Cybersecurity is a huge buzzword floating around these days. When Forbes calls it a “booming industry in 2020”, then there has to be something to it, right? But what does it actually mean for you? Can I get into cybersecurity with no experience?
First, let’s look at the job market.
Cyberseek.org is a joint initiative of government organizations, nonprofits and data providers that aggregates cybersecurity jobs nationwide, and lists what most employers are asking for to qualify for them.
As of right now, there are over 500,000 jobs in the United States that need to be filled in cybersecurity. Global Information Security Workforce Study from the Center for Cyber Safety and Education predicts a shortfall of 1.8 million cybersecurity workers by 2022.
This industry is in desperate need of cybersecurity professionals, but almost every company won’t risk hiring someone that hasn’t proven they know how to do cybersecurity.
So what does that mean for you?
Is Cybersecurity Right for Me?
Not everyone is a good fit for cybersecurity. It takes people that are good with puzzles, that enjoy the process of making things work when they don’t. The fixers and thinkers: people that enjoy understanding complicated rules to games.
Of course, there is always a need for people that have managerial skills. Businesses will always want certain skills that any organization finds useful, such as project management and teamwork/collaboration. For any role at any level in cybersecurity, however, there still needs to be a high level of technical knowledge.
Here are some signs that you might be a good fit for cybersecurity: you are the IT support in your family, you have experience building computers, or you generally find working on computers and applications enjoyable.
If one of the above doesn’t describe you don’t get discouraged, because many fields, like mechanics, brewers, teachers, electricians, and maintenance workers are rushing to backfill the 500,000 job openings in cybersecurity. All of these fields have the same theme, they are skilled in troubleshooting or problem-solving.
Who makes a good cybersecurity pro?
Everything in cybersecurity builds off of networking principles. Networking administrators and system admins are natural fits for cybersecurity—they probably dip into security in their job every so often already.
Anyone in IT support is also a prime candidate. The troubleshooting and problem-solving skills used in IT support are exactly what a cybersecurity professional needs to be successful. However, it can take longer to gain the necessary certifications to get into cybersecurity. But don’t be discouraged, it’s just a few extra steps for you.
What if I don’t have experience?
The best part about cybersecurity and IT? It’s a trade. You don’t need a formal education to get hired, you only need to demonstrate that you have the skills to complete the job! For example, mechanics and brewers make great IT professionals.
Especially in cybersecurity, employers won’t trust people with their highly sensitive information without some sort of validation of skills. As a consumer, you probably don’t want that either. Therefore, they require proof of skills, not just completion of courses or a degree.
How can I prove my skills in IT?
So you have what it takes to do cybersecurity and actually enjoy it, congratulations! Now, how do you prove that to employers? The standard practice in IT is to get certifications proving their skills. Even people that have graduated with a degree in IT/cybersecurity/computer science still need to get certified.
Read More: Top 10 Best Cybersecurity Certifications
IT professionals looking to validate their skills should always look into CompTIA, an independent tech professional organization that has world-renowned certifications. Almost every employer on the job market considers CompTIA certifications valuable.
Why are CompTIA certifications so valuable?
Each of the tests is vendor-neutral, meaning it is general knowledge and not dependent on any specific system. They show you have ALL of the knowledge needed for that specific job.
Another reason everyone respects the certifications so much is that the tests are quite difficult. Most of the tests have a 50% pass-fail rate. Many working IT professionals try to take the test by self-studying and end up missing the bar because they aren’t prepared for the test itself.
Free resources for those just getting started
A great tool for those determining if cybersecurity is a good career move for them is Cybrary. They have a variety of intro courses for free that can help you understand what the best path for you will be.
CompTIA also has great articles for people just starting out on the path to cybersecurity. If you are dead-set on self-study, Professor Messer—an icon in the field—can help you achieve a solid understanding of the material. However, it doesn’t prepare you for the test itself, and many people have paid to retake the exam because they went in unprepared.
How can I take my first step?
Now you have a gameplan. The first step is to get yourself educated and prepared for the certification exams. Many people fall victim to analysis paralysis, spending 1 – 2 years preparing for the first exam.
1) Self-study: as previously discussed, self-study is always an option. It’s the most cost effective but lacks the accountability of other pathways to getting certified.
