Security Academy Program Provides Academic Institutions and Nonprofits with Fortinet’s Network Security Expert (NSE) Training and Certification Curriculum to Bridge Gap Between Learning and Careers

Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, today announced more than 20 new academic institutions and nonprofits worldwide have recently joined Fortinet’s Security Academy Program to provide students, veterans and veteran families with advanced cybersecurity training and certifications. The expansion builds on the program’s momentum, which is available in more than 80 countries and is comprised of over 300 Authorized Security Academies.

“The cyber skills gap affects organizations worldwide and ultimately impacts the digital economy,” said Sandra Wheatley, SVP, Customer Marketing, Threat Intelligence and Influencer Communications at Fortinet.“This is why Fortinet heavily invests in training and education through our Corporate Social Responsibility efforts, including our NSE Training Institute programs. Through these programs we aim to create more cybersecurity career pathways and a diverse pipeline of security professionals.”

Closing the Skills Gap through Global Collaborations and NSE Training Institute

One way Fortinet is creating new opportunities in the digital economy is through global collaborations across sectors. Through its involvement as a founding member of the World Economic Forum’s (WEF) Centre for Cybersecurity and the Cyber Threat Alliance, Fortinet partners with global leaders, like Salesforce – the global leader in Customer Relationship Management (CRM), to further innovate and develop impactful global solutions for challenges such as the talent shortage.

The Fortinet Network Security Expert (NSE) Training Institute was established in 2015 to advance Fortinet’s Corporate Social Responsibility (CSR) initiatives to close the cybersecurity skills gap and make it easier for anyone to start a career in cybersecurity regardless of their previous access to education, background or life experiences. The NSE Training Institute is made up of the Security Academy Program, Certification Program and Veterans Program. Fortinet continues to grow the NSE Training Institute’s programs with recent milestones including:

• The NSE Certification Program has issued more than 450,000 certifications worldwide, with more than 200,000 of certifications achieved in 2020.

• In April 2020, Fortinet opened its entire catalogue of NSE self-paced security training courses, including pre-recorded labs, free of charge to the general public. The courses cover a range of topics – such as cloud security and secure SD-WAN – and total more than 350 hours of free training.

• Fortinet was recognized by Military Times in its “Best for Vets: Employers” rankings for 2020 through the Veterans Program work. The Veterans Program connects military veterans and their spouses with potential employers.

Continued Learning Through the Security Academy Program

The Security Academy Program focuses on creating a diverse, equitable and inclusive pipeline of security professionals. The program does this by partnering with academic institutions and nonprofits worldwide. Through the Security Academy Program, institutions around the world have incorporated Fortinet’s NSE training and certification content into their students’ curriculum.

Military veteran-focused nonprofits joining the Security Academy Program provide their constituents with access to Fortinet’s NSE training and certifications, while the Veterans Program helps Veterans transfer relevant experiences to a career in cybersecurity.

Below are testimonials from academic institutions and nonprofits focused on serving veterans and their families that have recently joined the Security Academy Program.  

“The partnership with Fortinet has been remarkable and will provide a pathway for students to gain the knowledge and skills needed to compete in a rapidly growing global marketplace. Kennedy-King College has undertaken an equity and workforce-focused IT expansion initiative, with a goal to reduce the digital divide currently separating underserved and underrepresented populations from careers in the IT industry. After meeting with the Fortinet team and learning about the Security Academy Program, we knew the partnership would position us to better address this important equity imperative. We are both enthused and confident that Fortinet’s Security Academy Program will serve our students well and ultimately prepare them for high-skill, high-demand work in the IT sector.

-Eddie Phillips, Ed.D., Vice President of Academic and Student Affairs at City Colleges of Chicago, Kennedy-King College

“We were looking to add to our existing robust cybersecurity training curriculum. We joined the Security Academy Program right as the world started to shift to online learning due to the pandemic, so access to the NSE training’s established online curriculum that is instructor led or self-paced was especially beneficial. The path to NSE certifications is also helpful in providing students further validation to employers of their expertise that they can immediately use in the work place.”

