What Is Cyber Security?
“There are two types of companies: those that have been hacked, and those who don’t yet know they have been hacked.” — John Chambers, former CEO of Cisco Systems
Phishing. Malware. Breaches. Cybercriminals don’t discriminate—striking across industries and around the world. You’ve seen the story shared time and again: in movies, on the news and across the internet
But what is cyber security, exactly?
SPONSORED SCHOOLS
University of Texas at Austin
The Cybersecurity Boot Camp at UT Austin
Gain the skills to defend users and organizations against cyber attacks. The Cybersecurity Boot Camp at UT Austin gives students hands-on training in networking, systems, web technologies, and defensive and offensive cybersecurity through interactive classes and a dynamic curriculum.
SPONSORED
Merriam-Webster defines cyber security as “measures taken to protect a computer or computer system (as on the internet) against unauthorized access or attack.” Cyber security plays an important role in our increasingly digital world—safeguarding information, deterring criminals and defending communities on a daily basis.
Let’s take a closer look at how cyber security works.
How Does Cyber Security Work?
“If you spend more time on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.” — Richard Clarke, former White House Cybersecurity Advisor
As digital defenders, one function of cyber security specialists work diligently to protect people against malicious attacks. But how does that work, in practice?
According to McAfee, a global computer security software company, setting up a strong cyber security landscape means implementing solutions that “protect, detect, correct and adapt to the continuing evolution of cyberattacks.”
On any given day, those employed by the cyber security field might focus on the following areas:
- Threats, attacks and vulnerabilities. Through penetration testing and vulnerability scanning, professionals can detect various dangers—before a cybercriminal strikes.
- Technologies and tools. By installing, configuring and deploying network components, cyber security specialists can support organizational security while troubleshooting emergent issues.
- Risk management. By sticking to best practices, professionals can manage risks and protect organizations against imminent harm—cyberespionage, cyberwarfare, cyberterrorism and more.
With relevant tools and training, cyber security professionals may develop problem-solving skills—learning not only how to identify security incidents but also how to stop them in their tracks.
Why Is Cyber Security Important?
“Cybercriminal activity is one of the biggest challenges that humanity will face in the next two decades.” — Steve Morgan, Editor in Chief of Cybercrime Magazine
The potential consequences of cybercrime are numerous—from stolen money to lost productivity to theft of intellectual property and even reputational harm. The lack of cyber security can impact individuals and large corporations alike.
Take a look at these cybercrime statistics to gain a deeper understanding of the importance of cyber security and how poor cyber security may impact global businesses and markets:
- Hacking is prevalent today. A report by the A. James Clark School of Engineering at the University of Maryland indicates that hackers attack every 39 seconds. One potential way to tackle this issue is with cyber security.
- In a 2019 report from Accenture [PDF, 438 KB], 68% of business leaders said their cyber security risks are increasing. Robust cyber security measures and interventions may help to reduce risks for businesses, both large and small.
- The same report reveals that information theft is the most expensive and fastest rising consequence of cybercrime. If you’ve ever had your email account hacked or your credit card information stolen, then you have an idea of how costly cybercrime can be.
- Why do cyber criminals do what they do? According to Verizon’s 2020 Data Breach Investigations Report, 86% of breaches are financially motivated [PDF, 430 KB].
- Cyber crime damages can be expensive. An October 2020 article in Cybercrime Magazine has revealed that global cybercrime damages are predicted to reach $6 trillion annually by 2021.
- As communities around the world become more and more connected, cyber security can inform the ways in which we share digital information with one another, making it a highly valued field. In fact, Gartner projects that the worldwide information security market will reach $170.4 billion in 2022.
After reading that list, you likely recognize the value—and necessity—of cyber security. But you may still be wondering: What might a career in the industry look like? How does cyber security work on a daily basis?
Let’s dive in.
Types of Cyber Security
In the digital era, big data often calls for protection. But how that plays out might look different across industries. Similar to other career fields, cyber security provides multiple paths you can take. For those eager to become digital defenders, here are five potential areas of cyber security to explore:
- Critical infrastructure security
- Application security
- Network security
- Cloud security
- Internet of things (IoT) security
Keep reading to discover more details.
Critical Infrastructure Security
The Patriot Act of 2001 defines critical infrastructure as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety or any combination of those matters,” [PDF, 6.3 MB].
As the nation’s leader in cyber security, the Cybersecurity and Infrastructure Security Agency identifies sixteen U.S. critical infrastructure sectors:
- Chemical
- Financial services
- Commercial facilities
- Food and agriculture
- Communications
- Government facilities
- Critical manufacturing
- Health care and public health
- Dams
- Information technology
- Defense industrial base
- Nuclear reactors, materials and waste
- Emergency services
- Transportation systems
- Energy
- Water and wastewater systems
Cyberattacks on any of these areas could have some serious effects. For instance, the electric grid depends on information from other critical infrastructure sectors to operate properly. Many days, the general population may take this fact for granted. But in times of natural disaster, we become dependent on the systems that underlie everyday life.