2) Bootcamps: Generally 10 – 24 weeks spending 8 hours in a classroom a day. Those will run you $10,000 – $20,000 and that usually does not cover the costs to take the certification exams that employers require. Bootcamps can be good training grounds, but you don’t know what you’re going to get, and neither do employers. They are not specific to a standard certification that employers can trust and there often is no employment assistance.
3) Four-year Degree: A university will run you $20,000 – $40,000 per year on average, and that doesn’t even take into account the amount of time you need to spend completing a degree or the income lost by not getting to work. And, in the end, you still need to get certified.
4) Covered 6 Academy: we take a holistic approach. We cut the overhead costs associated with colleges or bootcamps and our program is specifically designed to get you the credentials that most employers are asking for. C6A is CompTIA certified and every course is designed to not only help you pass the test but also get placed in your career immediately. We move you from “Point A” to “Point B,” quickly and effectively and our self-paced curriculum is designed to fit around busy schedules.
If anything, schedule a free consultation with one of our career advisors. They can talk you through your different career options and see if you are healthy enough for cybersecurity. Ask your career advisor if cybersecurity can fit into a healthy work/life balance.
The cybersecurity industry is exploding right now because there is such an urgent need to protect people’s privacy, their personal security, business’s data and operations, and even national infrastructure. It’s really not hyperbole at all to say that “cyber is the new frontier for criminals.”
If you do a simple search for “cyber security breach” you will get an endless stream of headlines:
Obviously, this is a massive and terrifying problem that needs to be solved. The good thing is that business and the government are on RED ALERT to solve it.
What that means for you is that there are literally hundreds of thousands of well-paying positions available to be filled by people who have the right qualifications.
Top 10: Where do I Start?
OSCP, CEH, CISSP, CISM…….OH MY! These seemingly random combinations of letters represent some of the top cybersecurity certifications. Most IT professionals know just how important they are to validate your skills and make yourself stand out to employers. But with so many certifications to choose from, there is a haze surrounding the best path into cybersecurity. Let’s clear that up!
So you know where you want to go: cybersecurity. Great goal, now how do you get there from where you are? Depending on what you do currently, you will need to start at different places.
For every other IT professional that wants to make the move into security, here is the most effective way to get you there.
If you are still debating cybersecurity as a profession, find out for yourself: Is Cybersecurity Right for Me?
Step 1A: CompTIA A+ (Fundamentals)
If you want to get into cybersecurity but don’t have any IT experience, you need to start with your CompTIA A+ certification. This will give you all fundamentals for any career in IT, and will ensure that you don’t try to jump ahead and leave any glaring knowledge gaps.
Step 1B: CompTIA Network+
A lot of people try to skip over this one because it “isn’t what they are trying to do” and “they don’t need it for cybersecurity.” Well, let me be the first to clear this up: Security is founded on networking principles. Even people that already work within networking should take this to make sure there aren’t any knowledge gaps.
If you don’t have a firm grasp of the fundamentals, you are at a huge disadvantage when learning the more advanced material. Do yourself a favor, don’t skip network day…
Step 2: CompTIA Security+
No matter what, the best first security certification is the CompTIA Security+ certification. It builds out ALL of the core knowledge necessary for any cybersecurity job and is a great place to start when moving down any path in cybersecurity.
Sec+ is also an authorized certification for the US Department of Defense as a vendor-neutral credential in compliance with DoD-Directive 8140/8570 (which is just the compliance policy that all users of a DoD Information System need). If it’s good enough for government work—which is actually pretty intense when it comes to security—it’s good enough for you and most employers.
Step ???
After Sec+, you have what it takes to step into almost any entry-level role in cybersecurity! Your career paths will really open up for you after this. Depending on which direction you want to go (attack, defense, investigation/audit), there are several different routes you can take from here.
The best way to find out what you enjoy is to try several different tasks in different domains, because different people are better suited for a variety of roles. If you enjoy networking and troubleshooting, going the defense route might suit you best. The attack route might intrigue those that enjoy programming and using your creativity in tech. People that are more logical and process-driven are generally attracted to the post-breach investigation side of cybersecurity.
Attack Route
CEH: Certified Ethical Hacker
The CEH is directed towards those aiming for the position of “White Hat Hacker”. This is now entering the realm of intermediate certifications. CEH will teach you the tactics, techniques, and tools that malicious hackers use when attacking a system, which allows you to harden your systems and address vulnerabilities.
If you want to get this certification, you must have at least 2 years of experience working in the information security field. However, there are official courses available for anyone who wants to skip that requirement. Either way, this is a supplement to the fundamentals and shouldn’t be considered for your first certification.
