What is Cybersecurity and Why is It Important?

In recent years, headlines about cybersecurity have become increasingly common. Thieves steal customer social security numbers from corporations’ computer systems. Unscrupulous hackers grab passwords and personal information from social media sites or pluck company secrets from the cloud. For companies of all sizes, keeping information safe is a growing concern.

That’s where cybersecurity comes in.

What is Cybersecurity in Simple Words?

Cybersecurity consists of all the technologies and practices that keep computer systems and electronic data safe. And, in a world where more and more of our business and social lives are online, there are many types of cybersecurity roles to consider.

“Cybersecurity aims to protect devices, networks, software and data from external cyber threats,” said Rodney Royster, a cybersecurity adjunct instructor at Southern New Hampshire University (SNHU) with more than 20 years of information security experience in both the federal and private sectors. “This (protection) is accomplished with the use of practices and tools that can mitigate or reduce the impact of these threats.”

Then What is Information Security?

Information security and cybersecurity are often confused. “These two terms are closely related and cross into one another along the way,” Royster said. While you may find them used interchangeably, there are some key differences.

Information security is broader, according to Royster, and it considers encryption, endpoint security and physical security. “(It) ensures the overall protection of data, including its confidentiality, integrity and availability, across various environments,” Royster said.

Everything is connected by computers and the internet, including communication, entertainment, transportation, shopping, medicine and more. A copious amount of personal information is stored among these various services and apps, which is why both cybersecurity and information security is critical.

Why is Cybersecurity Increasingly Important?

Getting hacked isn’t just a direct threat to the confidential data companies need. It can also ruin their relationships with customers and even place them in significant legal jeopardy. With new technology, from self-driving cars to internet-enabled home security systems, the dangers of cybercrime become even more serious.

So, it’s no wonder that international research and advisory firm Gartner predicts worldwide security spending will hit $210 billion in 2024. Gartner also predicts the market will reach $314 billion by 2028.

“Most businesses, whether they’re large or small, will have an online presence,” said Jonathan Kamyck, a senior associate dean of STEM programs at SNHU and former information security officer. “Some of the things you would do in the old days with a phone call or face-to-face now happen through email or teleconference, and that introduces lots of complicated questions with regard to information.”

These days, the need to protect confidential information is a pressing concern at the highest levels of government and industry. State secrets can be stolen from the other side of the world. Companies whose whole business models depend on control of customer data can find their databases compromised. In just one high-profile 2017 case, personal information for 147 million people was compromised in a breach of a credit reporting company, according to the Federal Trade Commission (FTC).

What Are Cyberattacks?

A cyberattack is a malicious effort to access computer systems without authorization with the intent to steal, expose, modify, disable or eradicate information, according to the International Business Machines (IBM).

There could be many reasons behind a cyberattack, according to Royster, including political motivations or related to revenge. “But I believe the main one is financial gain because an attacker could gain a tremendous amount of money during these attacks,” he said.

What Are Some Types of Cyberattacks and Threats?

Cyberattacks can be carried out in a variety of ways. Three of the most common types Royster sees today include phishing, ransomware and social engineering.

Phishing

“Phishing is a type of cyberattack where victims are lured or tricked into something malicious,” Royster said.

He said these attacks often involve fraudulent links and can be done through a variety of channels, such as email, text, social media and websites. The goal of the attack may be for a victim to download viruses or malware (short for malicious software) onto their devices.

Read more: Types of Phishing: Tips to Prevent, Spot, Report Scam Emails

Ransomware

Ransomware involves the encryption of an individual or organization’s data through malware, according to Royster, which restricts access to their own files, systems or networks.

“It is called ransomware because the attacker will request a ransom in order for the company to get their data back,” he said. Even riskier, paying the ransom does not necessarily mean you’ll get your data back.

According to security organization Astra, ransomware attacks have increased 13% in the last five years, with an average cost of $1.85 million per incident. In addition, 13% of small and medium business reported a ransomware attack in the past year, with 24% of respondents reporting at least one attack ever, according to security software provider Datto (PDF Source).

Social Engineering

Social engineering often involves impersonation. “(It) is an attack to retrieve sensitive information by deceiving users,” Royster said. “This could be by an attacker calling you on the phone, pretending to be someone else such as an IT person from your mobile company wanting your password.”

Who is Behind Cyberattacks?

Attacks against enterprises can come from a variety of sources, such as criminal organizations, state actors and private persons, according to IBM. An easy way to classify these attacks is by outsider versus insider threats.

Outsider or external threats include organized criminals, professional hackers and amateur hackers, IBM reported.

Insider threats are typically those who have authorized access to a company’s assets and abuse them deliberately or accidentally, according to IBM, and these threats include employees who are careless of security procedures, disgruntled current or former employees, and business partners or clients with system access.

