The Web can be a dangerous place: According to the latest annual "Internet Security Threat Report" from Symantec (PDF; registration required), sophisticated attacks such as highly targeted spear-phishing are on the rise, and often aimed at small- to medium-sized businesses that may not be able to afford the advanced IT security of enterprises. (Of course, the past few years have demonstrated that not even enterprises are immune from devastating cyberattacks.) Symantec has seen advanced attackers do everything from building custom attack software inside a victim’s network, to using stolen email accounts to spear-phish multiple people within the same organization, to hiding malicious code inside vendor updates. Check out the latest security-related jobs. “Five out of every six large companies (2,500+ employees) were targeted with spear-phishing attacks in 2014, a 40 percent increase over the previous year,” the report added. “Small- and medium-sized businesses also saw an uptick, with attacks increasing 26 percent and 30 percent, respectively.” Digital extortion, in which the attacker locks down the victim’s system and refuses access until a ransom is paid, rose 45 percent last year. Vulnerabilities such as Heartbleed and ShellShock made big headlines. If that wasn’t scary enough, the rise of the so-called Internet of Things has increased the number of devices vulnerable to attack, whether ATMs, wearable devices, or Point of Sale systems. “Risks to many IoT devices are exacerbated by the use of smartphones as a point of control,” the report explained; lots of smartphone apps either send personal information such as logins and passwords in the clear, or don’t even have a privacy policy in place. While cyberattacks have grown more sophisticated, observing some basic security protocols can lessen the chances of becoming a victim. Even if a small- to medium-sized business can’t hire a small army of tech pros to defend its systems, it can enact policies such as blocking executable files, installing Web-application firewalls, and modifying network access. For tech pros specializing in security, the rise in cyberattacks will mean no end of business in the near future. According to a 2014 report from Global Knowledge and Penton, the highest-paying certifications include CRISC ($118,253 average annual salary), CISM ($114,844 average salary), and CISA ($112,040 average salary). But with those high salaries and interesting problems will come some significant (and evolving) challenges.

Image: Symantec