Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Cybersecurity Snapshot: Discover the Most Valuable Cyber Skills, Key Cloud Security Trends and Cyber’s Big Business Impact

Cybersecurity Snapshot: Discover the Most Valuable Cyber Skills, Key Cloud Security Trends and Cyber’s Big Business Impact

Happy New Year! Learn all about the cybersecurity expertise that employers value most; Google Cybersecurity Action Team’s latest take on cloud security trends; a Deloitte report on cybersecurity’s growing business influence; a growth forecast for cyber spending; and more!

Dive into six things that are top of mind for the week ending Jan. 6.

1 - These cyber skills command higher bonus compensation

As we embark on a new year, it’s a good time to check out what cybersecurity expertise is highly valued and triggering robust bonus pay, so we took a look at Foote Partners’ latest data for the six months ending in Oct. 1, 2022 and plucked the following nuggets.

In the category of non-certified IT skills that are both earning juicy bonuses and growing in value, these cybersecurity-related ones caught our eye:

  • Security auditing
    • Average pay premium: 20% of base salary equivalent
    • Market value increase: 5.3% 
  • Azure key vault
    • Average pay premium:19% of base salary equivalent
    • Market value increase: 5.6% 
  • Cryptography
    • Average pay premium: 18% of base salary equivalent
    • Market value increase: 20% 
  • Identity and access management
    • Average pay premium: 18% of base salary equivalent
    • Market value increase: 5.9% 
  • Penetration testing
    • Average pay premium: 17% of base salary equivalent
    • Market value increase: 21.4%
  • Security testing
    • Average pay premium: 17% of base salary equivalent
    • Market value increase: 13.3%
  • Threat detection / modeling
    • Average pay premium: 17% of base salary equivalent
    • Market value increase: 13.3%

These cyber skills command higher bonus compensation

In the category of IT certifications, these cybersecurity-related options stand out for their bonus pay and for climbing in value:

  • GIAC Certified Forensics Analyst (GCFA)
    • Average pay premium: 12% of base salary equivalent
    • Market value increase: 9.1%
  • InfoSys Security Engineering Professional (ISSEP/CISSP)
    • Average pay premium: 12% of base salary equivalent
    • Market value increase: 9.1%
  • Okta certified professional 
    • Average pay premium: 11% of base salary equivalent 
    • Market value increase: 57.1%
  • AWS certified security 
    • Average pay premium: 11% of base salary equivalent 
    • Market value increase: 22.2%
  • Certificate of Cloud Security Knowledge (CCSK)
    • Pay premium: 11% of base salary equivalent 
    • Market value increase: 10%
  • CompTIA Advanced Security Practitioner (CASP)
    • Average pay premium: 10% of base salary equivalent 
    • Market value increase: 11.1%

The Foote Partners data comes from its third-quarter “2022 IT Skills Demand and Pay Trends Report” and its third-quarter “2022 IT Skills and Certification Pay Volatility Index.” Those two quarterly reports contain data from 4,000-plus U.S. and Canadian employers that provide the IT analyst firm with pay data about 372,000-plus technology employees. 

For more information about Foote Partners’ latest data:

2 - Google’s Cybersecurity Action Team unpacks cloud security trends

Google’s latest “Threat Horizons” report is out, outlining key cloud security trends for 2023 from the company’s Cybersecurity Action Team, including:

  • Attackers will boost their efforts to compromise cloud environment identities that give them access to assets hosted in multiple cloud platforms, as organizations struggle with ever more complex cloud identity and authentication challenges.
  • Taking advantage of the increasingly common integration of operational technology (OT) systems with cloud services, attackers will ramp up their attempts to compromise OT systems via the cloud.
  •  As cloud environments become more attractive for attackers, they will develop more sophisticated tools and malware tailored for breaching cloud environments.

The report also takes a look back at the top cloud compromise factors and at the most frequently targeted cloud software in 2022’s third quarter, based on an analysis of Google Cloud Platform customer data.

Regarding the cloud compromise factors, Google notes that while weak passwords remain atop this category, the incidence of API key compromises has grown.

 Google outlines top cloud compromise factors

(Source: "Threat Horizons" report from Google's Cybersecurity Action Team, January 2023)

Meanwhile, Google sees an increased diversification in the most commonly targeted cloud software.

 Google unpacks cloud security trends for 2023

(Source: "Threat Horizons" report from Google's Cybersecurity Action Team, January 2023)

For more information about the report, read this commentary by Google Senior Security Advisor Anton Chuvakin.

