In the technology arms race, skilled professionals may be the weak link. IT tools have evolved to better protect data and detect threats. Now, IT departments’ greatest weakness appears to be a shortage of employees with the right skills to implement these tools. In this week’s CIO Corner, we take a look at what CIOs are talking about on Twitter including the OurMine hacker collective targeting CEOs and celebrities, the growing cybersecurity skills gap, a massive hack of 9.3 million patient health records, and how the gig economy may help organizations fill the 4.5 million open cybersecurity positions.

Many new IT software tools claim to automate or outsource IT activities. Public cloud services relieve IT of many traditional infrastructure reliability and security responsibilities. While technology may free employees from many tasks involving daily upkeep, IT departments are under pressure to reallocate resources so that they can better meet business objectives and defend against a new generation of cyber threats.

State-sponsored hacking organizations and new breeds of malware receive a lot of attention from the information security community, but less sophisticated attacks can be equally devastating. Even well prepared targets have difficulty defending against compromised account attacks. This broad designation can apply to anything from a leaked Gmail password to the Bangladesh Federal Bank’s stolen currency transaction password. The rise of cloud services accessible from the internet has made compromised accounts into a popular outlet for cybercrime, and mega-breaches facilitate these threats by dumping hundreds of millions of passwords online.

The widespread exposure of account credentials online has spawned a group of hackers specializing in accessing public figures’ social media accounts. The organization OurMine took credit for hacking the accounts of Mark Zuckerberg and Sundar Pichai, among others, attributing their success in multiple cases to passwords revealed in the LinkedIn data breach that were reused across other cloud services. The attacks could likely have been prevented with multi-factor authentication, but all too often security is simply not a priority for busy executives.

The pattern of mega-breaches branched out from password thefts with a huge dump of sensitive medical records. Initial reports put the figure at 650,000 patient records, but the hacker subsequently increased the stockpile to 9.3 million records. Online criminals prize medical records because they provide information used for identity theft and also enable them to target vulnerable people who may not discover fraud in their accounts due to a serious illness. Although the hacker claimed to have used a zero-day vulnerability to steal the records, the healthcare organizations should have had some control in place to limit access from any single entity, especially to millions of records.

Zero-day vulnerabilities aside, many data breaches come down to a preventable weak link somewhere in a company’s defenses. Much of the risk from advanced persistent threats comes from the amount of time attackers remain present within an organization’s systems, scouting out further vulnerabilities and covering their tracks. Alert fatigue has turned security tools from allies to antagonists: 31.9 percent of IT workers ignore security alerts because they receive too many false positives. As much as additional IT staff might help solve the problem, ineffective monitoring tools are equally to blame in this case.

This post was originally published on Skyhigh Networks blog