Top 5 Reasons To Learn Cyber Security

“Ignore any messages from me. My Facebook account got hacked!”...

As nerds, we often roll our eyes when our school friends or older family members get ‘hacked’ after installing dodgy apps or forgetting to log out on their social media, but the thing is, cyber threats are on the rise.

In the last few years, the need for security has grown but it’s not simply door cameras or motion sensors that we need to be concerned with, it’s people stealing our online information!

• Account Passwords
• Health Records
• Credit Card and Bank Information
• Private Messages
• Emails, and more

You hear horror stories of people suddenly being in mountains of credit card debt who’ve never even applied for credit before.

Even worse, if you’re a business owner then you can be susceptible to hacks damaging your software, crashing your platforms, or stealing customer details. Heck, you can not only lose customers when this happens but be fined huge amounts of money thanks to updates in privacy laws.

In 2021 alone, Data Breaches and theft of user information rose 68% from 2020, with companies like Linkedin, T-Mobile, Facebook, and more losing billions of users' customer data!

Obviously, this growth in hacking is bad news for the general public but great news for programmers, as there’s a growing demand for Cyber Security Specialists who can help prevent attacks and secure companies, and the pay is substantial.

Before we get into that though, let’s break down some key information around Cyber Security, along with the top 5 reasons why you should learn this field today…

What is Cyber Security?

Let’s start nice and simple. Cyber Security is the act of protecting computer networks and systems from downtime and service disruption, information theft, data corruption, and service redirection.

Basically, the goal is to defend servers, personal and private data, electronic systems, computers, and mobile devices from malicious attacks.

Some of the branches of Cyber Security include:

• Mobile Security such as protecting mobile data, privacy, and mobile services
• Application Security and protecting apps from outside threats and vulnerabilities
• Software Security, which requires constant testing of the software and its code to discover bugs/vulnerabilities that could lead to compromising the device that is running it or the device that is interacting with it
• Cloud Security and protecting Cloud-Based Systems. This includes keeping data private and safe across online-based infrastructure, applications, and platforms
• IoT Security or ‘Internet Of Things’ security focuses on methods to protect internet-connected and network-based devices. With the development and growth of IoT Devices, there is a strong need for security in this branch as many companies got compromised through a vulnerable IoT device that was connected to the internet. (At one point homes were being broken into thanks to backdoor hacks on wifi-enabled smart fridges!)

Why is it important to learn Cyber Security?

In 2021 alone, 86.2% of organizations were compromised by successful cyber security attacks.

This could be simple service disruptions but for other companies, it was the loss of user data or worse.

Even crazier?

• There is a hacker attack every 39 seconds
• 64% of companies have experienced web-based attacks
• Since COVID-19, the US FBI reported a 300% increase in reported cybercrimes
• ~$10.5 trillion is expected to be spent globally on cybersecurity by 2025
• Unfilled cybersecurity jobs worldwide grew 350% to ~3.5 million from 2013 to 2021. Way more jobs are becoming available than there are people with the skills to fill them

Clearly, we don’t want to lose our customers or even our own information, nor do we want our platforms or services to go down and so the demand and need for cyber security professionals in all areas of technology are on the rise.

We’ve already covered the main tech fields that you might work in as a cyber security professional, but let’s cover the main types of threats you need to be aware of…

The 8 main types of Cyber Security attacks:

There are a wide range of cyber security attacks that we can learn to defend, but these are the most common methods. Almost every attack or hack is some variation of these.

#1. Malware Installation

This involves you installing malicious code on your own device by accident, and is usually hidden as something else. This could be installing a new mobile or desktop application, but it can also be an update to something you already use with a virus piggybacking on the trusted source such as an update to an audio driver etc.

There are multiple versions of this method but almost always they require you to actually click a link or agree to install, which is why the next method exists…

#2. Phishing, Spoofing and Clickjacking

Phishing is the art of pretending to be a trusted source so that you can then either install malware or give away information by accident. Think emails that are made to look like they are from your bank etc or telling you you’ve inherited millions of dollars.

