What is Cybersecurity and Why is it Important?

In recent years, headlines about cybersecurity have become increasingly common. Thieves steal customer social security numbers from corporations’ computer systems. Unscrupulous hackers grab passwords and personal information from social media sites or pluck company secrets from the cloud. For companies of all sizes, keeping information safe is a growing concern.  

What is Cybersecurity? 

Cybersecurity consists of all the technologies and practices that keep computer systems and electronic data safe. And, in a world where more and more of our business and social lives are online, it’s an enormous and growing field with many types of cybersecurity roles available.

According to the Cybersecurity and Infrastructure Security Agency (CISA): "Cybersecurity is the art of protecting networks, devices and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity and availability of information."

Then What is Information Security? 

Information security refers to the strategies and technologies implemented and utilized to safeguard confidential business data from being altered, interrupted, destroyed or examined, according to CISCO.

Information security and cybersecurity are often confused. According to CISCO, information security is a crucial part of cybersecurity, but is used exclusively to ensure data security.

Everything is connected by computers and the internet, including communication, entertainment, transportation, shopping, medicine and more. A copious amount of personal information is stored among these various services and apps, which is why information security is critical.  

Why is Cybersecurity Increasingly Important? 

Getting hacked isn’t just a direct threat to the confidential data companies need. It can also ruin their relationships with customers and even place them in significant legal jeopardy. With new technology, from self-driving cars to internet-enabled home security systems, the dangers of cybercrime become even more serious.  

So, it’s no wonder that international research and advisory firm Gartner predicts worldwide security spending will hit $188.1 billion in 2023. Gartner also predicts the market will reach $288.5 billion by 2027.

“We’re seeing a tremendous demand for cybersecurity practitioners,” said Jonathan Kamyck, a senior associate dean of STEM programs at Southern New Hampshire University (SNHU).* “Most businesses, whether they’re large or small, will have an online presence, for example. Some of the things you would do in the old days with a phone call or face-to-face now happen through email or teleconference, and that introduces lots of complicated questions with regard to information.”

These days, the need to protect confidential information is a pressing concern at the highest levels of government and industry. State secrets can be stolen from the other side of the world. Companies whose whole business models depend on control of customer data can find their databases compromised. In just one high-profile 2017 case, personal information for 147 million people was compromised in a breach of credit reporting company Equifax, according to the Federal Trade Commission (FTC). 

What are Cyberattacks? 

A cyberattack is a malicious effort to access computer systems without authorization with the intent to steal, expose, modify, disable or eradicate information, according to the International Business Machines (IBM).  

There are many reasons behind a cyberattack, such as cyber warfare, cyber terrorism and even hacktivists, according to IBM, and these actions fall into three main categories: criminal, political and personal.

Attackers motivated by crime typically seek financial gain through money theft, data theft or business disruption, IBM reported. Similarly, personal attackers include disgruntled current or former employees who will take money or data in an attempt to attack a company's systems. Socio-political motivated attackers desire attention for their cause, resulting in their attacks being known to the public, and this is a form of hacktivism. Other forms of cyberattacks include espionage, spying to gain an unfair advantage over the competition and intellectual challenges, according to IBM.

According to Varonis, ransomware attacks have increased by 13% in the last five years, with an average cost of $1.85 million per incident. In addition, 13% of small and medium businesses reported a ransomware attack in the past year, with 24% of respondents reporting at least one attack ever, according to Datto (PDF source).

The Small Business Association (SBA) reports that small businesses make attractive targets and are typically attacked due to their lack of security infrastructure. The SBA also reports that a majority of small business owners felt their business was vulnerable to an attack. The SBA said this is because many of these businesses:

• Can't afford professional IT solutions
• Don't know where to begin
• Have limited time to devote to cybersecurity 

What are Some Types of Cyberattacks and Threats? 

Here are some of the most common threats among cyberattacks: 

• Malware: Malware is also known as malicious software, according to CISCO, and it is intrusive software crafted by cybercriminals to illicitly acquire data or to harm computers and their systems. Malware has the capability of exfiltrating massive amounts of data, CISCO reported, and examples of common malware are viruses, worms, trojan viruses, spyware, adware and ransomware.
  
