Our data and digital devices are more vulnerable than ever to cybercrime due to the vast amount of sensitive information stored not just digitally but on networked systems and the connected devices that make up the Internet of Things (IoT). Every new piece of digital data and new connected system represents a point of vulnerability cybercriminals can target. Nothing is off limits. In 2015, a security researcher demonstrated how a hacker could use something as seemingly benign as a smart kettle to steal Wi-Fi passwords. In 2020, the nine-month-long Sunburst hack created a backdoor in common network monitoring software that gave attackers access to Pentagon, U.S. Treasury and Department of Homeland Security networks.
People associate hacking with phishing attacks, but there are thousands of cybercriminals with knowledge and resources rivaling those of information technology companies – and hundreds of thousands of organizations without the resources to defend against them. The International Information System Security Certification Consortium – known as (ISC)² – predicts the cybersecurity workforce needs to grow by 145% to meet growing demand around the globe. The current talent shortfall amounts to approximately 4 million unfilled jobs, which doesn’t bode well for individuals, businesses and governments.
It does mean, however, that cybersecurity is a promising career path for those who have the requisite knowledge and skills plus must-have credentials, such as The University of Tulsa’s 100% online part-time M.S. in Cyber Security. Preventing and mitigating the impact of cybercrime is only going to get more important because identifying and defending against cyber attacks is only going to get more complicated. Ensuring that there is sufficient cybersecurity talent in the U.S. and globally has become a top priority across sectors and nations for reasons this article explores in detail.
What is cybersecurity?
There’s no one accepted definition of what cybersecurity is and isn’t, because cybersecurity is a broad term that encompasses the many processes and technologies used to prevent, detect and respond to attacks against digital data, devices and systems.
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) defines cybersecurity as “the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information.” CompTIA’s chief technology evangelist, James Stanger, defines cybersecurity as a discipline “focusing on protecting electronic assets – including internet, WAN and LAN resources – used to store and transmit that information.” The total scope of cybersecurity may be even broader. According to the National Initiative for Cybersecurity Careers & Studies, cybersecurity encompasses dozens of specialty areas that can be further segmented into more than 50 career roles.
In the simplest terms, cybersecurity is a technical discipline concerned with protecting the digital interests of people, households, companies, cities and nations. Its focus includes everything from phishing scams and digital identity theft to large-scale data breaches and cyber terrorism. Cybersecurity professionals work with various digital assets, systems and platforms, including financial databases, government databases, electronic health records, IoT-connected devices, power grids and public transportation systems. Because there are so many different points of vulnerability in our digital infrastructure, many professionals specialize in specific technologies or techniques after completing graduate-level cybersecurity education programs.
Some help large, medium and small businesses and organizations meet regulatory requirements related to information security or network security. Others specialize in computer forensics, penetration testing or cybersecurity risk mitigation. Still others work in homeland security, preventing cyberterrorism and foreign incursions into government computer systems. There are also cybersecurity professionals who specialize in educating people about information and systems security best practices. Human beings remain the biggest cybersecurity threat because more than 99% of cyberattacks require humans to take some action (e.g., running a program or entering a password) to work.
The breadth and depth of this field will continue to grow and the role of cybersecurity professionals will continue to evolve as hackers find new points of vulnerability to exploit. To answer the question “Why is cybersecurity important?” requires a thorough understanding of what those vulnerabilities look like and just how acutely cyber attacks affect us all.
Six reasons why cybersecurity is important
We’re all vulnerable to cybercrime
Humanity is hugely reliant on information systems and connected digital technology, and that’s problematic for several reasons. Cybersecurity Ventures predicts humans will store 200 zettabytes of data across personal devices, connected appliances, public infrastructures and data centers by 2025, and all that data represents a tempting target for thieves.
More Americans are working from home, which means more people are logging into devices remotely and using cloud storage and services. They’re also sharing – and generating – more data in the process. Each login and share is yet another point of vulnerability.
Billions of people interact with the internet each day, and 100 million new people go online daily. Many don’t know how to protect themselves or their data, or feel it’s futile even to try. Two-thirds of people polled as part of a Harris Poll survey for NortonLifeLock felt there’s no way to reliably protect one’s privacy online.
Finally, there could be 25.4 billion IoT devices in use by 2030. As more everyday devices and appliances connect to home networks and store user or customer data on the cloud, the number of potential security blind spots goes up.
Cybercrime is common
Cyberattacks are much more common in the U.S. than people realize. Studies show that the frequency of brute-force attacks alone averages out to one attempted hack every 39 seconds. According to the FBI, there are 4,000 ransomware attacks targeting businesses daily, and in 2020, there was one ransomware victim every 10 seconds. There were about 26,000 Distributed Denial of Service attacks each day in the same year, which averages out to 18 per minute. Some of these attacks are random, but many others are targeted. A staggering 87% of businesses have faced a cyberattack designed to exploit a known system vulnerability.
Globally, hackers perform billions of malicious scans, find their way into millions of sensitive digital records, blackmail organizations, target life-sustaining infrastructure and steal hundreds of thousands of dollars each day. Ginni Rometty, former chairman, president and chief executive officer of IBM, called cybercrime “the greatest threat to every profession, every industry, every company in the world.”
Cybercrime is an economic issue
The economic impact of cybercrime is immense. Cybercrime will inflict damages totaling more than $6 trillion globally by the end of 2021, up from $3 trillion in 2015. It is more expensive than the damage inflicted by natural disasters worldwide – and more profitable than the global illegal drug trade. Some sources call cybercrime the “greatest transfer of economic wealth in history” – one that could potentially kick off another major recession.