We laugh at these because some of them are so glaringly fake, but there are also a number of these that slip through the cracks, usually because it looks like it’s actually from a legit source.

(Spoofing is where they either replicate a trusted source, or they hack that source and insert a malicious link inside of their assets or communications.)

Sometimes though, it’s as simple as doing a bait and switch and making you click on the wrong thing aka ‘Clickjacking’. This is where a pop up will overlay on something you want to click on, but you end up clicking on the virus or malware by accident and installing it.

As a rule of thumb, always double check the source, especially when mousing over something.

#3. SQL Injection Attack

An SQL or Sequel injection attack refers to a specific attack on databases that are built on SQL.

If these databases are not updated they can become victim to code injection hacks where the hacker can either use malicious code to gain entry and steal user data such as addresses, passwords, or credit cards on file.

Sometimes they can even use this to manipulate flaws in SQL databases or find source code access.

#4. Cross-Site Scripting

Similar to an SQL attack but with a different goal. In an SQL attack, the main goal is to usually hack the main database or site so that they can steal the user's or customers data.

In a cross-site attack, they attack the site using an SQL injection method as before, but rather than attacking the site and making the owner aware of it, they instead piggyback and use that trusted site to help install malicious code directly onto its users' web browsers.

The user visits the site or database and is then hacked, allowing the attacker to either access other information on the user's browser and computer, or they can simply keylog and track the information users type into their device such as passwords, etc.

An example of this is when a keylogging software managed to get onto the global space station. One of the astronauts had been hacked by a code designed to steal their World of Warcraft account, and then the Trojan code was added to multiple laptops.

#5. Denial of Service (DoS)

Often referred to as a DoS or DDoS attack, the goal of a Distributed Denial of Service attack is to spam a site or server with so much traffic that it can’t handle it and the service stops working.

This can be to take down a specific site or even a range of sites across a network of servers.

For Example

Cloudflare is a service that helps provide SSL certificates and more to help improve website user experiences. They offer a range of services but one of the main ones is hosting copies of sites on servers that are located closer to users so that they load fast and reduce downtime.

This means that a LOT of sites are hosted with them, and in June of 2022, they were on the receiving end of the largest DDoS attack in the web’s history, with 26 Million requests per second flooding their servers!

#6. Man-in-the-Middle Attacks

When you’re on the internet and accessing a web page or app, there are numerous requests sent back and forth between your computer and the hosting site.

A man-in-the-middle attack manages to hijack the interaction between your computer and the host site, pretending to be you and allowing it to access secure information. This is just another example of how a hacker may use a Cross-Site scripting attack.

#7. Credential Reuse

Ever use the same passwords for multiple sites?

Well, hackers know this, and they will often hack one secure location and then use the information on file to see if they can access other sites with the password that you have saved there…

#8. Brute Force Attacks

Sometimes a hacker or hacking program will use a tool to attempt to hack into a site by attempting all variations of passwords, PINs, or login methods.

Imagine if a hacker has your card details, then the 3-digit security code can be easy enough to find with enough time and attempts.

So now you know most of the threats to your cyber security, you’re probably wondering how to actually stop them right?

Is it hard to learn Cyber Security?

I’ll be honest, learning cyber security can be challenging but in a good way. The field is constantly evolving as new code, languages, hacks, and programs are developed. This means you’re constantly having to learn and staying on top of the game. This can be fun if you like to learn or enjoy competition as you’ll never stagnate or get bored.

Not only do you need to learn your field, but you’ll also have to get a good grounding in other fields and languages. In general, a security expert should have a good knowledge of Networking, Operating Systems, and basic Programming knowledge in possibly multiple languages.

Why learn all this?

Well, it’s hard to protect your assets if you don’t fully comprehend how they work and where their weaknesses are, and so you’re often having to put yourself in the shoes of the hacker and try to figure out how they might do the job. It’s like they say in crime dramas, “The best detectives would make the best criminals, because they have to think like them!”

There are multiple fields of cyber security but you can actually perform this type of security as a speciality.

For example

Companies will hire Ethical Hackers or Penetration Testers to try and hack their systems and find their weaknesses.

