Cybersecurity is a subset of information security that focuses solely on cyber attacks. Information security (infosec) is the field of protecting information by mitigating risk. Cybersecurity focuses solely on the cyber risks that may affect a company, primarily in the form of computer hackers. The average cyber attack cost $1.1 million according to cybersecurity firm Radware and the global cost of cybercrime is expected to rise to almost $1 trillion by the end of 2020 according to McAfee. In response to this, many governments and private entities are making huge investments in securing their companies. In 2019 the US presidential budget included $15 billion for cybersecurity alone. There’s a lot of money moving around in the field and it can mean a lot of opportunity for people that are interested.
The whole purpose of Cybersecurity is to keep a company from getting hacked, which is when someone from outside the company is able to get access to your computer systems. Given how much the internet, mobile devices and laptops have become part of our everyday lives, you can imagine how much information companies keep in electronic form. If that information is stolen or deleted, the damage could be irrecoverable. Over half of companies interviewed in a Cisco study stated that if critical data was lost, they couldn’t stay profitable for a single month.
What do people do in Cybersecurity?
People that work within cybersecurity perform functions that prevent cyber attacks, help the company recover from cyber attacks or they help companies be compliant with different regulatory requirements. For example healthcare industries are subject to an industry regulation called HIPAA which requires them to perform certain actions for protecting patient information. All cybersecurity professionals work in one at least one of these three areas.
Penetration Testers (Professional Computer Hackers): Many companies hire computer hackers in order to test their company’s security and make recommendations on where the company’s security is weak.
Cybersecurity Analyst: Cybersecurity analysts look at the company’s assets such as computers, servers, intellectual property etc and recommend security solutions that will prevent them from getting hacked or leaked. They usually do not do the actual implementation, it’s more about strategizing and planning out how the company is going to protect each asset.
Security Architect: Security Architects are responsible for designing how the company’s computers and other devices will be connected to one another. Also, they decide what security devices should be placed between each device and the internet, in order to reduce the chance of them being hacked. They attempt to design systems that are secure, fault tolerance and redundant to ensure that the company can provide their services or create their products with little or no interruptions. Some things that an architect may decide on is where firewalls should be placed, where data backups should be stored, how many separate networks are needed etc.
Security Engineer: Security Engineers take the directives from security architects and other decision makers within the company and do the technical implementations. So for example they would implement the firewalls, Intrusion prevention systems etc.
Cybersecurity Sales Engineer: Sales engineers sell cybersecurity solutions to other companies. A common example of this would be antivirus software. In addition to normal sales work they need an understanding of the software they are selling, how it can be used and need to be able to perform demos of the product to customers to show how it will be useful in a company’s cybersecurity operations.
Encryption Experts: Encryption is the art of transforming a message into an unreadable form (ciphertext) and then reverting that message back to its original form when it reaches the intended recipient. Encryption is an important part of security, because when used properly, even if a business is hacked and information is stolen in it’s encrypted form then it will be useless to the hacker and won’t leak any of the consumers information.
Cybersecurity Regulatory Compliance (Audit): For most large businesses you will have regulatory requirements. Regulations are laws that only apply to those that deal with the agency that enforces them. For example HIPAA is a regulation that affects companies in the healthcare industry. In addition to industry, regulations can be enforced by the location your company operations in, such as California’s CCPA regulation. Cybersecurity auditors and compliance analysts work with companies to make sure they meet all of the requirements that their regulators mandate for them.
Recovering from Cyber Attacks
Incident Responders: Successful cyber attacks against a company are called “Security Incidents”, incident responders are people that respond to these cyber attacks by; containing the situation so that the hack cannot spread to other parts of the company, removing any malware (malicious software) from the company’s tech and restoring any information or services that were lost because of the hack.
Legal Advisors: There are many privacy laws that govern ownership and appropriate use of the consumer information that companies collect during their day to day operations. It’s important to have lawyers that understand these laws that can advise you of things like notification requirements and other required action following a data breach.
Crisis Communication: Whenever a data breach occurs that leaks consumer information you are obligated to report to regulatory bodies in your area and industry, as well as the consumers that were affected. Additionally, some hackers will try to hold a company hostage by encrypting their information and threatening to delete the company’s data if they don’t pay them a certain amount of money. There are cybersecurity professionals that specifically deal with the communication aspect of cybersecurity.
Computer Forensics: Computer forensics is the process of extraction digital evidence from a computer. Following a computer hack, computer forensics allows companies to understand how a hack happened, what events took place during the hack and if there is any evidence that those systems are still infected. Computer forensics is not a perfect science, there are ways for someone to delete evidence from a computer that can stall or prevent forensic work. However, for the most part it does find a lot of useful information and it is an important part of recovering from a major cyber attack.
Cybersecurity in summary, is all about protecting a company’s assets from cyber attacks. These attacks can be directly through a company’s website, use email attachments, exploit a machine that hasn’t been patched and more. Cybersecurity professionals get paid either to help prevent cyber attacks, ensure regulatory compliance or help companies recover from a cyber attack. In many cases people will have jobs that include one or more of these categories but all cybersecurity professionals will fall into at least one of these areas.