What is Cybersecurity?

If it feels like cybersecurity and cybercrime have been especially hot topics for the past few years, then you’re entirely on the mark. In fact, it’s so prolific that if it were measured as a country, then cybercrime—which is predicted to incur damages totaling $8 trillion USD globally in 2023— would be the world’s third-largest economy after the U.S. and China.¹

So what is cybersecurity, and what is its value from a business perspective?

When a business invests in cybersecurity, it is to protect its data, devices and networks from being accessed by an unauthorized party and to prevent criminal activity through company systems. It ensures that sensitive information is kept confidential and available while maintaining its integrity. Take a moment to think of all the personal data that’s stored and critical company operations that are handled exclusively on the internet: passwords, credit card information, personal emails, bank account information and much more.² All of this could be exposed to cyber attacks, and there’s a critical shortage of experts with the necessary skills to solve today’s immense cybersecurity challenges.

In this article, we’ll answer the question, “What is cybersecurity?” with a discussion of the most common cybersecurity threats and the key industries that need robust security solutions.

The Most Common Cyber Threats

It’s challenging to keep up with the latest technologies and trends in cybersecurity threats since there are many varieties of targeted attacks. The most common types of cyber threats to small and medium-sized businesses are malware, ransomware, social engineering, phishing, unpatched and misconfigured systems, credential stuffing and distributed denial-of-service.³

Malware

This is malicious software, contained in a program or digital file, that is uploaded to a company’s network with the intention of harming the system. Malware includes viruses, trojans, worms and spyware that infiltrate an organization’s security solutions.⁴

Ransomware

Ransomware is a subset of malware and one of the most prevalent types of cyber attacks today. Attackers use it to lock a company’s computer files, usually with a form of encryption. They will then demand payment to decrypt them.⁴ Perpetrators may also threaten to erase the data or release sensitive data to the public. This type of attack frequently targets government agencies that may be more easily breached and are critical to public services.⁵

In 2022, a survey of over 300 security leaders found that 90% of organizations reported being affected by ransomware in the past year.⁶

Social Engineering

In this form of attack, the attacker tricks a victim into forgoing security measures so that the perpetrator can gain access to protected sensitive information.⁴ Oftentimes, the malicious actors pretend to be a person or company that the victim knows so that they can leverage their sense of trust.

Phishing

In this most common type of social engineering attack, usually through an email or text message, the targeted person is tricked into either providing security credentials or downloading malicious software onto computers, laptops or mobile devices.³ A phishing scam often appears to be from a credible business and most often asks for sensitive data, such as the user’s login or credit card information.⁵

Unpatched and Misconfigured Systems

If a system’s endpoint security settings are not properly defined, they don’t comply with industry standards and can be an easy means through which unscrupulous parties can access a company’s system. Common misconfigurations include exposure of sensitive information, unpatched software and outdated components. Further a system’s access control might not be working properly. A cybercriminal can use tools to scan for vulnerabilities just like a legitimate penetration tester would.³

Credential Stuffing

In credential stuffing, the attacker steals user credentials from one place to access the user accounts elsewhere. Usernames and passwords can be collected during a system breach or they can be easily purchased online. With this type of attack, which is very common now, there will not be any sign of forced entry into a company’s system, because the infiltrator used legitimate login information.³

Distributed Denial-of-Service (DDoS)

A DDoS attack is more robust than a denial-of-service (DoS) attack. While a DoS attack is also designed to make a system or network inaccessible, a DDoS floods a system, but it uses multiple devices on a network to do so.⁷ This overload of traffic is often coordinated and can target enterprise systems to bring down a website, server or entire network.⁵

Additional Cyber Attacks

The methods listed above are just some of the ways that bad actors try to compromise business systems, hack security systems and steal sensitive data. Other types of cyber attacks include advanced persistent threats (APTs), Man-in-the-Middle (MitM) eavesdropping attacks, drive-by-download attacks, botnets, business email compromise (BEC) and exploit kits.^5,4

What Industries Need Cybersecurity?

The simple answer is “all of them,” but certain business sectors are especially vulnerable to cyber attacks. According to a 2022 report by Check Point Research, the education industry experiences the most cyber attacks, with government and military organizations in second place. Healthcare, the third most attacked sector, saw the greatest increase in attacks in the third quarter of 2022, with one in 43 organizations impacted. However, as the report points out, every industry from communications and finance to transportation, consulting and hardware/software sales has experienced a rise in average weekly attacks.⁸

This demonstrates that every organization needs highly skilled professionals and a robust cybersecurity framework to address potential cybersecurity threats. An effective cybersecurity framework includes well-defined security protocols, policy processes and best practices to secure business operations and network security.

High-Profile Cyber Attacks in Government and Healthcare

The 2020 cyberattack on SolarWinds security software was sophisticated and high profile, and it enabled major hacking into government agencies. FireEye, another cybersecurity company, uncovered the cyberattack and then was attacked itself. By the end of the year, as COVID-19 was spreading around the world, so too were cyber attacks, with almost 4,000 attacks every day.⁹ The subsequent uncovering of many vulnerabilities in critical government departments led to the creation of a joint task force to handle the issue.

In the healthcare sector, the increasing use of electronic health records (EHRs) has created an urgent need to secure sensitive patient information more effectively. Hospital networks also run critical systems, and a healthcare cyberattack can quite literally create a life-or-death situation. Ransomware attacks on hospitals and healthcare providers have increased in both sophistication and frequency, and attacks such as phishing emails have also increased, especially since the start of the pandemic. In March 2020, the COVID-19 Cyber Threat Intelligence League (CTI League) was created, to help protect the medical field from cyber attacks, but the need is even greater now for specialists to solve the growing complexity of security threats in this critical industry.¹⁰

What Do You Need to Succeed in Cybersecurity?

It takes a highly specialized skill set to become a cybersecurity professional, and you must also stay on top of a rapidly evolving industry.

To be a cybersecurity expert, you will need to:

• Apply a wide range of technical skills to various business settings
• Obtain all necessary industry certifications
• Be able to identify, prioritize, and resolve problems
• Manage uncertainty and change
• Lead a diverse team of professionals
• Keep up with current trends and innovations
• Communicate effectively to advise and train your team in cybersecurity best practices
• Help others to develop their unique potential

In 2022, there was a global cybersecurity workforce gap of 3.4 million people, and employers in the U.S. listed 769,736 openings for cybersecurity positions or jobs requiring cybersecurity skills.^11,12 The supply-demand ratio held steady at 65 from 2021, meaning that for every 100 cybersecurity job postings, there are approximately 65 cybersecurity workers in the labor market.¹² In a job market that seems to be increasingly volatile, these statistics shows that a career in cybersecurity has an especially bright future.

Become a Cybersecurity Specialist with an Online Master’s Degree

Much like a typical security force, those in cybersecurity careers protect organizations from a range of known and unknown threats. Because of the high volume of valuable, confidential data, companies of all kinds are deeply invested in hiring more cyber professionals, making it a highly lucrative and future-ready field. For example, the average annual salary for a chief information security officer (CISO) is $255,876, while an application security engineer can earn approximately $116,992.^13,14 But as with many higher level positions, you need the right skills.

Ranked as the #2 Best Online Master’s in Cybersecurity Degree by Fortune, an online Master of Science in Cybersecurity from Yeshiva University’s Katz School of Science and Health will prepare you to hit the ground running in less than two years. The program combines a traditional cybersecurity education, taught by industry experts, with hands-on experience that you’ll need to achieve critical certifications. Whether you're pursuing a career change or updating your current skills, we'd love to talk more with you about the online master’s degree in cybersecurity.