Posted by Tyler Chancey, GCFA on

Tyler Chancey is a cybersecurity professional currently serving as the Director of Cyber Security at Scarlett Cybersecurity Services. With a solid foundation in Computer Software Engineering from the University of Florida, Tyler holds a repertoire of certifications that underscore his expertise. These include the prestigious Microsoft 365 Certified: Enterprise Administrator Expert and Microsoft 365 Certified: Security Administrator Associate, showcasing his mastery in Microsoft's enterprise solutions. Tyler's commitment to comprehensive security is further evidenced by his CompTIA Security+ certification, demonstrating proficiency in core cybersecurity principles. Additionally, his GIAC Certified Forensic Analyst (GCFA) credential attests to his advanced skills in forensic analysis—an invaluable asset in today's complex cybersecurity landscape. Tyler's dedication to staying at the forefront of industry standards is evident in the active pursuit and maintenance of these certifications, making him a trusted authority in the field.

Tyler C., GCFA 

Job title: Director of Cyber Security
Expertise: Information Security, Cybersecurity Incident Response, Cybersecurity Compliance, Cyber Policy
Education: University of Florida, Computer Software Engineering

Highlights:

  • Director of Cyber Security at Scarlett Group since 2022 
  • Holds GCFA and Microsoft 365 Enterprise Administrator certifications
  • Expertise in compliance, incident response and cyber policy

Experience: 

Tyler C. currently serves as the Director of Cyber Security at Scarlett Group in Jacksonville, Florida. He first joined Scarlett Group in 2019 as a Cyber Security Consultant, before being promoted to his current director role in 2022. Tyler has over 4 years of experience providing cybersecurity services to American private and public organizations.

Education:

Tyler earned his degree in Computer Software Engineering from the University of Florida in 2016. While at UF, he developed expertise in programming and software development.

Licenses & Certifications:

  • Microsoft 365 Certified: Enterprise Administrator Expert (Issued May 2023)
  • GIAC Certified Forensic Analyst (GCFA) (Issued Jan 2019, Expires Jan 2027)  
  • Microsoft 365 Certified: Security Administrator Associate (Issued Jul 2022, Expired Jul 2023)
  • CompTIA Security+ (Issued Jun 2020, Expired Jun 2023)

Additional Skills: 

  • Customer Service, Leadership, Public Speaking, Network Security, Forensic Analysis, Disaster Recovery, Cloud Applications

New Year’s Resolutions represent a desire to improve oneself in an area of life that may be neglected. Most of these resolutions are focused on health, finances, or happiness. These promises for the new year provide a convenient “cutover” date for one start new habits. Unfortunately for us, cybercriminals make resolutions as well. The New Year is also a great time to reflect on upcoming trends in cybersecurity in order to better prepare oneself for the future.

This post is going to be focused exclusively on current trends within the cybersecurity industry and who is most at risk for a successful attack. “Bad guys” seem to have the specific goal of making our lives more difficult by changing tactics whenever they observe a strategy to be effective.

We will look back into this past year for insight into the areas where the greatest threat lies in 2020, based on expert analysis and the trends of 2019.

Phishing

The big one. Phishing is by far the most effective and favored attack technique in the world of cybercrime. This is a technique focused on exploiting human nature using social engineering combined with technology. Attackers will utilize emails, texts, voicemails, phone calls, and even paper mail in order to convince users to perform an action.

The users have proven to be the soft underbelly of many security stacks. People are naturally curious, and attackers are willing to exploit any gap to fulfill their goals. Training, awareness, email security, and strict policies are the only real counters to a concentrated phishing campaign. Without professional user training, no cybersecurity solution is complete.

Ransomware

Ransomware is once again a popular type of malware that will surely be seen in 2020. Analysts predict that 2020 will see the greatest amount of ransomware in history. While this prediction is a fairly safe one (every year has set a record over the previous year since ransomware was initially conceived), this is still a frightening trend. Essentially, things are getting worse.

Security issues stress business owners, but no action is being taken by a vast majority of companies. The mindset of “it won’t happen to me” has led to increasing numbers of successful attacks year over year. Once of the most common targets for ransomware attacks is now the public sector. Schools, police departments, and even cities have been attacked. Unfortunately, there is no magic bullet against ransomware. Only a well-established security stack with robust disaster recovery solutions can defend against this threat.  

Account Takeover

This “threat” is usually a precursor to more serious incidents. The most common scenario is when a user recycles passwords throughout all their accounts. Inevitably, there will be a breach of emails and passwords at some site where they are registered. The email and password are then sold on the dark net to interested parties. These buyers will scan social media to find information about the leaked credentials.

Once a business email is discovered, they will try that leaked password with the new email. If multi-factor authentication is not enabled and the password was a recycled one, the login will be a success. From here, the attacker can freely pivot around the network for as long as they remain undetected. Account takeover/ reused credentials present a major threat to all companies. Proper password rotation, account monitoring techniques, and multi-factor authentication are the primary counters to this threat.

Denial of Service

Denial of service / distributed denial of service (DDOS) attacks are focused efforts to disrupt a network via overwhelming web traffic. Servers collapse under the weight of this simulated excessive traffic. DOS/DDOS attacks are getting easier due to the massively increased presence of IOT devices.

Some of the biggest botnets (networks of devices that are used by attackers to perform DDOS attacks) are made exclusively out of unpatched IOT devices. Yes, this means that smart fish tanks are guilty of launching attacks on some of the biggest companies in the world. These attacks can cause major impacts on business and they are growing in volume and effectiveness. DOS/DDOS attacks are generally countered through proper server configuration and services that verify traffic as legitimate before allowing connections.

Natural Disasters

An earthquake does not fit the conventional definition of a cybersecurity threat. In fact, natural disasters are very much an “IT” incident rather than a security incident. But do not underestimate criminals. When a fire takes out a major data center, conventional security pathways may be overridden in order to get the business back online. These new gaps can be exploited by crafty attackers. Unfortunately, it doesn’t stop there.

Whenever a major disaster affects a large group of people, they will inevitably interact with many unfamiliar groups and entities. Attackers will specifically target victims of disasters in order to exploit the situation. While this act may be repulsive, it doesn’t change the reality that it is a very prevalent threat.


This New Year is full of promise for cybersecurity professionals. Emerging technologies are making it easier than ever to secure enterprises against the most popular threats. Awareness is the vital first step towards resolving the most common security issues plaguing most businesses.

Year after year, the most significant undertaking for most companies proves to be the act of adopting proper security solutions and partners. A shocking number of companies hear about these threats and ignore the reality that they can (and likely will) become a victim.

Hopefully, 2020 will be the year we finally start to reduce the effectiveness of these common threats and place even greater importance on proper cybersecurity practices.

References

  • “2019 Data Breach Investigations Report.” Verizon Enterprise, enterprise.verizon.com/resources/reports/dbir/.
  • Pdesaracho@sandiego.edu. “Top Cybersecurity Threats in 2020.” University of San Diego, 14 Dec. 2019, onlinedegrees.sandiego.edu/top-cyber-security-threats/.

Share This

Related Posts

What is NIST Compliance? The National institute of Standards and Technology is a government agency that is responsible for developing technology, its metric and standards that are necessary for driving economic competitiveness and innovation in…
Organizations nowadays realize the necessity to sporadically perform cybersecurity assessment. The evaluation is generally executed by an external service provider (that is third-party assessor) alongside the organizations' team (e.g.
As much of the world has had to shift to a work-from-home model in light of the COVID-19 pa