What You Need To Know Learn About Cybersecurity In 2018
Laurence Bradford, Contributor
Mar 30, 2018 7:00 AM
You might think of cybersecurity as a specialized, niche career—not a skill that the average person should learn about.
But that’s not the case. In an age where we manage more and more of our lives digitally, it means that anyone—in any career—should know simple things about keeping security up to par. At work, this will help companies maintain robust protocols. At home, it will help you protect your own information.
Why anyone and everyone should learn about cybersecurity
Technology Affects All Aspects Of Modern Life
To help explain why security knowledge is so important, let’s first establish the baseline of how daily life operates for most of us. “There aren’t many careers left that aren’t based on technology,” says Matt McCormack, Chief Security Officer at Virtustream.
“Teachers in classrooms are using SMART boards. Someone who comes to your home to do contract work will whip out a smartphone or tablet and add information to an app on the spot. The mistakes that cause the most damage at companies are security-related—something as small as clicking attachments in emails without knowing if they are safe.”
Of course, security concerns don’t stay at work. “Nowadays, you’re not just worried about the security of your company, but also your own security and what you put out on your social networks,” McCormack continues. “When I worked for the government, we constantly advised people on what they could and couldn’t do—even outside of work—when it came to social media.”
How Basic Security Knowledge Can Help Any Career
Aside from simply not clicking suspicious email attachments, there are things nearly all employees can do to enhance company security and make themselves more valuable workers.
“Within any role in the organization, learning about security can help an individual understand the risks and make informed decisions for their key stakeholders,” says Pavi Ramamurthy, senior manager of information security at LinkedIn.
Like what, you ask? Here are a few of Ramamurthy’s examples:
- In sales, reassure customers of an organization’s security posture.
- In corporate communications, you should assess in the context of business reputation and brand trust.
- The legal team should ensure that the right security clauses are built into supplier and customer contracts.
- Regarding HR and/or security, know what’s needed for better security awareness and training.
- Product managers should advise on good security features.
- In engineering development, make sure you develop secure code.
- Security professionals should perform reviews and quality assurance tests for functional and security verification.
- Corporate management should ensure that a good security incident response plan is in place to address any vulnerabilities.
As you can see, it certainly doesn’t require being a security professional to contribute to security-related projects and awareness. In fact, the more equipped a workforce is with this knowledge, the less money and time will be lost to security breaches.
Cyber Attackers Rely On Human Error
Hackers rely only partly on their security-penetration skills. The other thing they need? Regular people making mistakes. “An analysis of threats faced by organizations in the first quarter of 2017 reveals that cyber attackers still rely heavily on user interaction,” says Bo Yuan, Ph.D., professor and chair of the department of computing security at Rochester Institute of Technology.
One high-profile example: the CEO of Equifax attributed the company’s 2017 breach—which comprised the data of over 147 million consumers and could cost over $600 million—to, you guessed it, human error.
“For those who do not work in IT but use computing devices for work, it is necessary to have cybersecurity training so that they understand how minor mistakes or simple oversights might lead to a disastrous scenario regarding the security or bottom line of their organization,” Yuan continues. “With attacks becoming more advanced and sophisticated, training is mission-critical to minimize human error from the cyberattack equation.”
It’s a wise step to take on a personal level as well, since even if your mistake was completely unintentional, you won’t avoid consequences. “No one wants to get fired, especially when you didn’t do anything malicious to harm your company,” says Andrew Jones, senior sales engineer at Shape Security. “But this is exactly what can happen if you fall victim to an email phishing campaign or other social engineering attack and become the vector by which your company exposes sensitive information. Educate yourself to be suspicious and cautious when it comes to operational security.”
Security Know-How Can Advance You In Your Existing Job
Gaining new skills is a tried-and-true way of getting ahead at your job, and security is one that looks particularly good. “Educating yourself about security (cyber, physical, or otherwise) will positively impact the average person’s career,” says Jones.
The first step to getting promotions or pay raises is showing that you can be trusted with additional responsibilities. “Even if your job is not directly related to a security role, consider the ways that your work could be abused by a malicious third party,” Jones continues.
For example, consider sending an email to your customers that contains a link. “You could use a shortened URL service, like Google’s https://goo.gl, to make the document read better, but that could also provide a template for a bad actor to phish your customers with an identical email using a similar goo.gl link that points to a malicious website,” explains Jones. “The average consumer would have no way of telling the difference. How could you compensate for that risk? Are you even thinking about the potential vulnerability?”
Your company may be willing to cover educational expenses on your behalf, but even if they don’t, there are plenty of ways to pursue security knowledge independently. It doesn’t even have to mean formal training, either. “Educating yourself about security doesn’t just mean getting a certification or diploma,” says Jones. “It’s adjusting your way of thinking about the world so that you can put yourself in the bad guy’s shoes and really consider how they could exploit a weakness.”
Gaining Knowledge Now Can Lead To A Lucrative Career Later
If you begin dabbling in security and discover that you enjoy it or have a knack for related skills, why not pursue it full-time? Doing so is more lucrative than ever. According to Cybersecurity Ventures, it’s predicted that by 2021 there will be 3.5 million unfilled cybersecurity positions. That kind of demand should be attractive to anyone seeking career advancement.
Sarah Squire, senior technical architect at Ping Identity, started her own security career after transitioning from another job. “I began my career in web development, but I was recruited onto a niche information security team,” she said. “After one year of exhaustive training, I was hooked. From there, I got the qualifications to open my own consulting business, contribute to NIST guidelines, speak at high-profile security conferences, author white papers, and contribute to standard protocols that everyone on the internet uses on a daily basis. My security education super-charged my entire career trajectory.”
Plus, it’s work that will help you solve real problems. “The consequences of the cybersecurity skills gap spread far outside of the security space—leaving workplaces across all countries and industry verticals vulnerable to attack,” says Dr. Yuan. “The average data breach is projected to reach a $150 million price tag, plus the corresponding customer and employee trust/loyalty-related outcomes of a breach.”
Ready to start looking into cybersecurity skills or potentially pursue it as a career? Here’s where to start.