Developing Cyber Awareness

With so many types of cyber threats and attackers, it’s important for individuals and organizations to take security measures to protect themselves and their data.

“One concept I like is the ‘defense in depth’ method where you are applying multiple layers of security in order to protect your assets from attackers,” Royster said. Just as you might take multiple precautions to protect your physical valuables, you can use security tools to protect yourself in the cyber world, according to Royster.

Some of these tools include:

• Antivirus software
• Encryption
• Firewalls
• Intrusion detection systems (IDS)
• Intrusion prevention systems (IPS)

You can also take preventative measures by creating strong passwords with a variety of upper and lowercase letters, characters and numbers. “Along with this, you should regularly change your password every 60 to 90 days, use multi-factoring authentication and use an antivirus product,” Royster said.

And if you do find yourself a victim of a cybercrime, report it. Royster said you can report a variety of concerns through the FTC, including:

• Fraud
• Identity theft
• Ransomware
• Unwanted phone calls

There are also many resources relating to cybersecurity awareness readily available on the Cybersecurity and Infrastructure Security Agency (CISA) government website based on your needs.

What Are the Types of Cybersecurity?

Here are some common types of cybersecurity available:

• Cloud Security: Cloud security is the amalgamation of technologies and strategies designed to protect data, applications and the associated infrastructure of cloud computing environments from both internal and external threats, according to Skyhigh Security, aiming to prevent unauthorized access and ensure the overall security of data in the cloud.
• Infrastructure Security: Critical infrastructure security describes the physical and cyber systems that are so vital to society that their incapacity would have a debilitating impact on our physical, economic or public health and safety, according to CISA.
• Internet of Things (IoT) Security: IoT is the concept of connecting any device to the internet and other connected devices. The IoT is a network of connected things and people, all of which share data about the way they are used and their environments, according to IBM. These devices include appliances, sensors, televisions, routers, printers and countless other home network devices.
• Network Security: Network security is the protection of network infrastructure from unauthorized access, abuse or theft, according to CISCO, and these security systems involve creating a secure infrastructure for devices, applications and users to work together.

Do You Need a Degree to Be a Cybersecurity Professional?

A cybersecurity degree can help you develop skills and a mindset that empowers you to begin a career in securing systems, protecting information assets and managing organizational risks.

Alex Petitto ’21 earned his bachelor’s in cybersecurity at SNHU. Petitto always wanted to work within the IT sector, and he chose cybersecurity because it’s an expanding field.* He transferred credits from a community college through a U.S. Air Force program and finished his bachelor’s degree in under two years. “It was much quicker than I thought it would be,” he said.

Petitto, who called his cybersecurity degree a “monumental goal,” explored career options in the private sector, but he ultimately decided to remain within the Air Force and transfer to a cybersecurity unit.

“This degree was a critical first step for breaking into the industry,” he said. A bachelor’s degree is a typical requirement in computer and information technology roles, according the U.S. Bureau of Labor Statistics (BLS). 

In 2023, the Bachelor of Science in Cybersecurity at SNHU became a validated program of study by the National Security Agency (NSA). As a designated National Center of Academic Excellence in Cyber Defense (CAE-CD), SNHU met the federal government’s strict criteria when it comes to excellence in cybersecurity education, Kamyck said.

Your cybersecurity degree program can also connect you with experiential learning opportunities to further your growth as a cybersecurity professional. For example, the annual National Cyber League (NCL) has a competition wherein students from across the U.S. practice real-world cybersecurity tasks and skills. SNHU recently placed 25th out of over 500 colleges participating in the NCL competition.

Starting With a Certificate

If you want to see what a cybersecurity education is like before committing to a degree program, you might consider earning a cybersecurity certificate. The certificate at SNHU, for instance, consists of six courses that introduce you to important cybersecurity principles, computer network foundations, problem-solving using systems thinking and more. With an 8-week term schedule, this certificate can be completed in well under a year.

Beginning with a certificate means you can earn a credential in the field quickly, and it may even help position you for entry-level jobs. Better yet: Should you want to build on your knowledge, you can transfer your completed certificate credits into SNHU’s associate degree in cybersecurity or bachelor’s in cybersecurity, which places you well on your way to a second credential.

Career Opportunity and Salary Potential in Cybersecurity

As companies, large and small, scramble to respond to the growing threats, jobs in the cybersecurity field are growing fast.* In fact, the U.S. Bureau of Labor Statistics (BLS) predicts that employment for information security analysts will grow by 33% through 2033.* According to BLS, that’s more than twice as fast as the average computer-related occupation and eight times as fast as all occupations.*

To help fill the need for more professionals in the cybersecurity world, CyberSeek, a project funded by the federal government and supported by industry partners, provides detailed information on the demand for these workers by state. The Cyberseek tool shows that, across the country, there were 457,433 cybersecurity-related job openings over the past year, and for every 100 cybersecurity jobs available between September 2023 and August 2024, only 83 people could fill them.

