| | | | | | | | | | | Axios Codebook | | By Sam Sabin · Sep 27, 2024 | | 😎 TGIF, everyone. Welcome back to Codebook. - 🎃 Countdown to spooky season starts in 5, 4, 3....
- 📬 Have thoughts, feedback or scoops to share? codebook@axios.com.
Today's newsletter is 1,245 words, a 4.5-minute read. | | | | | | 1 big thing: The case of the shrinking global cyber workforce | | |  | | | Illustration: Allie Carl/Axios | | | | Growth in the global cybersecurity workforce has slowed for the first time in five years as companies hire fewer security professionals and slash budgets. Why it matters: Businesses and governments are facing more cybersecurity threats than ever, and a lack of skilled workers to fend them off will leave organizations even more vulnerable. The big picture: Budget cuts, hiring freezes and layoffs are squeezing employers' ability to hire cybersecurity workers in the U.S., according to a report this month from cybersecurity certification company ISC2. By the numbers: The global workforce — or the number of actively employed cybersecurity professionals — grew only 0.1% year over year and now sits at 5.5 million, per the report. - But around the world, companies are facing a shortage of 4.8 million workers in the industry, up 19% from last year's needs.
- And fewer workers say they're satisfied with their jobs: 66% of workers globally say they're satisfied, down from 70% who said the same in the 2023 report.
- ISC2 surveyed 15,582 cybersecurity workers and decision-makers around the world as part of its annual workforce study.
Zoom in: The size of the workforce shrunk nearly 5% year over year in the U.S., dropping from about 367,000 to 349,000 workers. - U.S. companies said they need roughly 504,000 more cybersecurity employees than currently exist to properly secure their systems.
Yes, but: In the U.S., this slowed-down growth isn't necessarily a bad thing, Andrew Woolnough, executive vice president of communications, content and brand at ISC2, told Axios. - The U.S. has done a lot of work to promote cyber roles and help bring new workers into the field, so the slowed growth could be naturally occurring.
- Meanwhile, the workforce grew in other countries, including Saudi Arabia, South Africa, the Netherlands, France and Australia.
Between the lines: Companies have likely slowed their cybersecurity hiring as they prioritize teams that generate revenue and create new innovations, Woolnough said. - For many organizations, cybersecurity is still seen as a way to tick off any legal requirements.
- "We need to work harder as a profession to position cybersecurity as a growth enabler rather than a compliance function," Woolnough said.
The intrigue: Employers and employees also have a slightly different idea of what skills are needed for specific roles, according to the survey. - Hiring managers said the top skills they're looking for are problem-solving abilities, collaboration skills and curiosity.
- Meanwhile, applicants think the biggest skills they need are communication skills and cloud computing security know-how.
- 25% of respondents said they've seen layoffs at their workplace in the last year, and 38% have experienced hiring freezes.
What we're watching: ISC2 recommends that companies create more opportunities for cyber workers looking to learn new skills and recruit diverse talent. - "The days where cyber becomes a bolt-on at the end need to be well past us, and unfortunately, they're not," Woolnough said.
|     | | | | | | 2. Leaked troves of congressional email accounts | | |  | | | Illustration: Sarah Grillo/Axios | | | | One in five U.S. congressional staffers' sensitive information has been exposed on the dark web for hackers to steal, according to data released this week. Why it matters: Hackers have a renewed interest in targeting U.S. political campaigns and congressional offices as Election Day nears. - Already-leaked data could help hackers either break into a campaign's online accounts or steal a staffer's identity.
By the numbers: Email addresses belonging to 3,191 congressional staffers are readily available on the dark web, according to new research from encrypted communications service Proton and Constella Intelligence. - More than 1,800 staffers' passwords are also stored in plain text alongside those email addresses, per the report.
Zoom in: Sensitive information about nearly 300 of those staffers was exposed in more than 10 data leaks. - At least one person had 31 of their passwords exposed online.
Reality check: Everyone who has an online account somewhere has likely had their data stolen or leaked on the dark web at some point. - But congressional staffers are higher-value targets for hackers, leaving them more at risk if they're repeating passwords across accounts.
Driving the news: In the last two weeks, hackers have stolen emails from individuals associated with former President Donald Trump's re-election campaign, Popular Information reported this week. - Last month, the intelligence community confirmed that Iran had hacked a Trump campaign associate through a spear-phishing attack.