– Steve Morrill, Director of Technology & Cyber Science at Loyola Blakefield

“In the face of mounting cybercriminal activity and increasingly sophisticated forms of attacks, companies are looking for cybersecurity professionals to defend against threats. Through the Fortinet Security Academy Program, students can expand and up their skill levels for a career in cybersecurity. This collaboration will help Seacom Skills University to assist in the global cause of creating a more educated workforce by helping our graduates to fill the skill gap in the industry.”

–Anish Chakraborty, Chairman, Seacom Skills University

“Networks are a fundamental component of any modern organization’s information systems. The advancement of technology and digital innovations also implies an increase in threats and vulnerabilities. This is why at CIISA we feel that it is crucial to prepare our students to be capable of developing an advanced security posture for their future employers. Joining Fortinet’s Security Academy Program will further allow us to provide high-level training in the ICT area in Chile.”

– Sebastián Otazo Muñoz, Director of Networks, Telecommunications and Cybersecurity Area at CIISA

“The Autonomous University of Guerrero State in Mexico is committed to developing highly qualified IT professionals. We joined the Security Academy Program because it offers a great opportunity to train students on relevant skills for a career in cybersecurity, which is one of the most in-demand areas in IT. Students will have the opportunity to develop hand-on practices through virtual labs to acquire cybersecurity skills that will make them more confident and stand out.”

-Felix Angel, Engineering Faculty at Universidad de Autonoma Guerrero 

“Companies of all sizes and from both private and public sectors need cybersecurity professionals. The need for security professionals will continue to grow and we want to make sure our students acquire the knowledge they need to be successful in their future careers. Fortinet’s Security Academy Program will further help us build our cybersecurity curriculum to set our students up for success to enter the work force.”

– Diego Bolatti, Director of Information Labs at UTN Regional Faculty Resistencia

“Cybersecurity training is more important than ever as the skill gap has become a critical issue for many organizations. Bennett University has signed up with Fortinet Security Academy program to help build and augment skill sets, as well as help develop the next generation of security professionals. By providing this industry recognized certification as part of our curriculum we will ensure that our students gain the required expertise to become part of an elite group of skilled security professionals for whom we are witnessing a great demand.”

– Dr. Deepak Garg, Professor and Head, Department of Computer Science Engineering CSE at Bennett University

“We have noted an increase in employers seeking to hire employees with relevant cybersecurity qualifications. As such, the collaboration with Fortinet will further assist us in equipping our students with in-demand cybersecurity skills employers seek. We look forward to numerous students benefiting annually from the Security Academy Program training resources, leading to them joining the workforce and filling critical cybersecurity roles in Kenya.”

-Dr. Joseph Sevilla, Director of the @iLabAfrica Research Centre at Strathmore University

“Seneca College strives to prepare our students for the workforce and the Security Academy Program was a great way to teach them key competencies associated with network security. Fortinet is at the forefront of this field and our students will benefit immensely from training in this space. We have deployed virtual firewalls and created a robust virtual lab curriculum that integrates many aspects of the Security Academy Program in tandem with other security concepts tied to the Security+ certification. It is our hope that students will continue their learning and get certified in both of these areas after they graduate. Students will gain a broad understanding of security awareness and be able to configure and maintain the Fortinet brand of firewalls, which will prepare them for work in the IT security field.”

– Peter Moscone, Program Coordinator at Seneca College of Applied Arts & Technology

“Through our partnership with Fortinet as part of the Security Academy Program, O2O will further be able to expand O2O’s resources for those looking to enter the cybersecurity industry. Access to Fortinet’s Network Security Expert (NSE) training courses and certifications is an exciting and important step forward in equipping our students with even more resources to succeed in growing and in-demand careers. We are proud to work with Fortinet to advance employment opportunities for veterans, service members and their families.”