OSCP: Offensive Security Certified Professional
This is the Navy Seals boot camp of certifications. It is the most recognized certification focused on penetration testing. It is issued by the Offensive Security organization, and they consider it their foundational pen tester certification. Once you complete the PWK (Penetration Testing With Kali Linux) course, you have to take a 24-hour exam.
“The 24-hour exam is a hands-on penetration test in our isolated VPN network. You’ll receive the instructions for an isolated network for which you have no prior knowledge or exposure. Earn points for each compromised host, based on their difficulty and level of access obtained.” – OSCP course description
Defense Route
SSCP: (ISC) 2 Systems Security Certified Practitioner
This is more hands on with the technical skills and practical knowledge of information security. It covers a wide range of topics from the perspective of defense, including access control, network and systems security, cryptography, and even risk identification and incident response.
Candidates also must have one or more years of experience dealing with one of those skills to qualify for the certification. You can also qualify with a degree in cybersecurity (BS or MS). You are still able to take the test without the proper experience, but you have to wait to fill the requirements before getting the actual certifications.
The SSCP is often compared to the CISSP (see below), but is specifically geared towards professionals in more technical roles. It dives into the nitty gritty of the day to day skills, whereas the CISSP is geared towards more managerial positions.
CISSP: Certified Information Systems Security Professional
This is a vendor-independent certification that is one of the most sought after certifications in cybersecurity. It requires a minimum five years experience within the industry, and once completed, it is one of the best assets you can have. The CISSP is one of the highest level certifications you can achieve. It is designed to show not only can you do the job, but you can lead and manage security teams. All security pros should want to get this certification.
Every single tech recruiter is looking for a candidate with a CISSP certification, and it leads into roles such as Security Director, CIO, and IT manager. You also have to get endorsed by an ISC2 professional within nine months of passing the exam.
CISM: Certified Information Security Manager
This certification is created by the Information Systems Audit and Control Association, an organization specifically created for IT auditing. The CISM requires a minimum of five years industry experience. While it focuses on information security, the CISM is built for IT professionals that want to lead.
The CISM is very similar to the CISSP because both are focused around leadership within cybersecurity. The difference is that CISSP focuses more on the functional, operational side, while the CISM is geared more towards the strategic aspect of cybersecurity where it relates to business goals. Even though this is much further down the road, if you want to take your technical skills to the executive level, this is the certification for you.
Investigate/Audit Route
CISA: Certified Information Systems Auditor
From the same people that brought you the CISM, we have the CISA, which is somewhat similar but still distinctly different. This is a bit more of a specialty certification for auditing, control, and security. Candidates must have a minimum of five years experience specifically in information systems auditing, control, or security.
This is a great certification for a very specific type of cybersecurity (IT Auditor). If you aren’t an IT auditor or interested in becoming one, you will most likely never come across this certification. It becomes extremely important if you start working as an independent cybersecurity contractor doing work on other company’s information systems.
CICP: Cyber Investigation Certification Program
This is the only certification that has to do with cyber investigations, created by the FBI and the International Association of Chiefs of Police. It is a four-part course designed to teach law enforcement how to investigate a crime with digital artifacts, addressing digital harassment, online fraud, child enticement, and identity theft.
It is only available to law enforcement officers that have an active login with the FBI LEED portal and it is free to take. Unless you are actively in law enforcement, you don’t need this.
CFE: Certified Fraud Examiner
If you are more interested in cyber fraud, the CFE is the certification that is widely recognized for accountants, auditors, and financial investigators. It requires a bachelor’s degree and two years of experience in the field. This certification makes you invaluable in the eyes of most companies dealing with financial risk but only if you are interested in cybercrime investigations.
This certification focuses almost exclusively on fraud. It accepts candidates from many different professions, as long as they relate to fraud in some way. It covers fraud prevention and deterrence, financial transactions, fraud schemes, investigation, and law. According to the Association of Certified Fraud Examiners, companies that employ CFEs uncover fraud 50% sooner!
CIA: Certified Internal Auditor
This is one of the most common certifications for accountants and auditors. Unlike the CFE, only one section focuses on fraud, and it does not necessarily qualify you to investigate fraud. It mostly covers auditing, business analysis, information technology, and business management skills.
This certification is for a specific type of person. It might not be you, but who knows? Perhaps running internal audits is your true calling!
