In recent years, headlines about cyber security have become increasingly common. Thieves steal customer social security numbers from corporations’ computer systems. Unscrupulous hackers grab passwords and personal information from social media sites or pluck company secrets from the cloud. For companies of all sizes, keeping information safe is a growing concern.
What Is Cyber Security?
Cyber security consists of all the technologies and practices that keep computer systems and electronic data safe. And, in a world where more and more of our business and social lives are online, it’s an enormous and growing field with many types of job roles.
According to the Cyber Security & Infrastructure Security Agency (CISA), "Cyber security is the art of protecting networks, devices and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity and availability of information."
What Is Information Security?
Information security is the processes and tools designed and used to protect sensitive business information from modification, disruption, destruction and inspection, according to CISCO.
Information security and cyber security are often confused. According to CISCO, information security is a crucial part of cyber security but is used exclusively to ensure data security.
Everything is connected by computers and the internet now, including communication, entertainment, transportation, shopping, medicine and more. A copious amount of personal information is stored among these various services and apps, which is why information security is critical.
Why Is Cyber Security Increasingly Important?
Getting hacked isn’t just a direct threat to the confidential data companies need. It can also ruin their relationships with customers and even place them in significant legal jeopardy. With new technology, from self-driving cars to internet-enabled home security systems, the dangers of cybercrime become even more serious.
So, it’s no wonder that international research and advisory firm Gartner Inc. predicts worldwide security spending will hit $170 billion in 2022, an 8% increase in just a year.
“We’re seeing a tremendous demand for cyber security practitioners,” said Jonathan Kamyck, associate dean of cyber security at Southern New Hampshire University (SNHU). “Most businesses, whether they’re large or small, will have an online presence, for example. Some of the things you would do in the old days with a phone call or face-to-face now happen through email or teleconference, and that introduces lots of complicated questions with regard to information.”
These days, the need to protect confidential information is a pressing concern at the highest levels of government and industry. State secrets can be stolen from the other side of the world. Companies whose whole business models depend on control of customer data can find their databases compromised. In just one high-profile 2017 case, personal information for 147.9 million people – about half the United States – was compromised in a breach of credit reporting company Equifax.
What Are Cyber Attacks?
A cyber attack is an unwelcomed attempt to steal, expose, alter, disable or destroy information through unauthorized access to computer systems, according to the International Business Machines (IBM).
There are many reasons behind a cyber attack, such as cyber warfare, cyber terrorism and even hacktivists, but these actions fall into three main categories: criminal, political and personal.
Attackers motivated by crime typically seek financial gain through money theft, data theft or business disruption. Similarly, personal attackers include disgruntled current or former employees who will take money or data in an attempt to attack a company's systems. Socio-political motivated attackers desire attention for their cause, resulting in their attacks being known to the public, and this is a form of hacktivism. Other forms of cyber attacks include espionage, or spying to gain an unfair advantage over the competition, and intellectual challenging.
According to CISA, as of 2021, there is a ransomware attack every 11 seconds – a dramatic rise from every 39 seconds in 2019 (CISA PDF Source). In addition, small businesses are the target of nearly 43% of all cyber attacks, which is up 400%.
The Small Business Association (SBA) reports that small businesses make attractive targets and are typically attacked due to their lack of security infrastructure. The SBA also reports that a majority of small business owners felt their business was vulnerable to an attack. This is because many of these businesses:
- Can't afford professional IT solutions
- Have limited time to devote to cyber security
- Don't know where to begin
What Are Types of Cyber Attacks and Threats?
Here are some of the most common threats among cyber attacks:
- Malware: Malware, also known as malicious software, is intrusive software developed by cyber criminals to steal data or to damage and destroy computers and computer systems, according to CISCO. Malware has the capability of exfiltrating massive amounts of data. Examples of common malware are viruses, worms, trojan viruses, spyware, adware and ransomware.
