“Ignore any messages from me. My Facebook account got hacked!”...
As nerds, we often roll our eyes when our school friends or older family members get ‘hacked’ after installing dodgy apps or forgetting to log out on their social media, but the thing is, cyber threats are on the rise.
In the last few years, the need for security has grown but it’s not simply door cameras or motion sensors that we need to be concerned with, it’s people stealing our online information!
Even worse, if you’re a business owner then you can be susceptible to hacks damaging your software, crashing your platforms, or stealing customer details. Heck, you can not only lose customers when this happens but be fined huge amounts of money thanks to updates in privacy laws.
In 2021 alone, Data Breaches and theft of user information rose 68% from 2020, with companies like Linkedin, T-Mobile, Facebook, and more losing billions of users' customer data!
Obviously, this growth in hacking is bad news for the general public but great news for programmers, as there’s a growing demand for Cyber Security Specialists who can help prevent attacks and secure companies, and the pay is substantial.
Before we get into that though, let’s break down some key information around Cyber Security, along with the top 5 reasons why you should learn this field today…
Let’s start nice and simple. Cyber Security is the act of protecting computer networks and systems from downtime and service disruption, information theft, data corruption, and service redirection.
Basically, the goal is to defend servers, personal and private data, electronic systems, computers, and mobile devices from malicious attacks.
Some of the branches of Cyber Security include:
In 2021 alone, 86.2% of organizations were compromised by successful cyber security attacks.
Clearly, we don’t want to lose our customers or even our own information, nor do we want our platforms or services to go down and so the demand and need for cyber security professionals in all areas of technology are on the rise.
We’ve already covered the main tech fields that you might work in as a cyber security professional, but let’s cover the main types of threats you need to be aware of…
There are a wide range of cyber security attacks that we can learn to defend, but these are the most common methods. Almost every attack or hack is some variation of these.
This involves you installing malicious code on your own device by accident, and is usually hidden as something else. This could be installing a new mobile or desktop application, but it can also be an update to something you already use with a virus piggybacking on the trusted source such as an update to an audio driver etc.
There are multiple versions of this method but almost always they require you to actually click a link or agree to install, which is why the next method exists…
Phishing is the art of pretending to be a trusted source so that you can then either install malware or give away information by accident. Think emails that are made to look like they are from your bank etc or telling you you’ve inherited millions of dollars.
We laugh at these because some of them are so glaringly fake, but there are also a number of these that slip through the cracks, usually because it looks like it’s actually from a legit source.
(Spoofing is where they either replicate a trusted source, or they hack that source and insert a malicious link inside of their assets or communications.)
Sometimes though, it’s as simple as doing a bait and switch and making you click on the wrong thing aka ‘Clickjacking’. This is where a pop up will overlay on something you want to click on, but you end up clicking on the virus or malware by accident and installing it.
As a rule of thumb, always double check the source, especially when mousing over something.
An SQL or Sequel injection attack refers to a specific attack on databases that are built on SQL.
If these databases are not updated they can become victim to code injection hacks where the hacker can either use malicious code to gain entry and steal user data such as addresses, passwords, or credit cards on file.
Sometimes they can even use this to manipulate flaws in SQL databases or find source code access.
Similar to an SQL attack but with a different goal. In an SQL attack, the main goal is to usually hack the main database or site so that they can steal the user's or customers data.
In a cross-site attack, they attack the site using an SQL injection method as before, but rather than attacking the site and making the owner aware of it, they instead piggyback and use that trusted site to help install malicious code directly onto its users' web browsers.
The user visits the site or database and is then hacked, allowing the attacker to either access other information on the user's browser and computer, or they can simply keylog and track the information users type into their device such as passwords, etc.
An example of this is when a keylogging software managed to get onto the global space station. One of the astronauts had been hacked by a code designed to steal their World of Warcraft account, and then the Trojan code was added to multiple laptops.
Often referred to as a DoS or DDoS attack, the goal of a Distributed Denial of Service attack is to spam a site or server with so much traffic that it can’t handle it and the service stops working.
