You have probably heard about the massive scale of the SolarWinds hack which affected the Pentagon, the Department of Homeland Security, the State Department, the Department of Energy, the National Nuclear Security Administration, and the Treasury – and that's on the public side. In the private sector, companies like Microsoft, Cisco, Intel, and Deloitte had their cyber defenses breached, and in California, the Department of State Hospitals was also compromised. Apart from the scale of the attack, one of the many concerning aspects was that it was underway for months before anyone noticed, and by the time it was flagged up there were infected systems all over the world. The attack was exposed in 2020 but we are still working to understand and mitigate the damage that has been done.
2021 has already got off to a bad start, with numerous cyber-attacks reported and discovered, including on the Florida Water system, where the apparent aim of the unknown hacker was to poison the water supply in Florida by increasing the amount of sodium hydroxide to a potentially dangerous level. In another incident, Microsoft Exchange Software was compromised and nine government agencies, as well as over 60,000 private companies (in the U.S. alone), were affected. Computer giant Acer also suffered a ransomware attack this year, where hackers tried to extort them to pay $50 million in ransom (the largest known ransom demand to date).
In addition to this, Iran has just reported that a sizeable number of its subterranean, highly specialized, and hugely expensive nuclear fusion centrifuges have been gradually and inconspicuously sabotaging themselves over a number of months to the point of self-destruction. There is every reason to believe that this was initiated and executed by code that was introduced into the controlling systems to produce this outcome. Whatever your feelings are on the Iranian nuclear fuel program, one cannot help but be impressed and terrified in equal measure that such highly secure, highly sensitive, and heavily guarded machines can be accessed and programmed to destroy themselves, without the attended scientists and military personnel having the slightest idea that this process was underway.
The 2020 World Economic Forum's Global Risks Report has listed cyberattacks on critical infrastructure (CI) as a top concern. The Forum noted that "attacks on critical infrastructure have become the new normal across sectors such as energy, healthcare, and transportation."
According to Cybersecurity Ventures, the world will store 200 zettabytes of data by 2025, this includes data stored on private and public IT infrastructures, on utility infrastructures, on private and public cloud data centers, and on personal computing devices. It is safe to say that high percentages of this data will constantly be under siege from bad actors.
Hackers can hail from all backgrounds and geographic locations and have a huge variety of motives for their activities. Some are just in it for fun, to beat 'the system', others for personal gain - trying to lure you into clicking on bogus links so they can unmask your sensitive and financial data, or to clone your identity so they can steal from you or commit crimes in your name. Many are commissioned, professional, government and state sponsored actors who could be working to undermine elections or bring down entire cities or countries.
Hacks, vulnerabilities, zero-day exploits, and other malicious code is routinely sold by hackers to individuals, companies, or governments the world over. It is a big business, and successful hackers and exploit coders can become extremely wealthy very quickly. However, unlike other businesses and markets, the buying and selling of hacks and exploits is entirely unregulated, meaning that no one is conducting much, if any, oversight on the buyers to assess what their true intentions are when supplied with these extremely powerful and effective electronic weapons.
Most of us, whether we were aware of it or not, have been targeted by, and have interacted with, software that was either primarily designed to mislead or defraud us, or legitimate software that has been hacked to the same end. It is fair to say that we find ourselves in the middle of two pandemics – Covid 19 and Cybercrime.
So, the demand is there, but what does the career in Cybersecurity entail, and where could it lead you?
Cybersecurity is a diverse field - job titles might include chief information security officer, information security analyst, security engineer or security architect. Companies across the spectrum employ cyber security specialists with banking, manufacturing, computer hardware, and software businesses all ramping up recruitment, as well as numerous state and federal departments.
Those working in the area might be involved in the following activities as part of their working remit:
- Monitoring an organization's networks for security breaches and investigate a violation when one occurs.
- Deploying and utilizing software, such as firewalls and data encryption programs, to protect sensitive information.
- Generating reports that document security breaches and the extent of the damage caused by the breaches.
- Undertake penetrative testing, which simulate attacks to look for vulnerabilities in systems and software before they can be exploited.
- Research the latest information technology (IT) security trends.
- Develop security standards and best practices for their organization.
- Recommend security enhancements to management or senior IT staff.
- Help computer users when they need to install or learn about new security products and procedures.
A newly minted cyber professional needs to decide whether to enter the public or private sector. Public sector jobs are commonly within the military or a federal government agency, such as U.S. Cyber Command, CIA, NSA, DHS, and the FBI. State and local governments are also employing cyber talent. However, even though the public sector and governmental departments are ramping up their cyber security resources, the vast majority of available positions are in the private sector. These positions can offer higher salaries with shorter recruitment times, with plenty of choice of employer, as there is barely a business area that doesn't have a cyber security requirement today. With that said, a sense of patriotic duty, an eye on job security, and long-term employment prospects might prompt candidates to apply for public positions instead.
Those working in the field can expect to earn a median salary of $103,590 per year (according to the 2020 Bureau of Statistics). Other sources put salaries for top professionals between $200,000 and $400,000. Jobs in the sector are projected to expand at an astounding 31% in the decade we are in currently, adding up to 50,000 new jobs in the field.
Cybersecurity, once considered the domain of engineering and computing colleges only, can now be found over a broad range of institutions and disciplines including business schools, management schools, natural sciences, and liberal arts colleges. Programs are often multi-departmental, reflecting the ubiquitous nature of today's cyber threats. Universities are creating Cybersecurity centers and divisions, often as part of their engineering and science colleges, that help to coordinate academic efforts between various departments, as well as undertaking research and offering specialist expertise both internally and to externally to industries.
There are many circular options to choose from, with some of them being:
- Business systems analysis and design
- Database design, management, and administration
- Computer networking, telecommunications
- Management and leadership
- Software development, app design and scripting
- Cryptography and software security, fraud prevention and detection technologies
- Digital media and web technology
- Enterprise resource planning, project management
- Fundamentals of cybersecurity and information technology
- Digital forensics and cyber investigation
- Cyber law and ethics
Program formats on offer include courses, certificates, and professional accreditations, including the CompTIA Security+ and Network+ certifications. The main focus for most schools however is on degree programs. Some schools provide dedicated cybersecurity programs while others offer a cybersecurity specialization or concentration as part of a larger major, such as information technology or even business studies. Many programs are offered entirely online which adds to their accessibility and flexibility.
Look to the right for great cyber security programs to start your career in this exciting and rapidly evolving area.
For more information on Educational Insight Sections please contact firstname.lastname@example.org.