The bottom line: Proton recommends that congressional staffers sign up for online accounts using non-government email accounts and use a password manager. | | | | | | | | 3. X suspends journalist for posting Vance docs | | By Angrej Singh | | |  | | | Republican vice presidential candidate JD Vance. Photo: Scott Olson/Getty Images | | | | X suspended independent journalist Ken Klippenstein's account yesterday after he shared Sen. JD Vance's vetting document, allegedly stolen during the Iranian hack of Donald Trump's campaign. The big picture: The 271-page document includes research on Vance that the Trump campaign compiled to vet him as a potential running mate. Driving the news: Shortly after Klippenstein shared the document, his X account was suspended for violating its hacked-materials policy, which was in place before Elon Musk bought Twitter for $44 billion in 2022. - Klippenstein published the document to his personal Substack, writing: "The dossier has been offered to me and I've decided to publish it because it's of keen public interest in an election season."
- "As far as I can tell, it hasn't been altered, but even if it was, its contents are publicly verifiable. I'll let it speak for itself," he added.
- The document includes Vance's phone number, home address and email address.
What they're saying: "Ken Klippenstein was temporarily suspended for violating our rules on posting unredacted private personal information, specifically Sen. Vance's physical addresses and the majority of his Social Security number," a spokesperson for X told Axios. - Klippenstein did not respond to a request for comment from Axios.
Between the lines: X has suspended journalists' accounts in the past under Musk's management, despite his repeated claims of standing for free speech. His content moderation decisions have been inconsistent and a flashpoint for the media. Flashback: In 2020, conservative critics blasted Twitter for limiting circulation of a New York Post story about Hunter Biden. - In response, the company made two adjustments to its hacked-materials policy in 2020, as reported by Axios' Sara Fischer:
- Twitter will no longer remove hacked content unless it is directly shared by hackers or those acting in concert with them.
- It will label tweets to provide context instead of blocking links from being shared on Twitter.
Go deeper: Online content policing loses steam. | | | | | | | | A message from Axios HQ | | Your comms tool to navigate workplace change | | |  | | | | Successful orgs stay nimble — adapting their operations as business needs evolve. Successful leaders: - Earn buy-in at every level.
- Ensure teams are informed and supported.
Whether you're shifting goals or restructuring teams, Axios HQ's software will keep comms clear and actionable. 🤝 Book a demo | | | | | | 4. Catch up quick | | | | @ D.C. 🚔 The FBI and the Defense Criminal Investigative Service raided government IT vendor Carahsoft's headquarters in Virginia this week. (Nextgov) 💰 The Federal Election Commission has amended rules to allow federal campaign funds to be used to pay for physical and cybersecurity measures for candidates, their families and campaign staff. (CyberScoop) 🗳️ Russia and Iran usually work together, but on the U.S. election, they're on different sides. (Axios) @ Industry ☁️ Google filed an antitrust complaint with the European Commission against Microsoft, alleging the company uses unfair licensing cloud contracts to stifle competition. (CNBC) 🚂 The rail transportation sector lags behind several critical infrastructure industries in enhancing its own cybersecurity, despite looming threats of a colossal nation-state cyberattack. (The Record) @ Hackers and hacks ⚠️ The U.S. government has been tracking another Chinese government hacker group, known as Salt Typhoon, that's been burrowing into American telecommunications networks. (Wall Street Journal) 🚗 Security researchers have found a way to track millions of Kia cars, unlock their doors and even start the engines remotely. (Wired) 🪙 Crypto scammers hacked OpenAI's press account on X this week. (TechCrunch) | | | | | | | | 5. 1 fun thing | | |  | | | Screenshot: @picotop/X | | | | The way online scams and cyber threats have eroded trust online is wild to think about sometimes. 🫠 | | | | | | | | A message from Axios HQ | | Your comms tool to navigate workplace change | | | | | | | | Successful orgs stay nimble — adapting their operations as business needs evolve. Successful leaders: - Earn buy-in at every level.
- Ensure teams are informed and supported.
Whether you're shifting goals or restructuring teams, Axios HQ's software will keep comms clear and actionable. 🤝 Book a demo | | | | ☀️ See y'all Tuesday! Thanks to Megan Morrone for editing and Khalid Adad for copy editing this newsletter. If you like Axios Codebook, spread the word. |  | Your essential communications — to staff, clients and other stakeholders — can have the same style. Axios HQ, a powerful platform, will help you do it. | | | |
0 comentários:
Postar um comentário