This can be to take down a specific site or even a range of sites across a network of servers.
Cloudflare is a service that helps provide SSL certificates and more to help improve website user experiences. They offer a range of services but one of the main ones is hosting copies of sites on servers that are located closer to users so that they load fast and reduce downtime.
This means that a LOT of sites are hosted with them, and in June of 2022, they were on the receiving end of the largest DDoS attack in the web’s history, with 26 Million requests per second flooding their servers!
When you’re on the internet and accessing a web page or app, there are numerous requests sent back and forth between your computer and the hosting site.
A man-in-the-middle attack manages to hijack the interaction between your computer and the host site, pretending to be you and allowing it to access secure information. This is just another example of how a hacker may use a Cross-Site scripting attack.
Ever use the same passwords for multiple sites?
Well, hackers know this, and they will often hack one secure location and then use the information on file to see if they can access other sites with the password that you have saved there…
Sometimes a hacker or hacking program will use a tool to attempt to hack into a site by attempting all variations of passwords, PINs, or login methods.
Imagine if a hacker has your card details, then the 3-digit security code can be easy enough to find with enough time and attempts.
So now you know most of the threats to your cyber security, you’re probably wondering how to actually stop them right?
I’ll be honest, learning cyber security can be challenging but in a good way. The field is constantly evolving as new code, languages, hacks, and programs are developed. This means you’re constantly having to learn and staying on top of the game. This can be fun if you like to learn or enjoy competition as you’ll never stagnate or get bored.
Not only do you need to learn your field, but you’ll also have to get a good grounding in other fields and languages. In general, a security expert should have a good knowledge of Networking, Operating Systems, and basic Programming knowledge in possibly multiple languages.
Why learn all this?
Well, it’s hard to protect your assets if you don’t fully comprehend how they work and where their weaknesses are, and so you’re often having to put yourself in the shoes of the hacker and try to figure out how they might do the job. It’s like they say in crime dramas, “The best detectives would make the best criminals, because they have to think like them!”
There are multiple fields of cyber security but you can actually perform this type of security as a speciality.
You can either do this as a service on your own, or even as an event known as ‘Red Teaming”.
Companies will hire a ‘Red team’ to hack or disrupt their site, app, database or platform, while their own employees will act as the ‘Blue team’, on guard and trying to respond to these attacks live.
Pretty cool right?
It’s like a computer game where you are trying to secure a fortress and all its gates from any unauthorized entrances. The goal is to outsmart and outdo the bad guys!
Why run these Red vs Blue events?
Mainly because if we constantly implement the same security strategies and tactics, then eventually they will be breached and won't work anymore. By having a team actively try to hack, you can learn new methods and weaknesses and fix them before an actual hacker finds them!
Sure, Cyber Security is challenging but I would argue that those are some of the same reasons that you would want to learn it! It’s always moving fast and is very innovative which will make you think and improve your logic and problem-solving skills as well as increase your desire to learn.
This constant evolution has lead to the creation of more niche cyber security roles, such as:
You might think the demand for these roles is small, but at the time of writing, there were 601,742 jobs for these roles alone! (More on this in just a second).
Oh, and they all pay pretty well also…
The average salary for a Cyber Security career is around $112,974 /year, but can rise as high as $305,000 /year, depending on the role.
Currently the highest paying Cyber Security positions are leadership roles such as Cyber Security architects, but Ethical Hackers also do very well, with an average salary of $135,269 /year.
Still on the fence about learning Cyber Security? Here are the tl;dr reasons why we think you should start working in this field:
At the time of writing there are currently 89,901 'broad' Cyber Security Jobs on Zip Recruiter.
If we look at specific roles though, we have:
That's a total of 697,140 specific cyber security jobs so yeah, there's a few opportunities out there...
Clearly Cyber Security is an exciting and important field to be part of. There are a ton of jobs, you can earn a great salary, you get to have a positive impact, and it's actually a lot of fun.
If this sounds like something you're interested in, come check out our:
Stay safe out there!