- Phishing: Phishing attacks are the practice of sending fraudulent communicationswhile appearing to be a reputable source, according to CISCO. This is typically performed via email or on the phone. The goal is to steal sensitive information such as financial or login information – or to install malware onto a target's device.
- Ransomware: Ransomware is a form of malware designed to encrypt files on a target device, rendering those files and the systems they rely on unusable, according to the CISA. Once the system has been encrypted, actors demand ransom in exchange for decryption.
- Viruses: A virus is a harmful program intended to spread from computer to computer, as well as other connected devices, according to the SBA. The object of a virus is to give the attacker access to the infected systems. Many viruses pretend to be legitimate applications but then cause damage to the systems, steal data, interrupt services or download additional malware, according to Proofpoint.
Who Is Behind Cyber Attacks?
Attacks against enterprises can come from a variety of sources such as criminal organizations, state actors and private persons, according to IBM. An easy way to classify these attacks is by outsider versus insider threats.
Outsider or external threats include organized criminals, professional hackers and amateur hackers (like hacktivists).
Insider threats are typically those who have authorized access to a company's assets and abuse them deliberately or accidentally. These threats include employees who are careless of security procedures, disgruntled current or former employees and business partners or clients with system access.
Developing Cyber Awareness
Cyber security awareness month takes place every October and encourages individuals and organizations to own their role in protecting their cyberspace, according to Forbes, although anyone can practice being mindful of cyber security at any time. Awareness of the dangers of browsing the web, checking emails and interacting online in general are all part of developing cyber security awareness.
Cyber security awareness can mean different things to different people depending on their technical knowledge. Ensuring appropriate training is available to individuals is a great way to motivate lasting behavioral changes.
While cyber security awareness is the first step, employees and individuals must embrace and proactively use effective practices both professionally and personally for it to truly be effective, according to Forbes.
Getting started with cyber security awareness is easy, and many resources are readily available on the CISA government website based on your needs. Whether you need formal training or a monthly email with cyber security tips and tricks, any awareness and training can impact behavior and create a positive change in how you view cyber security.
What Are the Types of Cyber Security?
Here are the most common types of cyber security available:
- Application Security: Application security describes security used by applications to prevent data or code within the app from being stolen or hijacked. These security systems are implemented during application development but are designed to protect the application after deployment, according to VMWare.
- Cloud Security: Cloud security involves the technology and procedures that secure cloud computingenvironments against internal and external threats. These security systems are designed to prevent unauthorized access and keep data and applications in the cloud secure from cyber security threats, according to McAfee.
- Infrastructure Security: Critical infrastructure security describes the physical and cyber systems that are so vital to society that their incapacity would have a debilitating impact on our physical, economic or public health and safety, according to CISA.
- Internet of Things (IoT) Security: IoT is the concept of connecting any device to the Internet and other connected devices. The IoT is a network of connected things and people, all of which share data about the way they are used and their environments, according to IBM. These devices include appliances, sensors, televisions, routers, printers and countless other home network devices. Securing these devices is important, and according to a study by Bloomberg, security is one of the biggest barriers to widespread IoT adaption.
- Network Security: Network security is the protection of network infrastructure from unauthorized access, abuse or theft. These security systems involve creating a secure infrastructure for devices, applications and users to work together, according to CISCO.
Do You Need a Degree To Be a Cyber Security Professional?
A cyber security degree provides an opportunity for students to develop skills and a mindset that empowers them to begin a career in securing systems, protecting information assets and managing organizational risks.
Alex Petitto ’21 earned his bachelor’s in cyber security. Petitto always wanted to work within the IT sector, and he chose cyber security because it’s an exponentially growing field. He transferred credits from a community collegethrough a U.S. Air Force program and finished his bachelor's in under two years. "It was much quicker than I thought it would be,” he said.
It didn't take long for Petitto to begin exploring his career options. "Even before finishing (my) degree, I … received multiple invites to interview for entry-level positions within the industry and received three job offers," said Petitto. He decided to remain within the Air Force and transfer to a cyber security unit as opposed to joining the private sector.
