Cyber Security Today, November 2, 2022 – Disgruntled IT security executives, a not-to-be-listed list and more
The total pay for a Cyber Security in the United States is estimated to be $84,944 per year, with an average salary of $78,473 per year. These numbers are the median, which is the middle point of the ranges from our Total Pay Estimate model and is based on the salaries that our users gave us. Disgruntled infosec leaders, a not-to-do list, and more.
Welcome to Cyber Security Today. Today is Wednesday, November 2, 2022. I’m Howard Solomon, contributing cybersecurity reporter for ITWorldCanada.com. PaydayPot
Never had one of those days when you thought, ‘I got it! To hell with this job? If you’re a cybersecurity leader, you’ve got company. A third of the 400 infosec managers in the US and UK recently surveyed said they were considering quitting their jobs. Of these, a third would do so within the next six months. This is according to research done for a security company called BlackFog. What may be surprising is that the numbers aren’t bigger given the pressures of cybersecurity jobs. Thirty percent of respondents said the part of the job they hated the most was the lack of work-life balance. An almost equal number, 27%, said they spent too much time fighting fires rather than focusing on strategic issues. On the other hand, 44% said that what they enjoy most about their job is being the protector of the company.
Something else to consider: 28% said they had resigned from a previous job after a damaging cyberattack in their organization. And 13% said they were fired because of a cyberattack.
Is your organization on the list? This is not a list of the best, the most profitable, or the prettiest companies. These are the companies allegedly penetrated by hackers who sell their access for further exploitation by other threat actors. Depending on the month, an average of 190 organizations are regularly referenced by around a hundred initial access brokers. That’s according to a recent report by Israeli cybersecurity firm Kela. Access would be through things like compromised remote desktop portals for employees. An average price would be around $2,800. Access to some victims is auctioned off. For example, in July, a broker set a starting price of $20,000 for access to an electricity utility in France.
I warned before that clicking on an ad while searching the Internet can be risky. Unlike a standard link in a search, a link related to an advertisement can redirect to a malicious website. Here’s the latest example, as reported by news site Bleeping Computer: Recently, people searching for the open-source image editor called GIMP would see a result — tagged ad — that linked to the legitimate site “www.gimp.org “. But those who clicked went to ‘gilimp[.]org.’ If they didn’t look closely at the address bar, it looked like “gimp”. And to be convincing, the title of the fake website said GIMP in big letters. And of course, that was the point – trick unsuspecting victims into thinking this was the real GIMP site into downloading the software. They would think it was the GIMP editor, but rather malware. Remember that ads on any search page do not look like photo ads. These are pieces of text with a link. But on most good search engines, an ad is tagged “announcement.” Google, Apple, Mozilla and other search engine companies work hard to filter out bad ads. Sometimes they fail.
Remember that links to podcast story details are in the text version at ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.