Curious about a career in this area? Available jobs within critical infrastructure security include cyber defense analyst, information systems security manager, network operations specialist, and security architect.
Application Security
The software company VMWare defines application security as the process of “developing, adding and testing security features within applications” to pinpoint vulnerabilities and prevent attacks. Application security engineers are at the forefront of this task.
In Veracode’s State of Software Security report, Volume 10 [PDF, 18.4 MB], the application security company reported they tested for vulnerabilities in 85,000 applications—and found security flaws in 83% of them.
Through processes like authentication, authorization, encryption, logging and application security testing, application security engineers strive to find these flaws, sooner rather than later.
Interested in this subfield of cyber security? Application security engineers work in a range of settings, from small startups to large enterprises, so there are a number of different paths aspiring professionals can consider.
Network Security
According to Cisco Software, network security is “any activity designed to protect the usability and integrity of your network and data.”
As a steward of network security, the National Institute of Standards and Technology (NIST) has a strategic framework for achieving exactly that. Here are the five steps NIST recommends organizations take to secure their networks:
- Identify. By examining an organization’s existing network, experts may be able to gain a comprehensive lay of the land and collect critical insights for use in preventing potential attacks.
- Protect. This process may help to create cyber resilience and build up a security perimeter that can keep malicious threat actors out of the workforce.
- Detect. How can you fight a problem you don’t even know exists? Organizations keep an eye out for potential network vulnerabilities so they can take action early when issues do arise.
- Respond. Network security experts may spring into action at a moment’s notice, taking steps to protect data when it’s been compromised.
- Recover. When cyber attackers do strike, network security experts strive for resilience by restoring any impaired capabilities or services as quickly as possible. This may help an organization repair damages including compromised data and a tainted reputation.
Similar to application security engineers, network security engineers can be found working in a variety of settings—from small businesses to major companies like Accenture, Facebook and Credit Suisse. They may also be found securing the networks at universities or in governmental organizations such as the Department of Homeland Security, among others.
Cloud Security
Cloud computing is a common concept in the digital era. But for some people, the phrase may be a bit hazy. The software company Red Hat says that cloud refers to “the hosted resources delivered to a user via software.”
High-level security concerns may affect traditional IT and cloud systems alike—making protection one of the priorities for those who may be potentially impacted. As digital defenders, cloud security engineers protect the data, applications and infrastructures involved in cloud computing.
According to Red Hat, “Preventing unauthorized access in the cloud requires shifting to a data-centric approach. Encrypt the data. Strengthen the authorization process. Require strong passwords and two-factor authentication. Build security into every level.”
Sounds interesting? These are some of responsibilities of cloud security engineers, who—like application security engineers and network security engineers—can be found working in a variety of professional settings.
Internet of Things (IoT) Security
Amazon Echo. Fitbit. Google Home. What do these devices have in common?
For starters, to some degree, they cohabitate the Internet of Things (IoT) ecosystem. But beyond that, each device has the potential to host significant security threats. That’s because, for all their consumer benefits, these devices are also data collectors: storing valuable information like your name, age, health data, location and more.
When you’re tracking steps on Fitbit while training for a marathon, that’s a great thing. When a cyber attacker is targeting you, not so much.
In one harrowing IoT attack, a Texas parent was shocked by the sound of expletives coming through their smart baby monitor. It had been hacked by a cybercriminal.
That scene may sound like the opening sequence of a thriller movie. Unfortunately for that Texas family, it was painfully real.
As explained by IBM, “many IoT devices and backend systems are not designed with security in mind.” And in this digital age, that may pose a variety of problems.
According to global business data platform Statista, some 15 billion devices were connected to the IoT in the year 2015. In 2020, that figure has skyrocketed to 30.73 billion—and of course, more devices means more potential vulnerabilities.
For that reason, IoT security engineers play an important part in supporting and executing threat models, risk assessments and security reviews—as well as overseeing product development to ensure strong security is being built into IoT devices.
Cyber Security Degree Education
If you’ve gotten this far, you may have learned that cyber security is an expansive, fairly complex and constantly evolving field. Before launching your career in the industry, you may want to conduct thorough research to pinpoint your passions and explore educational next steps.
According to the U.S. Bureau of Labor Statistics (BLS), professionals in the field typically hold a bachelor’s degree in a computer-related discipline, while others may hold a graduate degree, such as an online master’s in cyber security. Some professionals, perhaps with an unrelated background, may decide to complete certain cyber security courses. This can be done in-person or online. There’s also the option to enroll in cyber security bootcamps, which are typically shorter than a full degree program.
From cryptography and computer forensics to algorithm design and analysis, studying cybersecurity or specializing in a particular area of it may help prepare you for a career in the field.
As you think through your decision to become a cyber security specialist, you may want to ask yourself some of these questions:
- How will an online master’s in cyber security help my career?
- What’s the difference between a bachelor’s and master’s degree in cyber security?
- What will an online master’s degree in cybersecurity teach me?
- What’s the salary outlook for someone with an online master’s in cyber security?
Whatever path you choose, take some time to consider how it fits with your current lifestyle and whether it is well-suited for your professional development.
Last updated November 2020.