People talk about cybersecurity a lot these days.
Everybody does it, and everybody knows about it.
But I believe that’s often not the case.
For instance, let me take one of the definitions of cybersecurity that exists out there. This one comes from Norton. They say:
“Cybersecurity is the state or process of protecting and recovering networks, devices, and programs from any type of cyber attack.”
What does that even mean?
Cybersecurity is one of the most misused terms in technology today. This misunderstandings create problems and, more importantly, a security risk for every organization involved.
That’s why I believe we should agree on what the term and everything around so as to not overhype things unnecessarily and truly address the new challenges of digital transformation.
Also, I think cybersecurity is not something only a person with a degree and college experience can learn.
On the contrary, I believe there are many things a regular person could start implementing to protect itself.
Want to know how?
Let’s start by dissecting two terms: “cybersecurity” and “cyber attacks.”
What Does Cyber Security Mean?
Here’s where the problem starts.
Everybody thinks that cybersecurity is the same as these things other security practices:
- IT Security
- Internet Security
- Cyberphysical Security
And while it encompasses all these aspects, we can safely assume that cybersecurity has grown to include all the aspects of digital security.
Here’s an image from Gartner that helps me illustrate my point:
Now, if pressed to provide a definition, I’d say that cybersecurity is the domain that provides trust, protection, and safety to all your cyber assets (data, software, and hardware).
I’d like to focus on the issue of trust for a second.
Cybersecurity means providing the ability to trust cyberassets. This means creating a layer of protection that involves processes, skills, and technology for the people and environments using those assets.
Cybersecurity makes sure your information stays confidential, undamaged, and available.
Here’s another powerful graph courtesy of Gartner:
So, while digital security encompasses every single one of your assets, cybersecurity encompasses only the non-tangible elements of your assets.
As digital technology is becoming more and more pervasive, cybersecurity needs to be pervasive as well.
Unfortunately, since many organizations have not explicitly defined cybersecurity –or know how to implement cybersecurity solutions– this hinders their ability to develop processes of monitoring and detection.
But since I don’t want that to ever happen to you, let’s talk about what is a cyberattack and how you could protect yourself against it.
What Is a CyberAttack And How Can I Protect Myself?
Long story short, a cyberattack is a malicious and deliberate attempt by a person or an organization to breach the information system of another person or company.
Usually, in most cyber attacks, the attacker seeks some type of benefit from disrupting the victim’s network.
As you can see, there are two main types of cyberattacks: Denial of Service (DoS) attacks and targeted attacks.
Targeted attacks, as well as DoS attacks, can be done by both trained and untrained professionals. The motivations behind cyberattacks are many, and attacks target the general public or national and corporate organizations.
These are some of the most common types of cyberattacks.
Malware is a term that describes malicious software including spyware, ransomware, viruses, and worms. Malware breaches a network and disrupts your system, sometimes to the point of making your system inoperable.
Phishing is the practice of sending fraudulent communications that appear to come from a reputable source to steal sensitive data like credit card and login information.
Phishing is one of the most common cyberattacks.
This type of attack occurs when attackers insert themselves into a two-party transaction to filter and steal data.
A DoS attack floods systems, servers, and networks with traffic to block legitimate requests.
- SQL Injection
This kind of cyberattack occurs when an attacker inserts malicious code into a server that uses SQL, forcing it to reveal sensitive information.
Ransomware is one of the most important threats today. It doesn’t matter if you’re a multimillionaire or an average joe, ransomware could encrypt all your data and demand a ransom –which you shouldn’t ever give.
Just take a look at this graph from Secureworks.
As you can see, ransomware is on the rise, and we need to be ready for it, especially since many people cave in and pay the hackers.
- Zero-day Exploit
This type of attack exploits a network vulnerability that was announced but hasn’t been solved yet. Cyberattackers use that window of opportunity to breach the system and wreak havoc.
Now that you know what kind of cyberattacks could hit you, let’s talk about how to protect yourself against them.
Let me start by saying that you don’t need to be a security specialist to protect yourself. You just need to be careful.
Take a look at these small adjustments you could make to reduce your chances of being a victim of cyberattacks.
The best of these adjustments? They take less than 5 minutes, and cost would cost you almost nothing.
- Create Secure Passwords
This sounds silly, but you have no idea how many people simply use 1234, 0000, and password as their password.
Please don’t do that. You can use a password generator and a system like LastPass or 1Password to make sure that you create safe passwords you can remember.
- Set Up A Firewall
As the name suggests, a firewall monitors all the incoming and outcoming traffic towards your computer. Always ensure your firewall is on so you can block all the potential threats and cyberattack attempts before they happen.
- Back Up Your Data
Regular backups allow you to store your sensitive information away from your computer into a secure server. Back up your data at least once a month and you should be good to go.
Don’t fear; you can even set an automated back-up option using OneDrive or Google Drive so you can rest assured that your data will be safe in case of a cyberattack.
Now, if you’re ever a victim of a cyberattack, these are some steps you can take to minimize the damage:
- Change your passwords
- Check your banking and credit cards
- Never, ever pay a hacker who is holding your data hostage
Last, let’s switch to a friendlier topic.
I hope these tips opened your eyes to the fact that you don’t need to be a specialist to protect yourself.
Now, I want to address those who might be interested in becoming specialists in cybersecurity.
My Advice For The New Cyber Security Specialists
I will start with an inconvenient truth about cybersecurity.
There aren’t enough good guys to stop the bad ones.
What’s more, they are much more motivated and creative than the security experts.
But that doesn’t mean you should quit or not pursue a career.
On the contrary, this is a great moment to become an expert.
According to Hackermoon, there’s a talent shortage of skilled cybersecurity experts. By 2021, there will be 3.5 million unfilled cybersecurity positions, and it might worsen.
The main reason behind this is that many hiring managers are conditioned to prize formal education above technical skills.
However, the tide is changing, and for many managers, it’s perfectly ok not to have an interest in higher education, and if you have the skills to prove your worth, you should try and get some certifications to back you up in case you find a manager who would want to see a degree in your resume.
For me, as a manager, I value other things besides a degree. For instance, candidates who show curiosity, motivation, a strong work ethic, and adaptability will be far more prized than those with a degree and nothing else.
That being said, your academic background doesn’t have to be related to computer science or engineering; the most important thing is to understand how technology is used and the behavior that drives it.
In the end, all I want to tell you all is that the more human-centric your skills are, the more the chances you have in terms of finding a niche in the cybersecurity industry.
In the end, the idea of what constitutes a cybersecurity professional is exponentially expanding; this, without a doubt, will result in new, exciting opportunities in the field, even if today many managers are still betting on candidates with potentially outdated skills.