Every organization, irrespective of its size, is susceptible to security threats and attacks. Cybercriminals or hackers make money by committing cybercrimes. Most cybercrimes occur due to commonly used devices such as computers and mobile devices. These two devices can be used as a tool or a target to perform an unlawful act. The various cybercrimes involving computers and mobile devices are unauthorized access to personal computers, mobiles, social media personal accounts, and online bank accounts. This has created a huge demand for professionals who can thwart cyber-attacks. As rapid adoption of cloud computing is witnessed across the globe the need for certified cloud security experts is growing exponentially. This blog post throws light on various types of cybercrimes prevailing in the post-pandemic world and how to build a robust workforce of certified cloud security experts through cloud security certifications like Microsoft Azure Security Exams.
1. Covid-19 and Rampant Cyber Crime: Statistics Speak
According to Deloitte Research
- 47% of individuals fall for phishing scams while working at home
- Between February and May 2020 more than half a million were affected by a security breach in which the personal data of video conferencing users was stolen and sold on the dark web.
- Cyberattacks using previously unseen malware or methods have rapidly increased during the pandemic. It was around 20% before the pandemic and has shot up to 35% post-pandemic.
Protecting an organization’s estate, resources, assets, and data from security breaches and attacks is an ongoing and escalating challenge. Recently, the business world changed overnight as large numbers of staff switched to remote working due to Covid-19, creating an exploitable window for cybercriminals. According to a Deloitte report between February to May 2020 half a million people were affected by breaches and video conferencing data was sold on the dark web. IT departments rushed to patch and strengthen their staff’s devices and their access to company assets and resources. Here is an overview of various types of cyberattacks that needs to be addressed with caution.
Online Scams and Phishing
Due to the huge unemployment and loss of jobs during the Covid-19 pandemic, there is a lot of increase in internet crime. Most of the scams are targeted towards internet users and create a lot of inconveniences in using online services. In phishing, fraudulent communication, mostly in the form of email is sent by attackers to know the sensitive information of the user such as credit card and login information. The user will feel as if he has received the communication from a reputable source and provided the details. There is a 220% increase in phishing attacks during the pandemic according to Phishing and Fraud Report. There is a notable increase in this category of attacks during this pandemic.
Disruptive Malware (Ransomware and Distributed denial of service)
There is a lot of increase in creating and developing malicious software to damage the resources of an organization. Ransomware is used to encrypt the files and folders of the system to extort money from the victims. Due to this category of attack, the work of employees will be interrupted and, in turn, causes huge losses to the organization. Distributed denial of service (DDOS) attacks target websites with fake traffic and increase the load on the webserver. There is a notable increase in this category of attacks during this pandemic.
Data Harvesting Malware
This attack focuses on the extraction of data from websites without the consent of the administrator. Malicious bots are used to extract data such as age, gender, and location. This data will be used for various means through which the attacker will benefit. Remote Access Trojan, info stealers, spyware, and banking Trojans are examples of data harvesting malware. There is a spike in these types of attacks in recent times.
Cybercriminals are taking advantage of the increased demand for information related to Covid-19. The public is interested to know about medical supplies and other vital information related to the virus. Taking the above situation as an advantage, cybercriminals are creating fraudulent websites with domain names containing keywords such as “coronavirus” or “COVID. These fraudulent websites will publish misleading information and will try to create financial losses for the customer.
Cyber attackers are propagating a lot of false information related to Covid-19. Misleading information related to medical services, government benefits, and policies during pandemics is being circulated among the public. Unauthorized medical commodities are sold at a higher price by propagating the above category of information. In fig 1 the distribution of the key COVID-19 inflicted cyber threats based on member countries’ feedback is depicted.
Figure-1: Distribution of the key COVID-19 inflicted cyberthreats ( Source: https://www.interpol.int/)
The above-mentioned cybercrimes can be handled effectively by using various cyber security measures. Awareness of various cyber-attacks should be created among the general users to overcome the problems faced in the current situation. Trust no one, verify everything methodology should be adopted by everyone to increase the level of security. Various cybersecurity tools should be used to provide protection for data, applications, and infrastructure associated with the internet. The present generation of graduates can pursue a career in cybersecurity as there is a lot of demand for the workforce. Even working professionals can reskill themselves to gain insights into the problem in demand. To acquire cybersecurity knowledge both the graduates and working professionals should focus on getting the relevant certifications. Microsoft provides various certification courses in security. The following section provides details of cloud certifications in the security sphere.