Have you caught the cybersecurity bug yet?
If you made it all the way through 10 cybersecurity certifications, then you are probably interested in earning one or all of these. At the very least, its worth talking to a career advisor about what your next best step is. Click below and let us know what you are interested in talking about!
We know size isn’t everything… Despite that fact, the sheer scope of these breaches is absolutely worth marveling at! Furthermore, each of them offers valuable insight into some of the potential risk areas that all companies need to be aware of at any size.
10. Heartland Payment Systems
2008
100 million users affected
This breach was one of the largest of its time, and it revealed the credit card information of a huge swath of users. The company responded to this breach by not only increasing the security of their payment processing system but also introducing a breach warranty for all users. The warranty essentially guaranteed that merchants will receive a reimbursement for any costs that occurred due to future breaches involving Hearltand’s credit card payment system. Not a bad guarantee for users, but it may not have been the best decision for Hearltand given that it suffered an additional breach in 2015. As far as cybersecurity is concerned, it definitely pays to protect.
9. Capital One
2019
106 million users affected
Anytime a major banking institution reveals a breach, it’s always a cause for concern. Most users are on higher alert for cybersecurity attacks when it comes to their banking information because it’s such a prime target for identity fraud or theft.
What’s particularly interesting about this breach is that the company accused a particular person of the attack, a former employee of Amazon Web Services, the cloud hosting company Capital One used at the time. The attacker gained access to the information by “exploiting a misconfigured web application firewall,” according to their court filing. Though the company claimed to have fixed the vulnerability, this is definitely a lesson that hiring the right people in every department is critical when it comes to cybersecurity.
8. Equifax
2017
143 million users affected
The Equifax breach is particularly nerve-wracking due to the personal nature of the exposed data such as Social Security numbers, birth dates, and even (in some cases) driver’s license numbers. Though there weren’t significant reports of unauthorized activity on their core databases, it was still recommended that users take appropriate action such as staying up to date from potential updates from the company on the next steps. Being aware that a breach may affect you is good to keep in mind as you may need to be on the lookout for critical communications.
7. Myspace
Unknown
360 million users affected
You may think this out-of-date social media platform wouldn’t be on anyone’s minds by 2016. And, well, you’d be half right. This breach was made public by Time Inc. (the company that had purchased Myspace) in 2016, and the company quickly invalidated the passwords that were exposed as soon as they realized. Though the records exposed could go back for years, so, as always, don’t forget to use a wide variety of passwords for your accounts! You never know what may have been exposed somewhere else, even if you haven’t logged on in years.
6. Friend Finder
2016
412 million users affected
You may have read our previous coverage of this particular breach as an example of how personal cyber-attacks often can feel. Not only is this attack significant in numbers alone (412 million accounts is a lot to be exposed!) but it’s also extra sensitive due to the nature of Friend Finder.
Friend Finder is an adult-oriented brand aimed at helping users find partners for casual sex. The data exposed stretched back 20 years and included names, emails, user activity information, and passwords. But whether or not any “sensitive” information may have been revealed, the nature of the site itself could cause any users to blush at the thought of being exposed as a user in the first place.
5. Marriott
2018
500 million users affected
This breach allowed hackers access to Marriott’s online reservation systems for a variety of their hotel chains for over four years. The breached data included a wide variety of sensitive information, like names, addresses, phone numbers, payment information, and (even worse) travel information such as locations and passport numbers. The sensitive nature of the data disclosed underscores and the length of time it was available underscores two consistent concerns in the cybersecurity industry: data and timing.
4. Yahoo
2014
500 million users affected
Believe it or not, this breach is not the last time you’ll be seeing Yahoo on this list. In fact, this 2014 Yahoo data breach was announced as a mere after-shock of sorts to a much larger data breach that occurred in 2013. But more on that later… Suffice to say, this second data breach was no small potatoes either.
This breach was announced mere months after they blamed “state-sponsored” hackers on their previous, significant breach. This secondary breach was announced in the middle of Yahoo being acquired by Verizon and it seems to have significantly impacted the final purchasing price. Moreso, this degree of this issue and the gap between when it occurred and when it was reported (2017), underscore one of the greatest challenges in the cybersecurity industry: most companies don’t realize they’ve been hacked until well after it’s already happened.