Petitto said his cyber security degree opened doorsfor him in the field – “a monumental goal for me," he said. "This degree was a critical first step for breaking into the industry."
Your cyber security degree program can also connect you with experiential learning opportunities to further your growth as a cyber security professional. For example, the annual National Cyber League (NCL) has a competition wherein students from across the U.S. practice real-world cyber security tasks and skills. SNHU recently placed 9th out of over 500 colleges participating in the NCL competition.
Career Opportunity and Salary Potential in Cyber Security
As companies large and small scramble to respond to the growing threats, jobs in the cyber security field are growing fast. The U.S. Bureau of Labor Statistics (BLS) predicts that employment for information security analysts will grow by 33% through 2030. That’s more than twice as fast as the average computer-related occupation and four times as fast as American jobs in general.
To help fill the need for more professionals in the cyber security world, CyberSeek, a project funded by the federal government and supported by industry partners, provides detailed information on the demand for these workers by state. The tool shows that, across the country, there were 180,000 job openings for information security analysts between May 2021 and April 2022, with only 141,000 professionals holding jobs in the role, reflecting an unfilled demand of 39,000 workers.
“There’s a huge shortfall right now in entry-level and midlevel cyber security roles,” Kamyck said. “You’re looking at demand across all business sectors, with companies of all sizes.
CyberSeek lists the following entry-mid-and advanced-level roles available in the field. Average salaries are based on job openings posted between May 2021 and April 2022.
Entry-level Cyber Security Roles
- Cyber Crime Analyst: Cyber crime analysts make an average salary of $100,000, and common skills necessary for the role include computer forensics, information security and malware engineering.
- Cyber Security Specialist: Cyber security specialists make an average salary of $104,482, and important skills for the role include information security, network security and information assurance.
- Incident and Intrusion Analyst: Incident analysts make an average salary of $88,226, and common skills needed include project management, network security and intrusion detection.
- IT Auditor: Information technology auditors make an average salary of $110,000, and common skills for the role include internal auditing and audit planning, accounting and risk assessment.
Mid-level Cyber Security Roles
- Cyber Security Analyst: Cybersecurity analysts make an average of $107,500, and the top skills required include information security and systems, network security and threat analysis.
- Cyber Security Consultant: Consultants in cyber security make an average salary of $92,504 and need skills in information security and surveillance, asset protection and security operations.
- Penetration and Vulnerability Tester: Penetration testers make an average salary of $101,091 and need skills in penetration testing, Java, vulnerability assessment and software development.
Advanced-level Cyber Security Roles
- Cyber Security Architect: Cyber security architects make an average salary of $159,752, and top skills for the role include software development, network and information security and authentication.
- Cyber Security Engineer: Cyber security engineers make an average of $117,510 a year and need cryptography, authentication and network security skills.
- Cyber Security Manager: Managers in this field earn an average salary of $130,000, and top skills include project management, network security and risk management.
What Does a Cyber Security Professional Do?
Kamyck said cyber security professionals could play a wide range of roles in a modern company. For example, some small businesses may hire a single person to handle all kinds of work protecting data. Others contract with consultants who can offer a variety of targeted services. Meanwhile, larger firms may have whole departments dedicated to protecting information and chasing down threats.
While companies define roles related to information security in a variety of ways, Kamyck said there are some specific tasks that these employees are commonly called on to do. In many cases, they must analyze threats and gather information from a company’s servers, cloud services and employee computers and mobile devices.
“An analyst’s job is to find meaning in all of that data, see what’s concerning,” he said. “Is there a breach? Is someone violating a policy?”
In many cases, Kamyck said, security specialists work with other information technology professionals to ensure a company’s systems are secure. That involves not just technical know-how but also people-oriented skills.