“There’s a huge shortfall right now in entry-level and mid-level cybersecurity roles,” Kamyck said. “You’re looking at demand across all business sectors, with companies of all sizes.”*

CyberSeek lists the following entry-, mid- and advanced-level roles available in the field. CyberSeek average salaries are based on job openings posted between September 2023 and August 2024:

Entry-level Cybersecurity Roles

• Cybercrime Analyst: Cybercrime analysts make an average salary of $100,150, and common skills necessary for the role include incident response and computer science.*
• Cybersecurity Specialist: Cybersecurity specialists make an average salary of $88,149, and important skills for the role include information systems, vulnerability and security controls.*
• Incident and Intrusion Analyst: Incident analysts make an average salary of $101,130, and common skills needed include incident response and management, cyber threat intelligence and Linux.*
• IT Auditor: Information technology auditors make an average salary of $85,221, and common skills for the role include auditing, accounting and internal controls.*

Mid-level Cybersecurity Roles

• Cybersecurity Analyst: Cybersecurity analysts make an average of $115,795, and the top skills required include auditing, incident response and risk analysis.*
• Cybersecurity Consultant: Consultants in cybersecurity make an average salary of $125,243 and need skills in identity and access management, project management and cybersecurity.*
• Penetration and Vulnerability Tester: Penetration testers make an average salary of $132,457 and need skills in vulnerability assessment and management, penetration testing and Python.*

Advanced-level Cybersecurity Roles

• Cybersecurity Architect: Cybersecurity architects make an average salary of $150,989, and some of the top skills for the role include IT security architecture, Amazon Web Services and Microsoft Azure.*
• Cybersecurity Engineer: Cybersecurity engineers make an average of $143,992 a year and benefit from skills in cybersecurity, firewall and automation.*
• Cybersecurity Manager: Managers in this field earn an average salary of $152,403, and top skills include information systems, project management and risk analysis and management.*

What Does a Cybersecurity Professional Do?

Kamyck said cybersecurity professionals could play a wide range of roles in a modern company. For example, some small businesses may hire a single person to handle all kinds of work protecting data. Others contract with consultants who can offer a variety of targeted services. Meanwhile, larger firms may have whole departments dedicated to protecting information and chasing down threats.

While companies define roles related to information security in a variety of ways, Kamyck said there are some specific tasks that these employees are commonly called on to do. In many cases, they must analyze threats and gather information from a company’s servers, cloud services and employee computers and mobile devices.

“An analyst’s job is to find meaning in all of that data, see what’s concerning,” he said. “Is there a breach? Is someone violating a policy?”

Kamyck said security specialists often work with other information technology (IT) professionals to ensure a company’s systems are secure. That involves not just technical know-how but also people-oriented skills.

But breaches don’t just take the form of someone hacking into a server. They can also involve customer lists sent through unencrypted email, a password written on a sticky note in a cubicle or a company laptop stolen from an employee’s car.

Depending on their specific role, cybersecurity professionals must also think strategically. In many industries, companies rely on employees having quick access to highly sensitive data, such as medical records or bank account information.

“The goal is to balance the needs of the company or the organization you’re working for with the need to protect the confidentiality of customer data and trade secrets,” Kamyck said.

Kamyck said people who do well in these jobs tend to be curious, competitive and willing to keep learning to stay up to date with rapidly changing technology. The work draws on multidisciplinary knowledge, and people who continue with the work find there are a variety of directions they can take in their careers.

For example, Kamyck said if you’re interested in the business side, you might become a manager or run audits that let companies know where they need to improve to meet compliance. If you love the adversarial part of the job, you might become a penetration tester, essentially an “ethical hacker” who tests for system vulnerabilities by trying to get through them.

How to Get Into Cybersecurity

If you’re wondering how to get into cybersecurity, it’s clear there are many positions out there. The question is how to make sure you’re a good fit for them.

According to BLS, most information security analyst jobs require at least a bachelor’s degree in a related field, such as computer science.

Cybersecurity job requirements also sometimes include related work experience, according to BLS. Rather than jumping right into the security side of information technology, you can start as a network or computer systems administrator. Depending on the specific cybersecurity position, employers may have other job requirements.

Aside from work experience and college degrees, some employers also prefer job candidates who have received certifications demonstrating their understanding of best practices in the field.

For example, the Certified Information Systems Security Professional (CISSP) credential, which is administered by cybersecurity association ISC2, validates a professional’s general knowledge and abilities in information security.

Whatever path new employees in cybersecurity want to follow, Kamyck said, those who are willing to make an effort to learn the field can find possibilities in a variety of industries.