  
• Phishing: Phishing attacks are the practice of sending fraudulent communications while appearing to be a reputable source, according to CISCO. This is typically performed via email or on the phone, CISCO reported, and the goal is to steal sensitive data such as financial or login information — or to install malware onto a target's device. 
  
  
• Ransomware: Ransomware is a form of malware designed to encrypt files on a target device, rendering those files and the systems they rely on unusable, according to the CISA. Once the system has been encrypted, actors demand ransom in exchange for decryption, CISA reported.  
  
  
• Viruses: A virus is a harmful program intended to spread from computer to computer, as well as other connected devices, according to the SBA. The object of a virus is to give the attacker access to the infected systems, Proofpoint reported, and many viruses pretend to be legitimate applications but then cause damage to the systems, steal data, interrupt services or download additional malware.  

Who is Behind Cyberattacks? 

Attacks against enterprises can come from a variety of sources, such as criminal organizations, state actors and private persons, according to IBM. An easy way to classify these attacks is by outsider versus insider threats. 

Outsider or external threats include organized criminals, professional hackers and amateur hackers (like hacktivists), IBM reported.  

Insider threats are typically those who have authorized access to a company's assets and abuse them deliberately or accidentally, according to IBM, and these threats include employees who are careless of security procedures, disgruntled current or former employees, and business partners or clients with system access.  

Developing Cyber Awareness 

Cybersecurity Awareness Month takes place every October and encourages individuals and organizations to own their role in protecting their cyberspace, according to Forbes, although anyone can practice being mindful of cybersecurity at any time. Awareness of the dangers of browsing the web, checking emails and interacting online in general are all part of developing cybersecurity awareness. 

Cybersecurity awareness can mean different things to different people depending on their technical knowledge. Ensuring appropriate training is available to individuals is a great way to motivate lasting behavioral changes, Forbes reported.  

While cybersecurity awareness is the first step, employees and individuals must embrace and proactively use effective practices both professionally and personally for it to truly be effective, according to Forbes.

Getting started with cybersecurity awareness is easy, and many resources are readily available on the CISA government website based on your needs. Whether you need formal training or a monthly email with cybersecurity tips and tricks, any awareness and training can impact behavior and create a positive change in how you view cybersecurity. 

What are the Types of Cybersecurity? 

Here are the some common types of cybersecurity available: 

• Application Security: Application security refers to the measures integrated into applications during their development to safeguard the data or code within them from theft or highjacking, according to VMWare, and these protective mechanisms are designed to shield the application post-development.
  
  
• Cloud Security: Cloud security is the amalgamation of technologies and strategies designed to protect data, applications and the associated infrastructure of cloud computing environments from both internal and external threats, according to Skyhigh Security, aiming to prevent unauthorized access and ensure the overall security of data in the cloud.
  
  
• Infrastructure Security: Critical infrastructure security describes the physical and cyber systems that are so vital to society that their incapacity would have a debilitating impact on our physical, economic or public health and safety, according to CISA. 
  
  
• Internet of Things (IoT) Security: IoT is the concept of connecting any device to the internet and other connected devices. The IoT is a network of connected things and people, all of which share data about the way they are used and their environments, according to IBM. These devices include appliances, sensors, televisions, routers, printers and countless other home network devices. Securing these devices is important, and according to a study by Bloomberg, security is one of the biggest barriers to widespread IoT adoption. 
  
  
• Network Security: Network security is the protection of network infrastructure from unauthorized access, abuse or theft, according to CISCO, and these security systems involve creating a secure infrastructure for devices, applications and users to work together. 

Do You Need a Degree To Be a Cybersecurity Professional? 

A cybersecurity degree provides an opportunity for students to develop skills and a mindset that empowers them to begin a career in securing systems, protecting information assets and managing organizational risks.  

