researcher posted a detailed account of his findings here. In the post, he wrote: “One thing that is very important to note is our sinkholing only stops this sample and there is nothing stopping them removing the domain check and trying again, so it’s incredibly important that any unpatched systems are patched as quickly as possible.”
It was a difficult Friday for many organizations, thanks to the fast-spreading Wanna Decrypter 2.0 ransomware that started its assault against hospitals across the UK before spilling across the globe.
The attack appears to have exploited a Windows vulnerability Microsoft released a patch for in March. That flaw was in the Windows Server Message Block (SMB) service, which Windows computers use to share files and printers across local networks. Microsoft addressed the issue in its MS17-010 bulletin.
SophosLabs said the ransomware – also known as WannaCry, WCry, WanaCrypt and WanaCrypt0r – encrypted victims’ files and changed the extensions to .wnry, .wcry, .wncry and .wncrypt.
Sophos is protecting customers from the threat, which it now detects as Troj/Ransom-EMG, Mal/Wanna-A, Troj/Wanna-C, and Troj/Wanna-D. Sophos Customers using Intercept X will see this ransomware blocked by CryptoGuard. It has also published a Knowledge Base Article (KBA) for customers.
NHS confirms attack
National Health Service hospitals (NHS) in the UK suffered the brunt of the attack early on, with its phone lines and IT systems being held hostage. NHS Digital posted a statement on its website:


The UK’s National Cyber Security Centre, the Department of Health and NHS England worked Friday to support the affected hospitals, and additional IT systems were taken offline to keep the ransomware from spreading further.
Victims of the attack received the following message:
Find out today if your current system meets today's minimum security recommendations. Call Managed Solution at (800) 208-3617


Contact us Today!

Chat with an expert about your business’s technology needs.