But breaches don’t just take the form of someone hacking into a server. They can also involve customer lists sent through unencrypted email, a password written on a sticky note in a cubicle or a company laptop stolen from an employee’s car.
Depending on their specific role, cyber security professionals must also think strategically. In many industries, companies rely on employees having quick access to highly sensitive data, such as medical records or bank account information.
“The goal is to balance the needs of the company or the organization you’re working for with the need to protect the confidentiality of customer data and trade secrets,” Kamyck said.
Kamyck said people who do well in these jobs tend to be curious, competitive and willing to keep learning to stay up to date with rapidly changing technology. The work draws on multidisciplinary knowledge, and people who continue with the work find there are a variety of directions they can take in their careers.
For example, Kamyck said, if you're interested in the business side, you might become a manageror run audits that let companies know where they need to improve to meet compliance. If you love the adversarial part of the job, you might become a penetration tester, essentially an “ethical hacker” who tests for system vulnerabilities by trying to get through them.
How To Get Into Cyber Security
If you’re wondering how to get into cyber security, it’s clear there are many positions out there. The question is how to make sure you’re a good fit for them. According to BLS, most information security analyst jobs require at least a bachelor’s degree in computer science, information assurance, programming or another related field.
In some cases, the work calls for a Master of Business Administration (MBA)in Information Systems. That degree typically takes an additional two years of study and involves both technical and business management courses.
Cyber security job requirements also sometimes include related work experience. Rather than jumping right into the security side of information technology, you can start as a network or computer systems administrator. Depending on the specific cyber security position, employers may have other job requirements. For instance, keeping databases secure might be an ideal job for someone who’s spent time as a database administrator and is also well-versed in security issues.
Aside from work experience and college degrees, some employers also prefer job candidates who have received certifications demonstrating their understanding of best practices in the field. For example, the Certified Information Systems Security Professional (CISSP) credential validates a professional’s general knowledge and abilities in information security. There are also more specific certificates, which can highlight specialized knowledge of computer architecture, engineering or management.
Whatever path new employees in cyber security want to follow, Kamyck said, those who are willing to make an effort to learn the field will find abundant opportunities.
“There’s needs in government. There’s needs in finance. There’s needs in education,” Kamyck said. “There’s a tremendous unfilled need.”
Discover more about SNHU's online cyber security degree: Find out what courses you'll take, skills you'll learn and how to request information about the program.
Nicholas Patterson is a writer at Southern New Hampshire University. Connect with him on LinkedIn.
What is cyber security and why it is needed? ›
Cybersecurity protect sensitive data, like customer information and trade secrets against unauthorised access and comprise. Implementing a cybersecurity program is also a mandatory requirement of many regulations and data privacy laws.What is cyber security in simple words? ›
Cyber security is the application of technologies, processes, and controls to protect systems, networks, programs, devices and data from cyber attacks. It aims to reduce the risk of cyber attacks and protect against the unauthorised exploitation of systems, networks, and technologies.What are the 5 types of cyber security? ›
- Critical infrastructure security.
- Application security.
- Network security.
- Cloud security.
- Internet of Things (IoT) security.
WHY IS CYBERSECURITY IMPORTANT? Cybersecurity is the art of protecting networks, devices, and data from unlawful access or criminal use and the practice of guaranteeing confidentiality, integrity, and availability of information.What is cyber security example? ›
When a network is secured, potential threats gets blocked from entering or spreading on that network. Examples of Network Security includes Antivirus and Antispyware programs, Firewall that block unauthorized access to a network and VPNs (Virtual Private Networks) used for secure remote access.What are the 7 types of cyber security? ›
- Network Security. Most attacks occur over the network, and network security solutions are designed to identify and block these attacks. ...
- Cloud Security. ...
- Endpoint Security. ...
- Mobile Security. ...
- IoT Security. ...
- Application Security. ...
- Zero Trust.