Alex Petitto ’21 earned his bachelor’s in cybersecurity at SNHU. Petitto always wanted to work within the IT sector, and he chose cybersecurity because it’s an expanding field. He transferred credits from a community college through a U.S. Air Force program and finished his bachelor's in under two years. "It was much quicker than I thought it would be,” he said.

It didn't take long for Petitto to begin exploring his career options. "Even before finishing (my) degree, I … received multiple invites to interview for entry-level positions within the industry and received three job offers," said Petitto. He decided to remain within the Air Force and transfer to a cybersecurity unit as opposed to joining the private sector.

Petitto said his cybersecurity degree opened doors for him in the field — “a monumental goal for me," he said. "This degree was a critical first step for breaking into the industry."

In 2023, the Bachelor of Science in Cybersecurity at SNHU became a validated program of study by the National Security Agency (NSA). As a designated National Center of Academic Excellence in Cyber Defense (CAE-CD), SNHU met the federal government's strict criteria when it comes to excellence in cybersecurity education, Kamyck said.

Your cybersecurity degree program can also connect you with experiential learning opportunities to further your growth as a cybersecurity professional. For example, the annual National Cyber League (NCL) has a competition wherein students from across the U.S. practice real-world cybersecurity tasks and skills. SNHU recently placed 65th out of over 500 colleges participating in the NCL competition.

Starting with a Certificate

If you want to see what a cybersecurity education is like before committing to a degree program, you might consider earning a cybersecurity certificate. The certificate at SNHU, for instance, consists of six courses that introduce you to important cybersecurity principles, computer network foundations, problem-solving using systems thinking and more. With an 8-week term schedule, this certificate can be completed in well under a year.

Beginning with a certificate means you can earn a credential in the field quickly, and it may even help position you for entry-level jobs. Better yet: Should you want to build on your knowledge, you can transfer your completed certificate credits into SNHU's associate degree in cybersecurity or bachelor's in cybersecurity, which places you well on your way to a second credential.

Career Opportunity and Salary Potential in Cybersecurity 

As companies, large and small, scramble to respond to the growing threats, jobs in the cybersecurity field are growing fast. The U.S. Bureau of Labor Statistics (BLS) predicts that employment for information security analysts will grow by 32% through 2032.* According to BLS, that’s more than twice as fast as the average computer-related occupation and ten times as fast as all occupations.*

To help fill the need for more professionals in the cybersecurity world, CyberSeek, a project funded by the federal government and supported by industry partners, provides detailed information on the demand for these workers by state. The Cyberseek tool shows that, across the country, there were 572,392 cybersecurity-related job openings in 2023, and for every 100 cybersecurity jobs available between September 2022 and August 2023, only 72 people could fill them.

“There’s a huge shortfall right now in entry-level and mid-level cybersecurity roles,” Kamyck said. “You’re looking at demand across all business sectors, with companies of all sizes."

CyberSeek lists the following entry-, mid- and advanced-level roles available in the field. CyberSeek average salaries are based on job openings posted between May 2022 and April 2023:

Entry-level Cybersecurity Roles

• Cybercrime Analyst: Cybercrime analysts make an average salary of $101,019, and common skills necessary for the role include digital forensics and computer science.*
• Cybersecurity Specialist: Cybersecurity specialists make an average salary of $92,901, and important skills for the role include information systems, vulnerability and risk analysis.*
• Incident and Intrusion Analyst: Incident analysts make an average salary of $97,725, and common skills needed include incident response and management, cyber threat intelligence and Linux.*
• IT Auditor: Information technology auditors make an average salary of $98,805, and common skills for the role include auditing, accounting and internal controls.*

Mid-level Cybersecurity Roles

• Cybersecurity Analyst: Cybersecurity analysts make an average of $107,346, and the top skills required include auditing, incident response and risk analysis.*
• Cybersecurity Consultant: Consultants in cybersecurity make an average salary of $118,610 and need skills in auditing, project management and cybersecurity.*
• Penetration and Vulnerability Tester: Penetration testers make an average salary of $124,424 and need skills in vulnerability assessment and management, penetration testing and Python.*

Advanced-level Cybersecurity Roles

• Cybersecurity Architect: Cybersecurity architects make an average salary of $147,142, and some of the top skills for the role include IT security architecture, Amazon Web Services and Microsoft Azure.*
• Cybersecurity Engineer: Cybersecurity engineers make an average of $131,768 a year and benefit from skills in cybersecurity, firewall and automation.*
• Cybersecurity Manager: Managers in this field earn an average salary of $150,943, and top skills include information systems, project management and risk analysis and management.*

What Does a Cybersecurity Professional Do? 

