Cybercriminals strike governments and businesses daily — there were 153 million malware attacks in 12 months ending March 2021, according to CompariTech. This trend creates a high demand for digital security professionals with the education and expertise to defend against increasingly sophisticated threats.

Malware — typically known as viruses, spyware or worms — is but one tool cybercriminals use to compromise networks and steal data. Others include phishing, man-in-the-middle and denial-of-service attacks and SQL injection (code inserted through website activity that seems harmless).

Hacks against corporations receive virtually all the media attention about cybercrime. Still, four in 10 attacks are directed at small and medium-sized businesses, as they adopt machine learning and other advanced technologies but lack adequate cybersecurity to protect against risk.

“There are two kinds of companies: those that have been hacked, and those who don’t know yet they’ve been hacked,” former Cisco CEO John Chambers has said.

Estimates place the global ransomware cost to businesses by 2031 at $265 billion, typically in untraceable cybercurrency, with attacks landing every two seconds. Such statistics drive demand for cybersecurity professionals well beyond the supply of specialists, with the gap growing by 20% to 30% annually through the decade.

How Do Cybercriminals Attack Businesses?

According to Virtual-Q, a cybersecurity provider, companies face, on average, more than 20 security breaches annually. Ninety-one percent of them start with phishing.

Phishing is a social engineering tactic in which a trusted source sends an email blast and steals personal or company information by asking recipients to complete a survey, respond to a marketing opportunity or install an urgent software upgrade.

Spear-phishing differs in that the hacker harvests information from a particular target’s social media accounts and other public information to write a fake email — again, from an apparently trusted source such as a friend or colleague, also harvested from social media.

A spear-phishing email includes a link to a safe site that’s relevant to the harvested information. For instance, if the recipient has posted travel plans, the link might appear to go to a restaurant in the destination. Clicking that link enables the hacker to insert malware into the system.

Other common cyberattacks listed by Cisco include:

  • Man-in-the-middle: Hackers eavesdrop on two-party connections on public Wi-Fi to steal information from both sides of the transaction.
  • Denial-of-service attacks: Attackers overwhelm systems, servers and networks by swamping them with traffic to block legitimate transactions.
  • Zero-day exploit: Attackers insert malware between the time a software or network vendor discovers a vulnerability and issues a patch to fix it.

“Often, attackers are looking for ransom: 53% of cyberattacks resulted in damages of $500,000 or more,” according to the digital services provider. “Cyberthreats can also be launched with ulterior motives. Some attackers look to obliterate systems and data as a form of ‘hacktivism.'”

Statistics such as those are driving demand well beyond the current supply of cybersecurity professionals with the expertise and education to protect systems and data from attack.

How Do Cybersecurity Professionals Protect Businesses?

The first line of cybersecurity are specialists with high-demand skills and expertise in developing and implementing the following:

  • Two-factor authentication, encryption, regular software updates and other defensive protection policies
  • Network architecture diversification to isolate breaches
  • Employee education to help them recognize social engineering scams and other protection measures
  • Incident response and recovery protocols

A Master of Science in Cybersecurity, such as the online program offered by Eastern Michigan University, prepares graduates for such roles as systems analysts, network engineers and information systems managers and engineers through a curriculum that explores security solutions such as:

  • Defensive security, including breaches and disasters, compliance, network infrastructure and password management, vulnerability scanning and penetration testing
  • Offensive security to understand cybercrime strategies and tactics, penetration testing, vulnerability discovery, reverse engineering and Internet-of-things security
  • Risk management and incident response to develop expertise in incident response and methods for assessing and mitigating risk systematically

“In the United States, there are around 879,000 cybersecurity professionals in the workforce and an unfilled need for another 359,000 workers,” according to CNN, which estimates the global gap at more than 3 million, noting that salaries can be “whatever you want.”

An advanced degree in cybersecurity can equip professionals with the necessary skills to resist cyberattacks in the modern, digital world.

Learn more about Eastern Michigan University’s Master of Science in Cybersecurity online program.