To learn more about cloud security challenges and trends:

VIDEOS:

Multi Cloud Security (Leena Bongale, Manager - Data Analytics & Governance, TD Bank)

Cloud Security for Beginners: Part 1 - Starting Off in the Cloud (SANS Institute)

Zero to Hero in Managing Enterprise Cloud Security (SANS Institute)

3 - Study: Cybersecurity having greater impact on business growth

Cybersecurity’s role has widened beyond the technology realm, as it increasingly influences organizations’ business strategies and goals, and has a progressively larger effect on digital transformation and business success. 

That’s according to Deloitte’s “2023 Global Future of Cyber” report, for which the consulting firm polled more than 1,000 cybersecurity leaders from 20 countries, the majority of which said cybersecurity is becoming more and more integrated into the fabric of their business. 

Key report findings include:

  • 86% of respondents said their focus on cyber has yielded “a significant, positive contribution” to the business.
  • 70% said cybersecurity is on their board’s agenda regularly – either monthly or quarterly.
  • 58% of organizations polled plan to boost their cybersecurity investment.

What role does cybersecurity play in these digital transformation initiatives?

 Study says cybersecurity is having big business impact

(Source: Deloitte’s “2023 Global Future of Cyber” report, December 2022)

So what characterizes organizations with a high level of cyber maturity and cyber performance that impacts business success? Deloitte identifies three key elements:

  • Conducting comprehensive cyber planning, involving strategic, operational and tactical plans to prevent and respond to cyberthreats.
  • Carrying out key cyber activities, including qualitative and quantitative risk assessment, the use of industry benchmarking, and planning incident response scenarios.
  • Having effective and consistent engagement with the board of directors on a regular basis.

Deloitte also strongly recommends embedding cyber responsibilities throughout the organization, with at least one person in each business unit tasked with coordinating with the cybersecurity team.

Respondents to the survey are cyber decision-makers at the director level or higher in organizations with at least 1,000 employees and US$500 million in annual revenue. 

For more coverage about the Deloitte study:

4 - Enterprise IT spending to slow in 2023, but cybersecurity bucks the trend

In its “2023 Technology Spending Intentions Survey,” Enterprise Strategy Group (ESG) forecasts a deceleration in IT spending overall, but several segments will see aggressive investments, including cybersecurity. 

Enterprise IT spending to slow in 2023, but cybersecurity bucks the trend

Based on a survey of 742 senior IT leaders, the report states that 52% of midmarket and enterprise organizations will up their IT spending this year. 

Respondents identified the need to improve cybersecurity as their top driver of IT spending in 2023, as well as the most common catalyst for approving and funding new IT projects. A large majority of senior IT decision makers – 83% – said their organizations are better prepared to respond to a ransomware attack than they were a year ago.

“With an expected increase in criminal activity, organizations will need to invest strategically in areas like vulnerability management and security hygiene – both internally and throughout their supply chain,” said ESG principal analyst Dave Gruber in the report.

Other areas where ESG expects spending to grow robustly include artificial intelligence and cloud computing.

For more information about cybersecurity spending forecasts for 2023:

5 - U.S. government: Put SHA-1 out to pasture

The U.S. National Institute of Standards and Technology (NIST) is recommending that organizations identify any instances where they’re using the SHA-1 algorithm to protect electronic information and replace it with newer, more secure options like SHA-2 and SHA-3.

U.S. government: Put SHA-1 out to pasture

SHA-1 has been around since the mid-1990s, and is currently vulnerable to attacks from today’s more powerful computers. NIST deprecated its use in 2011 and disallowed its use for digital signatures in 2013. 

Now, it plans to stop using SHA-1 altogether by Dec. 31, 2030, at which point cryptographic modules that still use SHA-1 will not be eligible for purchase by the U.S. federal government.

For more information:

6 - A roundup of 2023 cybersecurity predictions

It’s that time of year when experts venture predictions for the new year. It’s always interesting to check out these forecasts and educated guesses, so we’ve collected links to a bunch of them. 

Check out our roundup of 2023 cyber predictions

Have fun peering into the cybersecurity crystal balls of the Center for Internet Security, SC Magazine, Dark Reading, Security Magazine, The Hacker News, Beta News, VentureBeat and GovTech.

Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Tenable.io Web Application Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web Application Scanning trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.cs Cloud Security.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable.io Container Security

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try Tenable Lumin

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable.io Vulnerability Management, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable.cs

Enjoy full access to detect and fix cloud infrastructure misconfigurations and view runtime vulnerabilities. Sign up for your free trial now.

Your Tenable.cs Cloud Security trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.io Web Application Scanning.

Contact a Sales Rep to Buy Tenable.cs

Contact a Sales Representative to learn more about Tenable.cs Cloud Security and see how easy it is to onboard your cloud accounts and get visibility into both cloud misconfigurations and vulnerabilities within minutes.

Try Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Promotional pricing extended until February 28th.
Buy a multi-year license and save more.

Add Support and Training