IT security professionals are on the front lines against web threats. A web threat is anything on the Internet that facilitates cybercrimes, including computer viruses, denial-of-service attacks and malware that target computer networks and devices. Other cybercrimes include cyber stalking, fraud and identity theft, information warfare, and phishing scams, all of which use computer networks and devices to facilitate other crimes. Financial damages, identity theft, loss of confidential information or data, damage to a company’s brand or a person’s reputation, and declining consumer confidence are just some of the risks posed by Web threats.
Web Threats Are Serious Threats
Every individual on every desktop and mobile computing device connected to the Internet is vulnerable to Web threats. Organizations worldwide are more dependent than ever on conducting business through the Internet. That dependence, combined with ever-changing Web threats, means most organizations are at risk every day of losing data, productivity and revenue. The increasing need for protection against the losses caused by Web threats is driving the growth of information systems (IS) security jobs.
Web threats often enter networks without user knowledge. They can also be triggered by clicking on a hyperlink or executable file attachment in a spam email. Once in a system, Web threats spawn variants, creating a chain reaction that spreads through the Web to infect more machines and perform more malicious activities.
Fighting Back Against Cyber Threats With IT Security
IT professionals specializing in IS security work need to stay up-to-date on cyber threats. Typically, they manage known threats from known sources through URL filtering and content inspection solutions. These require frequent updates, but are generally effective. It has become clear in recent years that multi-layered protection is necessary to fully protect consumers and businesses from web threats.
The “layers” referred to include the cloud, the Internet gateway, network servers and individual computers. The multi-layer approach integrates antivirus, anti-phishing, anti-spyware and anti-spam protection with website analysis using multiple techniques, such as source reputation and content clearing.
Top 10 Web Threats
Web threats are more damaging and extensive than ever. Nearly any website can either host malware or send the user to one that does. And infections are more likely to result from a visit to a legitimate website that has been compromised with spyware than from a phony site set up specifically to spread malware.
Last year, IT security firm Symantec released a list of history’s 10 most notorious Web threats:
I Love You (2000): This worm used a friendly phrase to entice users to open it. Ultimately, the Pentagon, CIA and British Parliament’s email systems were shut down in an effort to fight it.
Conficker (2009): Conficker allows its creators to remotely install software on infected machines. Later, it could possibly be used to create a botnet that can be rented out to criminals seeking to steal identities and direct users to online scams and phishing sites.
Melissa (1999): Named for the exotic dancer its creator was obsessed with, this virus kicked off a long period of high-profile threats between 1999 and 2005.
Slammer (2003): A fast-moving, aggressive worm, Slammer brought much of the Internet down in January, 2003.
Nimda (2001): This mass-mailing worm uses multiple methods to spread itself and became the Internet’s most widespread worm in 22 minutes. Its name is “admin” in reverse.
Code Red (2001): Websites with the Code Red worm were defaced by the phrase “Hacked By Chinese!”
Blaster (2003): The Blaster worm launched a denial of service attack against Microsoft’s Windows Update website.
Sasser (2004): Capable of spreading without user intervention, Sasser caused Delta Airlines to cancel some of its flights.
Storm (2007): Another worm directed at Microsoft, it was observed sending almost 1,800 emails from a single machine in a five-minute period.
Morris (1988): An old worm that remains famous and allows current worms to exist, Morris was created innocently in an attempt to gauge the size of the Internet.
Top Trends in Cyber Threats
Hackers and cyber thieves are continuously launching new Web threats – often tied to newsworthy events:
In December, 2010, supporters of the website WikiLeaks protested against MasterCard and Swiss bank PostFinance’s disruption of funding to the site by attacking their websites. The hackers, dubbed Anon_Operation, said they had brought down mastercard.com with denial of service attacks.
In June, 2010, spammers and scammers took advantage of national interest in the FIFA World Cup in South Africa to release spam, scams, advance-fee “419” fraud and malware attacks.
The average rate for malware in email traffic in 2010 was one in 284.2 emails, according to Symantec’s MessageLabs Intelligence2010 Annual Security Report. There was a substantial increase in the number of different malware strains blocked, due largely to the growth in polymorphic malware variants that allow a new version of the code to be generated quickly and easily, according to the report.
Two of the greatest challenges for IT security professionals are protecting an increasingly mobile workforce and the business world’s skyrocketing use of social media tools – which cyber criminals have recognized as a new means to conduct illegal activity and inflict harm.
Increasing broadband availability, combined with more users without computer security awareness gaining Internet access, is leading to high rates of malware infection in additional areas like East Africa.
Symantec predicts that in 2011, botnet controllers will begin hiding commands in plain view – within images or music files shared through file sharing or social networking sites.
IS Security Job Descriptions
The new and unknown Web threats designed to adapt to traditional methods and avoid detection keep IS security professionals on their toes. Their main responsibility is to analyze systems to prevent security breaches, loss of revenue and harm to brands, and protect confidential data.
Overview of IT Security Careers
IS security jobs can be found in organizations in the private, public and government sectors, worldwide. Employers need the skills and knowledge that experienced professionals bring. With advanced training and industry certification, you can pursue a career as an IS security engineer, IT security consultant or IS security manager. Additional experience and training can lead to executive IT security jobs like chief IT officer, director of information technology, senior IS security analyst, chief IS security officer, and IS security director.
IT security professionals are responsible for creating different methods to protect an organization against spyware and malware, while keeping Internet bandwidth available for business needs. They must also guard against employees’ improper Internet use, like visiting infected websites, and prevent loss of confidential information and data.
Different responsibilities come with varying levels of responsibility on the IS security career path. In mid-level positions like IS security engineer and IS security manager, job descriptions typically include duties like performing security design reviews, code audits and black box testing. They may also develop product specifications, plans, schedules and other written correspondence. Higher-level executives such as chief technology officers, IS security directors and chief information officers lead an organization’s IS security strategy, planning and supervisory activities, and directing an information systems security or information technology department.
IT Security Potential Salary
The U.S. Bureau of Labor Statistics (BLS) data from May, 2009 indicate computer and information systems managers earned average salaries of $120,640. Those in the 75th percentile earned around $143,590 per year, while the top 10% earned upwards of $166,400 annually.
Salary.com and PayScale.com records for December 2010 showed that IT and IS security managers, directors and executives had an annual base income in the following ranges:
IS Security Position Median Annual Base Pay. 90th Percentile
IS Security Manager $101,633 $128,405
IT Security Director $111,379 $146,286
Information Security Director $133,790 $161,060
Information Technology Dir. $160,390 $206,452
Chief Information Security Off. $161,961 $224,359
Chief Information Tech Off $227,837 $330,577
IS Security Job Education and Training: Learn to Fight Cyber Threats
IT and finance professionals, project managers and business professionals from a variety of backgrounds are affected by web threats. Those interested in pursuing a career in IS security should consider acquiring the in-demand information security skills and certification that today’s top employers require.
Landing an IS security job typically requires at least a bachelor’s degree, specialized IS security training and recognized credentials such as the Certified Information Systems Security Professional (CISSP ®) or Systems Security Certified Practitioner (SSCP®) certification through (ISC)2® or CompTIA (Computing Technology Industry Association) Security+™ certification. To develop these critical skills and prepare for certification exams, many professionals enroll in continuing professional education – such as the Master Certificate in Information Security programs offered 100% online by Villanova University.