The 3 major types of cyber security are network security, cloud security, and physical security. Your operating systems and network architecture make up your network security. It can include network protocols, firewalls, wireless access points, hosts, and servers.Why is it called cyber? ›
"Cyber" is a prefix used to describe a person, thing, or idea as part of the computer and information age. Taken from kybernetes, Greek for "steersman" or "governor," it was first used in cybernetics, a word coined by Norbert Wiener and his colleagues.What are the key points of cyber security? ›
- Keep Your Software Up to Date. ...
- Use Anti-Virus Protection & Firewall. ...
- Use Strong Passwords & Use a Password Management Tool. ...
- Use Two-Factor or Multi-Factor Authentication. ...
- Learn about Phishing Scams – be very suspicious of emails, phone calls, and flyers.
By 2025, these costs will increase to $10.5 trillion. Cybercrime is an increasingly serious problem, and to address it, strong cybersecurity is critical. Individuals, governments, for-profit companies, not-for-profit organizations, and educational institutions are all at risk of cyberattacks and data breaches.
What is risk in cyber security? ›
Cybersecurity risk is the probability of exposure or loss resulting from a cyber attack or data breach on your organization. A better, more encompassing definition is the potential loss or harm related to technical infrastructure, use of technology or reputation of an organization.Is cyber security easy? ›
No, cybersecurity isn't hard. Although there may be difficult concepts, like cryptography or areas that require more technical knowledge, cybersecurity is one of the few fields in the tech world that doesn't require a strong technical background.What would happen without cyber security? ›
No one will have a private account online, in fact, because there is no access control, nothing will be private. News and information will be untrustworthy. Basically, anything can be faked in a world without cybersecurity.How do cyber attacks happen? ›
Un-targeted cyber attacks
phishing - sending emails to large numbers of people asking for sensitive information (such as bank details) or encouraging them to visit a fake website. water holing - setting up a fake website or compromising a legitimate one in order to exploit visiting users.
Cyberattacks are malicious attempts to access or damage a computer or network system. Cyberattacks can lead to the loss of money or the theft of personal, financial and medical information. These attacks can damage your reputation and safety.What are the disadvantages of cyber security? ›
- Lack of a high-level strategy. ...
- Unsecured networks. ...
- Unsecured communication channels. ...
- Unknown bugs. ...
- Outdated systems. ...
- Lack of monitoring. ...
- IoT and multiple connection points. ...
- Untrained employees.
Cybersecurity Threats and Trends for 2022. Phishing Gets More Sophisticated — Phishing attacks, in which carefully targeted digital messages are transmitted to fool people into clicking on a link that can then install malware or expose sensitive data, are becoming more sophisticated.How do I train for cyber security? ›
An excellent place to train in cyber security is the Certified Cyber Security Foundation Training Course. From social engineering to security in the Cloud, you will gain foundation-level knowledge of the threat landscape, cyber attack methodology, legal and regulatory obligations, and incident response.Is cyber security a good career? ›
Cybersecurity has the two key logistical advantages for a strong career: Low to no unemployment and solid compensation. Plus, if you choose this path, you'll always have room to grow. You'll continually be learning new skills and working to understand new technologies.What kind of companies hire hackers? ›
|Company||Salary for Ethical Hackers|
What is another word for cyber? ›
two word spelling difference may simply come down to regional preference – American authors tend to use cybersecurity as one word, whereas British professionals have been known to separate the word into two.What is cyber full form? ›
a combining form meaning “computer,” “computer network,” or “virtual reality,” used in the formation of compound words (cybertalk; cyberart; cyberspace) and by extension meaning “expressing visions of the future” (cyberfashion).Do You Really Need cyber security? ›
Even the most secure organisation can fall victim to a cyber attack. It's simply a case of having the odds stacked against you: while you need to protect all your assets from all types of threat, an attacker needs only one exploitable weakness to get into your systems.Who invented cyber security? ›
The Cybersecurity checking began in the 1970s when researcher Bob Thomas created a computer program called Creeper that could move across ARPANET's network.What are the 6 types of hackers? ›
- White Hat / Ethical Hackers.
