Welcome reader to your CybersecurityHQ report

Upgrade your subscription for exclusive access to member-only insights and services.

Upgrade to paid

The latest research from ISC2 says that globally the cybersecurity workforce grew just 0.1% over the last year. This is the first stall in employee growth the sector has seen since 2019.

The report highlights a few confounding factors that have come together to slow down hiring: budget cuts, layoffs, and hiring freezes. A full quarter of cybersecurity professionals have seen budget cuts in their departments this year, and nearly 2 in 5 are seeing budget cuts and hiring freezes.

At the same time, a majority of people in the cybersecurity workforce are calling this the most challenging threat landscape in five years. And 90% of respondents in the research say their organizations have skill shortages.

Yet another troubling trend is a decrease in entry-level jobs. This is making it harder for new cybersecurity professionals to break in and develop a robust skillset.

But it isn’t all doom and gloom. ISC2’s EVP of corporate affairs Andrew Woolnough emphasizes that “This is just one year in a long continuum. There’s no reason to think that cybersecurity won’t continue to grow and that businesses won’t continue to invest in it.”

ISC2 is a non-profit industry association that both trains and certifies cybersecurity professionals.

The news highlights an ongoing labor gap in the cybersecurity industry, one that the World Economic Forum recently pegged at an estimated 4 million positions unfilled globally. Due to rising threats and shrinking departments, they believe that number will explode to 85 million in five years.

Many companies are holding off until a new wave of AI tools can competently fill those positions, but that’s a gamble that could prove to be a goldmine for threat actors ready right now.

Apple has launched iOS 18, along with a standalone "Passwords" app, signaling a major shift in how users manage their login details. The app is also available on macOS Sequoia and iPadOS 18, allowing users to sync their credentials across all Apple devices via iCloud. With built-in encryption and Face ID security, Apple is aiming to simplify password management for millions.

Previously, login credentials were stored in Apple’s Keychain and AutoFill systems, but they’ve now been consolidated into this new app. All previously saved details, including those from the “Sign in with Apple” feature, will automatically migrate to Passwords. This move could present a challenge to existing password managers, as Apple’s solution is integrated directly into the ecosystem most users are already familiar with.

The app offers a minimalistic design, organizing data into six categories: All, Passkeys, Codes, Wi-Fi, Security, and Deleted. In a subtle push toward a password-free future, it includes features to enable automatic passkey upgrades, promoting the adoption of more secure, password-less technology.

Cybersecurity experts suggest Apple’s decision stems from a usability standpoint. “Making Passwords visible could encourage better security practices,” says University of York lecturer Siamak Shahandashti.

However, critics note that Apple's app may lock users into its ecosystem, as it lacks export options for saved data. Regardless, for those not yet using a password manager, Apple’s new app could be the nudge they need.

In election news, US Circuit Judge Michael Scudder is yet another voice calling for vigiliance as we approach November.  “Now is a time when everyone in the judiciary needs to stay extra alert and be extra smart and vigilant in all aspects of our use and monitoring of our IT systems,”

Though he put forward no specific threats, he pointed to the general fear experts have shared.“We know from public reporting out of the intelligence community that foreign adversaries see this election season as an opportunity to spread misinformation and to sow doubt about the workings and stability of our national government. So, my report emphasized that we must presume the judiciary faces this same risk.”

2020 saw the federal courts suffer a major security breach, and that kind of attack could repeat itself. This insecurity could combine with pressure on courts to sort out a tight election, something that polling is predicting. We might see failing to live up to enormous security challenges at the same time we are relying on them to pick up the pieces of a contested election.

Also in election news, Microsoft released research claiming Russia was behind the false claim found on social media that Democratic presidential candidate Kamala Harris paralyzed a 13-year-old girl in a 2011 hit-and-run incident.

To create disinformation content, the operation created a fake local San Francisco outlet called KBSF-TV and hired an actor to play the victim in the incident.

Microsoft is calling the Russian group Storm-1516.

The group has created disinformation videos pitting Vice President Harris and her running mate Governor Tim Walz in an array of conspiracy theories.

The encrypted communication platform Ghost has been dismantled by an international law enforcement operation led by the Australian Federal Police and coordinated by Europol. Ghost has been notorious to law enforcement for its exclusive use by organized crime groups to facilitate drug trafficking and launder money on a global scale.

To get the app,people had to purchase a mobile phone with it already installed, paying around $1590 USD. Purchase of this so-called “crimeware” came with a 6-month subscription and tech support. It was used by criminals in Australia, Ireland, Italy, and Central Europe.

The large-scale investigation led to the arrest of 51 suspects across multiple countries, may have prevented threats to life, dismantled an Australian drug lab, and resulted in the seizure of cash, drugs, and weapons.

The extensive operation was carried out by law enforcement in Australia, Canada, France, Iceland, Ireland, Italy, the Netherlands, Sweden, and the US.

Interesting Read

The National Cyber Security Agency unveiled the National Cyber Security Strategy 2024-2030 yesterday, setting a comprehensive framework to enhance Qatar's cyber resilience. The event, hosted by Prime Minister H E Sheikh Mohammed bin Abdulrahman bin Jassim Al-Thani, was attended by senior officials and ministers—kicking off a renewed wave of cybersecurity interest in the region.

The strategy aligns with Qatar National Vision 2030, emphasizing a combined approach between the government and private sectors. President of the National Cyber Security Agency, H E Eng. Abdulrahman bin Ali Al Farahid Al Malki, highlighted Qatar's top ranking in the Global Cybersecurity Index and stressed the importance of shared responsibility and coordination.

But how is Qatar thinking about cybersecurity?

Their strategy focuses on five pillars: strengthening Qatar’s cyber ecosystem, improving legislation and law enforcement, fostering a data-driven economy, developing a skilled cybersecurity workforce, and enhancing international cooperation.

Engineer Dana Yousef Al Abdulla, Director of National Cyber Governance, presented the strategy's development process and risks, stressing its role in addressing evolving cyber threats and fostering innovation. The strategy aims to position Qatar as a global leader in cybersecurity, ensuring the nation’s security, prosperity, and technological advancement.

Twitter Highlights

Stay Safe, Stay Secure.

The CybersecurityHQ Team