– Michael Bianchi, IVMF Senior Director for Education & Career Training at Onward to Opportunity

“With a growing global demand for qualified cybersecurity professionals, our partnership with Fortinet provides innovative new pathways for veterans and their families to gain new skills. The collaboration between Soldier On and Fortinet will enable over 3,000 veterans and family members currently supported by the Soldier On Pathways Program to be connected with new digital learning opportunities in high-demand areas like cybersecurity, giving them more avenues into employment.”

– Ivan Slavich, Chief Executive Officer at Soldier On

“Fortinet’s Security Academy Program grants access to the NSE training and certifications, providing military spouses with an opportunity to obtain valuable skills in a high-demand career field. Blue Star Families ensures that wherever American military families go, they can always feel connected, supported and empowered to thrive.  Within a month of launching our new partnership with Fortinet, over 60 Blue Star Families military spouses have expressed interest in pursuing the Fortinet cybersecurity training and we anticipate many more will take advantage of the program as they look for careers in the field.”

– Denise Hollywood, Chief Community & Programs Officer at Blue Star Families

R&M puts ribbon fiber cables in main distribution frames for carriers and data centers

R&M, the global Swiss developer and provider of connectivity systems for high-quality, high-performance network infrastructures, today launched its new PRIME Ribbon distribution module in the Middle East. The slide-in module for the fiber optic distributor rack PRIME connects ribbon fiber cables with the flexible and proven PRIME program. With this type of cable, the number of optical fibers in a rack can be increased by 30% to 40%.

In comparison to single fiber cables, ribbon fiber cables offer several advantages. They enable a higher number of fibers with the same cable diameter as well as the splicing of 8 or 12 fibers in one working step. With this technology, three to four times more fibers can be laid in a conduit or rack than usual.

The PRIME ribbon distribution modules from R&M occupy a 3/4 height unit in a 19″ rack. Their capacity is 96 fibers. In addition to the splice patch variant with LC duplex or SC couplings, R&M offers a pure splice variant for 288 splices.

The PRIME ribbon distribution modules are suitable for fiber to the home projects in combination with the PRIME racks. They are used for network expansion in central offices, POPs and street cabinets. Data centers use them to consolidate the fiber optic cabling of meet-me rooms and zone distributors. Campus networks and backbones in large buildings are also among the areas of application.

1,077 respondents across 9 countries are relying more on cloud technologies and seeing more cybersecurity attacks, according to Zogby Analytics Research    

Infoblox Inc., the leader in Secure Cloud-Managed Network Services, and Zogby Analytics unveil research into the ongoing IT challenges posed by the COVID-19 shutdown. Half a year into the shutdown, companies are still playing catch up to optimize their remote work experience. Based on 1,077 responses from the US, the UK, Germany, the Netherlands, Spain, China, Japan, Australia, and Singapore, key survey findings show that: 

• The borderless enterprise is here to stay. More than 90% of decision-makers consider digital transformation and cloud-managed services a priority. The percentage of companies with a majority of employees working remotely more than tripled from 21% before the shutdown to 70% after. 40% of companies, twice the pre-COVID-19 rate, are permanently keeping a majority of workers remote.

• Organizations are still building out their IT infrastructure and security controls to optimize remote work. Organizations say distributing sanctioned devices (35%), building network infrastructure (35%), and securing the network (29%) are top IT challenges when transitioning to remote work. 

• Threat mitigation and network visibility remain the top security concerns for the remote work environment. 68% say better threat detection and or mitigation technologies would enable more remote work for their organizations. Specifically, respondents are looking for better visibility into devices on the corporate network (65%), cloud applications workers are using (61%), and compromised devices (46%). 

• Security incidents are rising. Half of the surveyed businesses are seeing more cyber-attacks—with the biggest jumps in China and Australia—while just a quarter are seeing fewer.

• Companies are reversing policies to allow the use of personal applications to foster collaboration. 63% of companies are allowing workers to connect with each other using applications like WhatsApp, Zoom, and Houseparty. 