Kamyck said cybersecurity professionals could play a wide range of roles in a modern company. For example, some small businesses may hire a single person to handle all kinds of work protecting data. Others contract with consultants who can offer a variety of targeted services. Meanwhile, larger firms may have whole departments dedicated to protecting information and chasing down threats.

While companies define roles related to information security in a variety of ways, Kamyck said there are some specific tasks that these employees are commonly called on to do. In many cases, they must analyze threats and gather information from a company’s servers, cloud services and employee computers and mobile devices.

“An analyst’s job is to find meaning in all of that data, see what’s concerning,” he said. “Is there a breach? Is someone violating a policy?”

In many cases, Kamyck said, security specialists work with other information technology (IT) professionals to ensure a company’s systems are secure. That involves not just technical know-how but also people-oriented skills.

But breaches don’t just take the form of someone hacking into a server. They can also involve customer lists sent through unencrypted email, a password written on a sticky note in a cubicle or a company laptop stolen from an employee’s car.

Depending on their specific role, cybersecurity professionals must also think strategically. In many industries, companies rely on employees having quick access to highly sensitive data, such as medical records or bank account information.

“The goal is to balance the needs of the company or the organization you’re working for with the need to protect the confidentiality of customer data and trade secrets,” Kamyck said.

Kamyck said people who do well in these jobs tend to be curious, competitive and willing to keep learning to stay up to date with rapidly changing technology. The work draws on multidisciplinary knowledge, and people who continue with the work find there are a variety of directions they can take in their careers.

For example, Kamyck said if you're interested in the business side, you might become a manager or run audits that let companies know where they need to improve to meet compliance. If you love the adversarial part of the job, you might become a penetration tester, essentially an “ethical hacker” who tests for system vulnerabilities by trying to get through them.

How To Get Into Cybersecurity

If you’re wondering how to get into cybersecurity, it’s clear there are many positions out there. The question is how to make sure you’re a good fit for them. According to BLS, most information security analyst jobs require at least a bachelor’s degree in computer science or another related field. 

Cybersecurity job requirements also sometimes include related work experience, according to BLS. Rather than jumping right into the security side of information technology, you can start as a network or computer systems administrator. Depending on the specific cybersecurity position, employers may have other job requirements. For instance, keeping databases secure might be an ideal job for someone who’s spent time as a database administrator and is also well-versed in security issues.

Aside from work experience and college degrees, some employers also prefer job candidates who have received certifications demonstrating their understanding of best practices in the field. For example, the Certified Information Systems Security Professional (CISSP) credential, which is administered by cybersecurity association ISC2, validates a professional’s general knowledge and abilities in information security. There are also more specific certificates, such as an online cybersecurity certificate, which can highlight specialized knowledge of computer architecture, engineering or management.

Whatever path new employees in cybersecurity want to follow, Kamyck said, those who are willing to make an effort to learn the field will find abundant opportunities.

“There’s needs in government. There’s needs in finance. There’s needs in education,” Kamyck said. “There’s a tremendous unfilled need.”*

*Cited job growth projections may not reflect local and/or short-term economic or job conditions and do not guarantee actual job growth. Actual salaries and/or earning potential may be the result of a combination of factors including, but not limited to: years of experience, industry of employment, geographic location, and worker skill.

Nicholas Patterson ’22 is a writer and alumnus of Southern New Hampshire University (SNHU), where he earned his bachelor’s degree in English and creative writing. He is currently honing his craft further as he pursues an MFA in Creative Writing from SNHU. Connect with him on LinkedIn.