As the world becomes increasingly connected, cybercriminals become progressively sophisticated. This means the demand for cybersecurity professionals with advanced knowledge and expertise is growing.
A snapshot of an organization’s ability to protect its data and networks includes the following stats:
- Sixty-eight percent of leaders believe cybersecurity risks to their organizations are increasing.
- Over half (54%) say their IT teams are unprepared to handle cyberattacks.
- The cost of a data breach increased to $4.35 million in 2021, up 12% from 2020.
- Small businesses are the target of 43% of attacks, nearly 8 out of 10 do not have an attack response plan and most breaches go undetected for six months.
- In April 2021, cybercriminals exploited a two-year-old misconfiguration in a Facebook system and stole the personal information of more than 500 million users.
In the face of such statistics, it is a seller’s market for cybersecurity experts. Job postings in 2019 increased 94% in six years compared to 30% in all other IT jobs. On average, employers can find only two currently employed candidates (a key indicator of supply keeping up with demand) for every posted position compared to nearly six for other IT careers.
“Cybersecurity roles take 20% longer to fill than other IT jobs,” according to Burning Glass Technologies. “The growing dependence on the Internet in the economy, and in daily life, ensures the demand for cybersecurity talent will continue to grow.”
How Do Data Professionals Prepare for Careers in Cybersecurity?
Graduates of the Master of Science in Cybersecurity online program offered by Eastern Michigan University are well equipped to compete for high-growth positions such as systems analyst, network engineer and information security manager and engineer. Two of its courses, titled Offensive Security and Defensive Security, provide students with skills in two crucial areas in cybersecurity strategy.
Students in the program gain insights into offensive measures, such as ethical hacking, and defensive strategies and tactics for hardening network infrastructure, containing attacks and ensuring regulatory compliance.
What Is Offensive Cybersecurity?
Offensive cybersecurity comprises a strategy known as penetration testing (pen testing), in which companies launch simulated attacks on their own networks to uncover potential weaknesses and assess IT security.
“Pen testing” is also known as ethical hacking. Organizations can hire third-party businesses to launch simulated attacks and obtain unbiased, third-party results and recommendations or conduct them in-house. Companies employ ethical hackers, also known as white hat hackers, to:
- Discover vulnerabilities what malicious actors, also known as black hat hackers, can see
- Assess data that would be of most value to black hatters
- Discover how black hatters can use that information
- Find out if anyone noticed the white hat simulated attack
- Recommend ways that fix the weakness and provide optimal security
Although ethical hacking takes time and money, finding weaknesses before cybercriminals do protects not only data but also reputation. If Facebook had pen tested and discovered its 2-year-old system vulnerabilities, it could have adequately protected the personal data of 553 million accounts.
“The Facebook breach is a reminder to every organization that auditing and testing their systems for vulnerabilities is a worthwhile investment,” according to authO, an identity-use consultant.
What Is Defensive Cybersecurity?
Cyber defense, as distinct from offensive cybersecurity, comprises strategies and tactics that protect data and networks from malicious intrusion by with many methods. Cyber defense strategy trains employees in cyberattack recognition and best practices. Verizon says 30% of social engineering attacks use employees to enter networks. It also monitors threat-assessment for intelligence and ensures system protection in a constantly evolving risk environment. Cyber defense also assigns high priority to deploy advanced counter-measures — including automation, zero-trust and artificial intelligence capabilities — threat detection and response.
McKinsey & Company warns that the cybercrime universe now includes large organizations (sometimes with government sponsorship) that leverage advanced technologies. Moreover, organizations ranging from small and medium-sized businesses to global organizations, state and federal government agencies are targets.
“Even today’s most sophisticated cybercontrols, no matter how effective, will soon be obsolete,” McKinsey cautions. It adds that leadership must account for attackers’ ongoing adoption of machine learning technologies and have the vision to anticipate increasingly dangerous environments. An advanced degree in cybersecurity will equip professionals with the necessary skills and practice to challenge modern security threats in nearly every sector.