• Companies are using cloud security tools, particularly from the DDI family (DNS, DHCP, IP Address Management), to secure the borderless enterprise. 59% of companies plan on making additional investments in DNS to secure their expanded networks.

“When the COVID-19 shutdown started, organizations rushed to enable remote work overnight,” said Kanaiya Vasani, Executive Vice President, Products and Corporate Development at Infoblox. “Their top priority was making sure workers could connect to enterprise applications from their homes—sometimes through unsecured personal devices.”

“While most organizations can now accommodate the basics of remote work, this report highlights the need for more security controls,” Vasani added. “To meet that need, a majority of surveyed companies are turning to DNS to rapidly stand up a foundational layer of security for employees working from home. “Using a hybrid DNS security solution like BloxOne Threat Defense, enterprises can create a ubiquitous layer of visibility and security across their expanded infrastructure.”

“The COVID-19 pandemic will have lasting effects on how organizations invest in cybersecurity. In fact, over 90% of enterprises plan to invest more to secure telework over the next two years. Given a dramatically expanded digital attack surface, thewaves of cyber threats targeting remote workers, and the ongoing cyber skills gap, organizations need to carefully consider what technologies and approaches are needed to secure their telework strategies long-term,” said John Maddison, EVP of Products and CMO at Fortinet. “They have an opportunity to maximize their investments with cybersecurity platforms designed to provide comprehensive visibility and protection across the entire digital infrastructure, including networked, application, multi-cloud, and mobile environments. This ongoing shift to remote work will also require more than just technology; cybersecurity training and awareness should also remain key priorities.”

The Sudden Shift to Telework Was Challenging for Most Organizations

• As the COVID-19 pandemic spread rapidly in the first half of 2020, many organizations were required to shift to telework practically overnight as teams around the globe were asked to stay home. Nearly two-thirds of the firms surveyed had to rapidly transition over half of their workforce to telework. In addition, most respondents said the rapid change presented a challenge to their organization, with 83% citing it as moderately, very, or extremely challenging. Only 3% were not at all challenged.
• In addition, the evolving remote work environment, increased reliance on personal device usage, and overall influx of workers outside the corporate network opened an opportunity for unprecedented cyber threat activity. From opportunistic phishers to scheming nation-state actors, cyber adversaries found multiple ways to exploit the global pandemic for their benefit at enormous scale as evidenced by a recent FortiGuard Labs Global Threat Landscape Report. Threats included phishing and business email compromise schemes, nation-state backed campaigns, and ransomware attacks. In fact, 60% of organizations revealed an increase in cybersecurity breach attempts during the transition to remote work, while 34% reported actual breaches in their networks.
• With a spike in employees remotely connecting to the corporate network, an increase in breach attempts and overall cyber attacks, organizations cited the most challenging aspects of this transition as ensuring secure connections, business continuity, and access to business-critical applications.
• At the time of the survey enterprises had already invested in key technologies as a result of the pandemic. Nearly half of organizations invested further in VPN and cloud security, while nearly 40% invested further in skilled IT professionals or network access control (NAC).

There is Still Room for Improvement: Almost All Enterprises Will Invest More in Secure Telework

Given the number of attempted breaches and overall waves of cyber threats targeting remote workers, organizations need to carefully consider what technologies and approaches are needed to secure telework moving forward. Defense strategies need to be adjusted to fully account for the extension of the network perimeter into the home.

• As of June this year, a long-term shift to telework is anticipated, with nearly 30% of organizations expecting more than half of their employees to continue working remotely full time after the pandemic.
• Almost all organizations expect to invest more to secure telework long-term, with nearly 60% of enterprises spending more than $250,000 in secure telework investments in the next 24 months.
• Moving forward, the majority of enterprises surveyed intend to make unplanned upgrades to their existing systems to secure telework. Many also plan to add new technologies not previously in place.
• Only 40% of organizations had a business continuity plan in place prior to the pandemic. Yet, as a result of the pandemic and the rapid shift to remote work, 32% invested further in this area.

