While there are many types of fraud out there, what are some of the most dangerous threats to businesses right now? How does digital security translate into a real impact?

Wire transfer schemes, also known as "business email compromise," are increasing exponentially. These social engineering tactics are powerful methods for cyber criminals to compromise organizations. In addition, crime as a service is making it harder for criminals to get caught through the use of third-party tools and services. John Bandler, one of our Cyber Risk Professional Certification board members, suggests, “Rather than focus on the ‘fraud-du-jour,’ companies should focus on developing strong information security programs built on a solid foundation of the basics.” A strong, risk-based cybersecurity program enables enterprises to protect their bottom line and is an essential top line investment, enabling strategic initiatives to have their intended business impact.

There are currently over 350,000 open cybersecurity positions in the United States, and demand for security professionals has grown 3.5 times faster than any other IT job and 12 times faster than all other jobs across the country. How can higher education continue to inspire present and incoming students to fill the gap and pursue careers that prevent and mitigate cyberthreats?

There is a skills gap at all levels. Higher education plays a critical role by continuing to inspire and equip students and professionals, regardless of their business/technical experience, to address the cyber risk challenges we face in the digital world of the 21st century. Beyond degree programs, certificate programs that help professionals pivot into this area are critical. Howard Miller, one of our board members and the senior vice president of LBW Insurance and Financial Services, points out that, “Those with certifications and degrees can better differentiate and validate their knowledge and value.” Certifications also enable professionals to learn continuously.

There’s an unprecedented need for individuals with skills, talent and experience in the security field. How can executive education and online programs benefit business leaders to effectively identify, prepare for and mitigate cybersecurity threats?

Certificate and executive education programs are crucial for equipping talent across business leadership functions to address cybersecurity. While degree programs are very important, executive education equips business leaders already in business. Importantly, executive education is typically more agile than most areas of higher education because it can connect directly with the marketplace and partner with business/government in ways not usually seen in higher education degree programs. For example, the Cyber Risk Professional Certification Program (CyRP) at the Pepperdine Graziadio School equips business leaders, regardless of technical acumen, to address cyber risk. The curriculum was designed and is taught by individuals from law enforcement, IT, C-level executives, CISOs and attorneys actively engaged in information security. This type of business/academic/government partnership provides a practical rather than a theoretical toolkit for business leaders.

Technology is always changing; therefore, there is always more to learn. How can cybersecurity degree programs and courses advocate for the tremendous financial, as well as professional, growth and benefits that come with pursuing a career as an information security specialist?

We definitely need to develop more information security specialists, but we need to remember that security is the responsibility of everyone, including management and all employees. One approach to inspiring professional and career growth in this area is helping business practitioners and leaders to understand the role they can and should play in information security. John Bandler, one of our CyRP board members, uses this analogy. Racecar drivers and state troopers need to be able to operate the car at high speeds and in hazardous conditions, so they need to be expert drivers. The rest of us do not need to be experts, but we still must operate our cars safely and reasonably. Similarly, businesses need to understand and implement the standard of care now expected of us with respect to information security. This means that every business professional would benefit from developing expertise in this area.