Sources predict that figure will continue to go up year by year. A single sophisticated, large-scale hack or data breach can cost an organization $13 million to detect and mitigate. Global spending on cybersecurity products and services is currently measured in billions of dollars, but many industries are still responding to yesterday’s threats because it’s tough to find professionals with the right cybersecurity education and experience. By 2025, the global shortage of data security and cybersecurity experts could cost the world more than $10 trillion annually.
Cybercrime erodes personal privacy
Cybercriminals are experts at finding new ways to steal sensitive information, and even highly technologically savvy people fall victim to their attacks. Having strong passwords is no longer all it takes to protect one’s data. Anyone who works, shops or plays online – which is nearly everyone – is vulnerable to digital strikes that take the form of viruses, phishing, worms, spyware, malware and simple fraud. Attacks are frequent and attackers unrelenting. Google has registered 2,145,013 phishing sites as of Jan. 2021. People receive dozens of malicious emails each day and many are identical to correspondence from legitimate organizations.
At the organizational level, data breaches happen frequently and affect millions. Consider that 540 million Facebook profiles and user records were exposed in 2019, 147 million Equifax records were exposed in 2017 and more than 3 billion Yahoo accounts were part of a 2013 breach that exposed names, birth dates, email addresses and passwords. As a result of such breaches, more than 14 million consumers, or 1 in 15 people, fall victim to identity fraud each year. A third of adults in the United States have experienced some form of identity theft. One in five fall victim more than once. The burden of securing sensitive personal information is technically on the individual, but there is very little people can do to ensure the organizations and services they use safeguard data shared with third-party entities.
Cybercrime is a threat to national security
According to the Department of Homeland Security, “Our daily life, economic vitality, and national security depend on a stable, safe, and resilient cyberspace.” Cybercrime is increasingly a national security issue because the ubiquity of unprotected databases and networked systems opens a door to foreign nations, terrorists and extremist groups looking to disrupt physical infrastructure, gain an economic advantage, steal state secrets and erode confidence in citizens.
President Biden has deemed cybersecurity a top priority for his administration at all levels of government, and one facet of the White House plan to defend the nation against cybercrime involves building a more robust national cybersecurity workforce. Reducing the shortage of qualified cybersecurity professionals in government is only the first step, however. As the Colonial Pipeline attack illustrated, further cybersecurity measures in the private sector will be vital to beefing up America’s digital security because there’s little to prevent enemies of the state from targeting privately owned infrastructure.
Rates of cybercrime are increasing
A 2019 Accenture study found that 68.4% of business leaders felt their organizations are more vulnerable to cybercrime, and they’re probably right. Digital technology is evolving quickly and the rapid, widespread implementation of new technologies is creating areas of vulnerability that cybercriminals eagerly exploit. Security breaches have increased by 11% since 2018 and 67% since 2014, in part because people and organizations adopt new technologies without performing thorough risk assessments.
There is now one cyberattack every 11 seconds, which is twice the 2019 rate (one attack every 19 seconds) and four times the 2016 rate (one attack every 40 seconds). For this reason, the importance of cybersecurity cannot be overstated. Everyone who uses computers and mobile devices is at the mercy of thieves and hackers.
How The University of Tulsa is bridging the cybersecurity workforce and skills gap
Bridging the cybersecurity skills gap is vitally important because every minute counts in the fight against hackers; however, the average time to even identify a breach in 2020 was 207 days. The average total lifecycle of a breach from identification to containment was a shocking 280 days – or just over nine months. The reason businesses and government agencies don’t respond more quickly isn’t that cybercriminals are getting craftier, but rather that the workforce necessary to defend against attacks just isn’t there.
According to the Global Information Security Workforce Study, the cybersecurity workforce gap will hit 1.8 million by 2022. The Washington Post reports there are more than 36,000 open public sector cybersecurity positions across all levels of government right now. The challenge is that this isn’t a field someone can enter without education or experience because enterprises, nonprofits and governments aren’t willing to entrust their sensitive data protection, digital systems security, intellectual property protection or network oversight to just anyone. They look for professionals with demonstrable skills and advanced credentials such as an M.S. in Cyber Security – particularly one from a Designated Center of Academic Excellence in Cyber Defense such as TU.
The University of Tulsa has a long-standing reputation for excellence in cybersecurity with on-campus and online programs supported by the federal government, National Security Agency, the U.S. Department of Defense, the U.S. Department of Energy, the U.S. Department of Transportation and the Defense Advanced Research Project Agency. It has been a designated Center of Academic Excellence in Cyber Defense since 2000, when it was one of the first 14 institutions awarded this distinction. Since then, TU has held and continues to hold all three National Centers of Academic Excellence in Cybersecurity designations, and the university’s cybersecurity master’s program alumni have gone on to work in leading roles in the private sector, the public sector and academia.
Choosing The University of Tulsa is one way to do your part in the fight against hackers, cybercriminals and cyberterrorists. In the university’s part-time online cybersecurity master’s program, you can earn a master’s degree in as little as 20 months while studying with industry-leading faculty, and you’ll graduate prepared to become a technical and managerial leader in the world of cybersecurity. You will also graduate with valuable connections because TU has relationships with industry-leading employers, including Amazon, Instagram, Google and cybersecurity-focused government agencies, giving you lifelong access to an array of career opportunities.
Ready to learn more about how to launch a career in cybersecurity? You’ll find answers to your questions on the Online M.S. in Cyber Security program website. Scholarships and financial aid are available. Read more about the program’s admission requirements and, when you’re ready, apply online.