A “denial-of-service” (DoS) attack disrupted the U.S. electrical grids, including section that stretch into Bakersfield, earlier this year. According to the U.S. Department of Energy, the cyberattack occurred On March 5, from 9 a.m. to 7 p.m., but did not result in any power outages.
Last year, the city of Bakersfield revealed hackers had breached data in the Click2Gov system, which is used to process online municipal payments.
In 2016, the Kern County Superintendent of Schools Office reported the personal information of more than 2,500 employees had fallen victim to a data phishing scam.
These are just a few examples of recent local data breaches and cyberattacks. No doubt there have been many more. And hardly a week goes by that a major national corporation doesn’t notify customers, including those in Bakersfield and Kern County, that their private information has been stolen.
“It would be unique to find a company that’s not concerned about cybersecurity,” said Alec Wilder, Aera Energy’s chief information officer. “We all need to ensure that defenses are in place and act accordingly against cyberattack threats.”
The annual Verizon data breach report found that regardless of the type or amount of an organization’s data, “there is someone out there who is trying to steal it.” And, according to the Symantec 2019 Internet Security Threat Report, one in 10 websites is malicious; web attacks are up 56 percent; and mobile ransomware is up 33 percent.
“Anything attached to the Internet is vulnerable to a cyberattack,” said Wilder. “That’s why Aera adopted a philosophy of ‘zero trust’ earlier this year. That means trust no one when it comes to cybersecurity. A defensive perimeter is no longer adequate. Our ‘zero trust’ philosophy is about protecting, detecting and responding to cyber threats.”
Kern County’s two main industries are oil and agriculture. They are also among its main cyberattack targets. Jeanne Varga at the Kern County Water Agency, which provides water to both agriculture and municipal customers, joined Aera’s Wilder in emphasizing the need to be vigilant.
“For the Kern County Water Agency infrastructure, the latest software and hardware have been implemented. The vigilance of agency staff has been increased through training. And, outside connections are limited to what is necessary.”
“The Internet is like the Wild West,” said Steve Annis, Bakersfield-based Valley Republic Bank’s executive vice president and chief operating officer. “There are bandits hiding behind every tumbleweed (or email.) So, caution is always the order of the day.
“As much as we try to protect our customers, the reality is that once a customer is duped into sending money to a scammer, or divulging personal information to a hacker, there is very little any bank can do to get the lost money back. Awareness of the many dangers associated with the Internet is by far the best and most effective preventive measure we can take.”
“At Aera, we have made cybersecurity everyone’s responsibility to help keep Aera safe,” said Wilder. “We conduct employee training on cybersecurity multiple times a year. We have also extended that training to the families of our employees to help them keep their home technology safe. We like to think cybersecurity as an extension of Aera’s overall safety emphasis.”
But as cyberattacks increase and companies scramble to protect their information, the supply of trained cybersecurity “warriors” is being stretched.
Nationwide, an estimated 768,000 people now are working in cybersecurity jobs, with nearly 302,000 jobs unfilled. California alone has an estimated 36,600 job openings, with 420 of them in Bakersfield, according to Cyberseek.org, a consortium of government, business and educational agencies. Industry observers predict the number of unfilled cybersecurity position nationwide will grow to 3.5 million by 2021.
At California State University, Bakersfield, cybersecurity skills are taught as a course concentration in the Department of Computer Science. Dr. Melissa Danforth, who chairs the department, acknowledges the increasing demand for trained cybersecurity professionals and the increasing interest of students to pursue careers in the field.
She said most CSUB students are following the traditional computer science or computer information systems concentrations, filling out their studies with cybersecurity electives.
“Cybersecurity also has reached into other fields,” she said. “For example, someone with a business administration, or policy administration background could easily shift into cybersecurity regulations, policy and compliance.
“This is a very big field, particularly in the health and financial sectors. And it is just as important as the technical aspects of cybersecurity,” she said. “Even the generalized jobs can benefit from a more cybersecurity-focused mindset. For example, a software developer who is trained in common coding errors and security-focused audit techniques can develop a more robust program that has fewer vulnerabilities.”
Danforth said CSUB computer science alumni are working locally in a wide range of positions, including financial, medical, energy and government.
As college graduates were tossing their caps into the air in May, Bloomberg was reporting that they were entering one of the hottest job markets in recent memory, with data scientist jobs paying the highest entry level salaries. According to Glassdoor researchers, young workers in the field earned a median annual salary base of $95,000 – higher than young Wall Street investment-banking analysts.
According to Cybersecurity Ventures, a company that monitors the cybersecurity industry, the top five highest paying specialties in 2019 are freelance “bug bounty hunters,” chief information security officers, deputy chief information security officers, lead software security engineers and cybersecurity sales engineers. The industries with the highest demand for cybersecurity warriors are the cyber industry, itself; financial services, including banks; all levels of government; retail; healthcare; manufacturing.
Zip Recruiter reported this spring that of all the industries the company studied, technology saw the largest increase in cybersecurity-related roles. From 2017 to date, cybersecurity jobs spiked 40 percent. And when Facebook’s massive data breach was revealed last year, information security roles grew by 250 percent year over year.
This spike was partly due to companies scrambling to secure their data systems and partly mandated by legislation demanding greater protection of Americans’ sensitive information. Cambridge Analytica’s illegal access to the private information of more than 80 million Facebook users during the 2016 presidential campaign kicked the cybersecurity industry into an even high gear.
In addition to hiring more cybersecurity staffs, companies are training their existing employees in cybersecurity skills. Many companies also are turning to traditional internships to transition new graduates into new employees. Danford noted that Aera recently created a cybersecurity internship at CSUB.
Aera’s Wilder’s advice to local companies: “The best thing you, as a company, can do to limit the risk of cyberattacks is to hire a cybersecurity staff that embraces the motto: ‘We are paranoid, so you don’t have to be.’”