2. Microsoft Azure Security Certifications
- Exam MS-500: Microsoft365 Security Administration
- Exam AZ-500: Microsoft Azure Security Technologies
- Exam SC-900: Microsoft Security, Compliance, and Identity Fundamentals
- Exam SC-200: Microsoft Security Operations Analyst
- Exam SC-300: Microsoft Identity and Access Administrator
- Exam SC-400: Microsoft Information Protection Administrator
A glimpse of the learning paths in preparation for the SC-900 exam: Microsoft Security, Compliance, and Identity Fundamentals is given below:
- SC-900 part 1: Describes the concepts of security, compliance, and identity
- SC-900 part 2: Describes the capabilities of Microsoft Identity and access management solutions
- SC-900 part 3: Describes the capabilities of Microsoft security solutions
- SC-900 part 4: Describes the capabilities of Microsoft compliance solution
Details of complete Microsoft SC-900 certification are available here.
3. Bank on CloudThat Free Training on SC-900 Exam
CloudThat pioneer Training & Consulting services provider since 2012 offers training on Cloud, DevOps, Security, AI&ML, IoT, and Big Data for midsize and enterprise clients globally being a Microsoft Gold Partner ensures aspirants get trained from Microsoft Certified Trainers. Importantly, the training provides access to Microsoft Official Curriculum, Access to real-world use cases, hands-on lab sessions, Free access to the Test Preparation portal, and Mock Exams.
CloudThat offers the candidates with proper training and relevant study material to prepare and successfully clear the SC-900 certification exam. I personally have benefited from CloudThat training and cleared the SC-900 exam with a good percentage of marks because of the training given by CloudThat expert security trainers.
4. Nature of Questions in the SC-900 Exam
The candidate should know about Security-focused services related to Microsoft Azure and Microsoft 365 platforms to clear the exam. A deeper understanding of Microsoft Defender, Microsoft Endpoint, Microsoft Security, Azure Sentinel, and Azure AD Domain Services for hybrid and on-premises is needed to gain a good percentage in the exam. The examination comprises multiple-choice questions, drag and drop questions and True or False questions.
5. Post-Pandemic Cyber Security Measures
The following six measures are identified to be vital while implementing new security measures in the post-pandemic world:
- Some organizations have to embrace new operating models. Remote worker monitoring and support will become vital for many organizations changing over to work from home models. They must put stringent access right policies for employees working remotely.
- Organizations should ensure no outliers exist by resetting security systems. Mitigate any risks of digital holes in the fence by restarting both physical and digital systems.
- New cyber risks that appeared during the pandemic must be understood. For instance, security experts will need to scrutinize the digital capabilities of critical business functions, making sure they can withstand cyberattacks during a lockdown. They will examine critical supply chains, including digital supply chains, to ensure continuity during a health crisis.
- Reassess Corporate IT security architecture. Implement mass scale feature risk and context-based security authentication mechanisms
- Modify the bring your own device (BYOD) and remote access policies. They should include cybersecurity hygiene controls.
- Deploy advanced technology. Employ next-generation technologies like big data, artificial intelligence, and machine learning to thwart cyberattacks.
The dependency of the public on online services during Covid-19 multiplied. There is a lot of scope for hackers to attack web services and achieve their goals. It is high time that all the graduates got themselves skilled in Cybersecurity technologies. If professionals upskill and embrace change, there is no need to fear the current situation. Even software professionals should be ready to reskill themselves and contribute to the benefit of society. This challenge is in fact an opportunity in disguise for people who hunt for jobs and for those who want to make a career shift.
7. Frequently Asked Questions
- What are the popular certifications on cloud security?
Popular Cloud Security certifications are:
- Microsoft Certified Azure Security Engineer Associate
- AWS Certified Security
- Google Professional Cloud Security Engineer
- Certified Cloud Security Professional (CCSP)
- CompTIA Cloud+