While organizations have made improvements in securing their remote workforces since the beginning of the pandemic, survey data reveals several areas that could be considered opportunities for improving secure remote connectivity. These areas include:

• Multi-factor Authentication (MFA) – The survey revealed that 65% of organizations had VPN solutions in place pre-pandemic, but only 37% of organizations had multi-factor authentication (MFA). While VPNs play an important role in ensuring secure connectivity, they are simply one part of securing access. Therefore, if not already in place, it is recommended that organizations consider integrating MFA into their remote security plans.
  
  
• Endpoint Security and Network Access Control (NAC) – 76% and 72% of organizations plan to either upgrade or adopt NAC or endpoint detection and response (EDR) solutions respectively. As employees work remotely, organizations face challenges to control the influx of non-trusted devices on their networks to enable remote work, creating new security challenges overnight. By adopting NAC solutions, IT teams get increased visibility and control over the users and devices on their network. EDR solutions deliver advanced, real-time threat protection for endpoints both pre- and post-infection.

• Software-defined Wide-area Networking (SD-WAN) for the Home: 64% of organizations plan to either upgrade or adopt SD-WAN, but specifically for the home office. The critical advantage of extending secure SD-WAN functionality to individual teleworkers, especially super users, is that they can enjoy on-demand remote access as well as dynamically scalable performance regardless of their local network availability.
  
  
• Secure Access Service Edge (SASE) – 17% of organizations made investments in SASE prior to the pandemic, and 16% invested in SASE as a result of the pandemic. Still, 58% plan to invest in SASE to some degree going forward. Although SASE is an emerging enterprise strategy, it is increasingly seen as an opportunity to combine network and security functions with WAN capabilities to support the dynamic, secure access needs of today’s organizations.

• Skilled Security Professionals – At the start of the pandemic, only 55% of organizations had enough skilled IT workers in place to support the shift to remote work. And while 73% of organizations stated their intention to invest further in skilled IT workers in the next 24 months, the historical lack of skilled IT security professionals could present a challenge.

“The first six months of 2020 witnessed an unprecedented cyber threat landscape. The dramatic scale and rapid evolution of attack methods demonstrate the nimbleness of adversaries to quickly shift their strategies to maximize the current events centered around the COVID-19 pandemic across the globe,” says Derek Manky, Chief, Security Insights & Global Threat Alliances, FortiGuard Labs. There has never been a clearer picture than now, of why organizations need to adjust their defense strategies going forward to fully take into account the network perimeter extending into the home. It is critical for organizations to take measures to protect their remote workers and help them secure their devices and home networks for the long term. It is also wise to consider adopting the same strategy for cyber viruses that we are adopting in the real world. Cyber social distancing is all about recognizing risks and keeping our distance.”

Seizing the Opportunity in Global Events: Attackers have used subjects in the news as social engineering lures before, but this moved to the next level in the first half of 2020. From opportunistic phishers to scheming nation-state actors, cyber adversaries found multiple ways to exploit the global pandemic for their benefit at enormous scale. This included phishing and business email compromise schemes, nation-state-backed campaigns and ransomware attacks. They worked to maximize the global nature of a pandemic that affected everyone around the world combined with an immediately expanded digital attack surface. These trends were seen with other newsworthy items and demonstrate how quickly attackers can move to take advantage of major developments with broad social impact at a global level.

The Perimeter Gets More Personal: The increase in remote work created a dramatic inverse of corporate networks almost overnight, which cyber adversaries immediately started to leverage as an opportunity. In the first half of 2020, exploit attempts against several consumer-grade routers and IoT devices were at the top of the list for IPS detections. In addition, Mirai and Gh0st dominated the most prevalent botnet detections, driven by an apparent growing interest of attackers targeting old and new vulnerabilities in IoT products. These trends are noteworthy because it demonstrates how the network perimeter has extended to the home with cybercriminals seeking to gain a foothold in enterprise networks by exploiting devices that remote workers might use to connect to their organizations’ networks.