- Black Hat Hackers.
- Gray Hat Hackers.
- Script Kiddies.
- Green Hat Hackers.
- Blue Hat Hackers.
- Red Hat Hackers.
- State/Nation Sponsored Hackers.
- Encrypt Your Data and Create Backups. ...
- Conduct Regular Employee Training. ...
- Keep Your Systems and Software Updated. ...
- Use Strong Passwords. ...
- Assess and Monitor Your Vendors. ...
- Reduce Your Attack Surface. ...
- Pay Close Attention to Physical Security. ...
- Put a Killswitch in Place.
Cybersecurity controls are mechanisms used to prevent, detect and mitigate cyber threats and attacks. Mechanisms range from physical controls, such as security guards and surveillance cameras, to technical controls, including firewalls and multifactor authentication.Can I learn cyber security on my own? ›
You can learn cybersecurity on your own, thanks to the multitude of online courses and learning resources available these days. For example, top schools such as MIT, Harvard, Stanford, and many others have open courseware that you can use to learn cybersecurity concepts from the best of the best instructors.Does cyber security use math? ›
Does cybersecurity involve math? The short answer is yes. Cybersecurity is a technical field in computer science, and potential job seekers will need strong analytical skills. It isn't a math-intensive field—not like astrophysics or engineering—but it requires comfort using certain math types.
Where do I start to learn cyber security? ›
The first thing you need to tackle when it comes to cybersecurity is the basics of IT systems and networks, for example, the different types of networks available and their protocols. Once you are familiar with the fundamentals you can delve into the basics of networking traffic, security, and communication principles.Why is cyber security important essay? ›
In today's world, cybersecurity is very important because of some security threats and cyber-attacks. For data protection, many companies develop software. This software protects the data. Cybersecurity is important because not only it helps to secure information but also our system from virus attack.Who needs cyber security the most? ›
- Financial Services. It comes as no surprise that cyber criminals are targeting financial institutions. ...
- Government. The government isn't known for speed and when it comes to cybersecurity it's lagging dangerously behind. ...
- Health Care. ...
- Manufacturing. ...
Summary. To summarise, the primary goal of cybersecurity is to ensure the privacy of information, the correctness of data, and access to authorized users. This brings us to focus on the 3 crucial aspects of security which are confidentiality, integrity, and availability of data collectively known as the CIA Triad.Who invented cyber security? ›
The Cybersecurity checking began in the 1970s when researcher Bob Thomas created a computer program called Creeper that could move across ARPANET's network.What are threats in cyber security? ›
A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include computer viruses, data breaches, Denial of Service (DoS) attacks, and other attack vectors.Why is cyber security interesting? ›
Many professionals find the field of cybersecurity to be fun and enjoyable due to the importance of the work, the fast pace of change, the challenge of solving problems, and the plentiful career opportunities that are available to them.Who is most at risk for cyber attacks? ›
- Public administration.
- Healthcare & pharmaceuticals.
- Finance & insurance.
- Education & research.
Top Target Industries For Cyber Attack
Banking, credit, and financial organizations rounded out the top three (84 breaches), with government/military completing the five top targets with 49 and 45 breaches, respectively. Energy and utilities are also trending targets.
Cybersecurity is the protection of internet-connected systems such as hardware, software and data from cyberthreats. The practice is used by individuals and enterprises to protect against unauthorized access to data centers and other computerized systems.
What are the 3 main goals of security? ›
Included in this definition are three terms that are generally regarded as the high-level security objectives – integrity, availability, and confidentiality.What are the three principles of cyber security? ›
What are the 3 Principles of Information Security? The basic tenets of information security are confidentiality, integrity and availability. Every element of the information security program must be designed to implement one or more of these principles. Together they are called the CIA Triad.What is the first step to understanding a security? ›
Answer: Perform a risk impact analysis is the correct answer.