You can either do this as a service on your own, or even as an event known as ‘Red Teaming”.

Companies will hire a ‘Red team’ to hack or disrupt their site, app, database or platform, while their own employees will act as the ‘Blue team’, on guard and trying to respond to these attacks live.

Pretty cool right?

It’s like a computer game where you are trying to secure a fortress and all its gates from any unauthorized entrances. The goal is to outsmart and outdo the bad guys!

Why run these Red vs Blue events?

Mainly because if we constantly implement the same security strategies and tactics, then eventually they will be breached and won't work anymore. By having a team actively try to hack, you can learn new methods and weaknesses and fix them before an actual hacker finds them!

Sure, Cyber Security is challenging but I would argue that those are some of the same reasons that you would want to learn it! It’s always moving fast and is very innovative which will make you think and improve your logic and problem-solving skills as well as increase your desire to learn.

This constant evolution has lead to the creation of more niche cyber security roles, such as:

• Incident Response Analyst - the first responders: be at the forefront of the battle by identifying breaches and containing them as quickly and effectively as possible.
• Risk Analyst - the tacticians: proactively perform regular assessments of the cybersecurity landscape and recommend improvements to prevent a breach from occuring in the first place.
• Penetration Tester / Ethical Hacker - the mercenaries: design, simulate, and execute attacks on enterprise networks and systems with the intent to identify vulnerabilities so that they can be addressed before a hacker utilizes them for nefarious purposes.
• Forensic Analyst - the detectives: investigate breaches by tracing digital footprints with the goal of recovering stolen data and other digital assets, and figure out how the breach happened.

You might think the demand for these roles is small, but at the time of writing, there were 601,742 jobs for these roles alone! (More on this in just a second).

Oh, and they all pay pretty well also…

What is the average salary for a job in Cyber Security?

The average salary for a Cyber Security career is around $112,974 /year, but can rise as high as $305,000 /year, depending on the role.

Currently the highest paying Cyber Security positions are leadership roles such as Cyber Security architects, but Ethical Hackers also do very well, with an average salary of $135,269 /year.

We actually teach Ethical Hacking, Penetration Testing, and a complete Cyber Security bootcamp here at ZTM!

The Top 5 reasons to learn Cyber Security

Still on the fence about learning Cyber Security? Here are the tl;dr reasons why we think you should start working in this field:

1. Cyber Security is in high demand and needed in every tech industry. Global industry size is predicted to be above $376 Billion by 2029, with a 13.4% compound growth rate, which means a lot of jobs on offer.

At the time of writing there are currently 89,901 'broad' Cyber Security Jobs on Zip Recruiter.

If we look at specific roles though, we have:

• 1,707 Ethical Hacker jobs
• 17,104 Penetration Tester jobs
• 80,557 Cyber Security Engineer jobs
• 14,841 Cyber Security Expert jobs
• 29,294 Incident Response Analyst jobs
• 148,122 Risk Analyst jobs, and
• 25,994 Forensic Analyst jobs

That's a total of 697,140 specific cyber security jobs so yeah, there's a few opportunities out there...

2. Cyber Security pays well. As we saw above, the average salary is around $112,974 /year with the potential to earn a lot more as you grow your career.
3. Cyber Security is a fun industry to work in. Oftentimes you’re having to outsmart the people who are trying to hack you. This can be in Red Vs Blue challenges or simply external hackers and their tools, which can keep you on your toes! Alternatively you can play the role of an ethical hacker and find companies weaknesses.
4. Cyber Security can challenge you. No day is the same. It can be learning new methodologies and preemptively stopping attacks or adapting to current issues.
5. Cyber Security helps you to learn about other fields, meaning you can always be learning but also pivot to other industries in the future if you wish.

What are you waiting for? Learn Cyber Security today!

Clearly Cyber Security is an exciting and important field to be part of. There are a ton of jobs, you can earn a great salary, you get to have a positive impact, and it's actually a lot of fun.

If this sounds like something you're interested in, come check out our:

• Ethical Hacking Career Path
• Or my brand new Complete Cyber Security Bootcamp!

Stay safe out there!