Browsers Are Targets Too: For attackers the shift to remote work was an unprecedented opportunity to target unsuspecting individuals in multiple ways. For example, web-based malware used in phishing campaigns and other scams outranked the more traditional email delivery vector earlier this year. In fact, a malware family that includes all variants of web-based phishing lures and scams ranked at the top for malware in January and February and only dropped out of the top five in June. This may demonstrate the attempt of cybercriminals to target their attacks when individuals are the most vulnerable and gullible—browsing the web at home. Web browsers, not just devices, are also prime targets for cybercriminals, perhaps more than usual, as cybercriminals continue to target remote workers.

Ransomware Not Running Away: Well-known threats such as ransomware have not diminished during the last six months. COVID-19-themed messages and attachments were used as lures in a number of different ransomware campaigns. Other ransomware was discovered rewriting the computer’s master boot record (MBR) before encrypting the data. In addition, there was an increase in ransomware incidents where adversaries not only locked a victim organization’s data but stole it as well and used the threat of widescale release as additional leverage to try and extort a ransom payment. The trend significantly heightens the risks of organizations losing invaluable information or other sensitive data in future ransomware attacks. Globally, no industry was spared from ransomware activity and data shows that the five most heavily targeted sectors for ransomware attacks are telco, MSSPs, education, government, and technology. Unfortunately, the rise of ransomware being sold as a service (RaaS) and the evolution of certain variants indicates that the situation with ransomware is not going away.

OT Threats After Stuxnet: June marked the 10th anniversary of Stuxnet, which was instrumental in the evolution of threats to, and security of, operational technology. Now, many years later, OT networks remain a target for cyber adversaries. The EKANS ransomware from earlier this year shows how adversaries continue to broaden the focus of ransomware attacks to include OT environments. Also, the Ramsay espionage framework, designed for the collection and exfiltration of sensitive files within air-gapped or highly restricted networks, is an example of threat actors looking for fresh ways to infiltrate these types of networks. The prevalence of threats targeting supervisory control and data acquisition (SCADA) systems and other types of industrial control systems (ICS) is less in volume than those affecting IT, but that does not diminish the importance of this trend.

Mapping Exploitation Trends: A review of the CVE List shows the number of published vulnerabilities added has risen over the last few years, sparking discussion over the prioritization of patching. Even though 2020 looks to be on pace to break the number of published vulnerabilities in a single year, vulnerabilities from this year also have the lowest rate of exploitation ever recorded in the 20-year history of the CVE List. Meanwhile, vulnerabilities from 2018 claimed the highest exploitation prevalence at 65%, and more than a quarter of organizations registered attempts to exploit 15-year-old CVEs. For cyber adversaries, exploit development at scale and distribution via legitimate and malicious hacking tools continues to take time.

The Urgency to Secure the Network Perimeter Extending Into the Home

With the increase in connectivity, devices, and ongoing need for remote work, the digital attack surface is expanding. With the corporate network perimeter extending to the home, attackers are looking for the weakest link and fresh attack opportunities. Organizations need to prepare by taking concrete steps to protect their users, devices and information in ways similar to the corporate network. Threat intelligence and research organizations can help by providing broad insight as the threat landscape evolves as well as in-depth analysis of attack methods, actors, and new tactics to help supplement the cyber knowledge of organizations. The need for secure teleworker solutions to enable secure access to critical resources while scaling to meet the demands of the entire workforce has never been greater. Only a cybersecurity platform designed to provide comprehensive visibility and protection across the entire digital attack surface–including networked, application, multi-cloud, or mobile environments–is able to secure today’s rapidly evolving networks.

Report Overview
This latest Global Threat Threat Landscape Report is a view representing the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of sensors collecting billions of threat events observed around the world during the first half of 2020. It covers global and regional perspectives as well as research into three central and complementary aspects of that landscape: exploits, malware, and botnets.