3. Facebook
2018
540 million records exposed
This breach impacted 50 million users, and it occurred at a time when Facebook was already under fire for its handling of user data. The breach allowed attackers to gain access to roughly 50 million accounts, which not only gave them access to countless user data but it also allowed them to act on behalf of the user and access any number of apps connected to Facebook such as Instagram and Spotify.
2. First American Financial Corporation
2019
885 million records impacted
In 2019, it was revealed that First American’s website had leaked hundreds of millions of important records—885 million, to be exact. These records included bank accounts numbers, tax and mortgage records, Social Security numbers, receipts, and even photos of people’s driver’s licenses! At the time of the leak, anyone with access to the internet and a Web browser could have access to these critical documents.
This isn’t a typical breach in that it wasn’t enacted by nefarious actors, it was actually the fault of First American themselves due to a lack of security measures. The company only found out about it when KrebsOnSecurity notified them after a real estate developer revealed that “anyone who knew the URL for a valid document at the Web site could view other documents just by modifying a single digit in the link.” This is a key example of how cybersecurity is something that needs to be considered at every step of a company’s process.
1. Yahoo
2013
3 billion users affected
This was the first of the two significant Yahoo data breaches and is, of course, notably larger. The second breach was an unfortunate dessert to an already significant main course. This breach affected literally every single Yahoo account at the time and compromised their names, email addresses, phone numbers, and birthdays. Although the breach occurred in 2013, it wasn’t discovered and announced until September 2016.
Initially, the breach was announced as impacting 1 billion accounts but in 2017 Yahoo revised that estimate to cover all 3 billion of them. Since then, this has been known as the biggest data breach in history.
In our recent article, 10 Basic Cybersecurity Terms That Everyone Online Should Know, we defined malware as, “A type of software that does harm to computers usually at the service of cybercriminals, some examples include trojans, ransomware, or viruses.” Essentially, it’s “the bad guy” of cybersecurity.
That said, there are a lot of different types of malware that operate completely differently from one another and represent varying degrees of risk for everyday users, businesses, and governments alike. But don’t get too overwhelmed! At Covered 6 Cademy, we believe that everyone deserves to have the information they need to start practicing cybersecurity in their everyday lives, so we wanted to do a deeper dive into the various types of malware and how they work.
1. Virus
Virus is probably a word you hear thrown around a lot when people are discussing cybersecurity risk. Many everyday users use the word virus interchangeably with malware when, in fact, they’re quite different things. Virus is a type of malware, but it’s not simply a “sick” file by any means. Today, viruses comprise only 10% of all malware. And for that, we should all be thankful!
Viruses are a particularly pernicious form of malware that do, actually, mirror the behavior of biological viruses that we’re all so familiar with. What that means is that a computer virus attaches itself to a host file—in other words, infecting it. Once you execute that file once, it activates the virus. From there, viruses use the functioning of existing applications to spread themselves. As the virus spreads more and more files or users are caught up in its infectious encroachment.
Unlike a biological virus like the common cold, computer viruses don’t merely run their course. It’s extremely difficult to get rid of a true virus. In most cases, the infected file is simply quarantined or deleted. That stubbornness is why true viruses can be so damaged! And also why we’re glad most malware aren’t technically viruses—despite the fact that most people may call them that.
2. Spyware
Spyware is exactly what it sounds like: a type of malware that is used to secretly spy on user activity. Although it’s one of the most common types of malware, it can also be incredibly difficult to detect given its clandestine nature. Once it’s installed on a device, spyware can monitor online activity, and its goal is typically to obtain sensitive content such as credit card numbers, bank account information, and passwords. The biggest indicator that a device has been infected is a significant reduction in performance, data usage, and battery life on the device in question.
3. Ransomware
You may be noticing some common naming conventions here… Much like spyware, ransomware is exactly what it sounds like, too! It’s a form of malware that works like a real-life ransom. Ransomware locks away certain files—essentially holding them hostage. Usually, this means encrypting the files and then demanding a ransom be paid to recover or decrypt them.
Some forms of ransomware may even pretend to be a government or law enforcement agency shutting down the files or device for seemingly legitimate reasons like pirated software or porn. So whether or not you actually have any such content on your device—no judgment!—be wary if you ever get any errors like that.
4. Rootkit
Now we’re getting into new territory here. You may not have heard of a rootkit before, but you probably have heard of the concept behind then. A rootkit is a form of malware that takes remote control of an infiltrated device. Basically, it could allow a hacker to do whatever they want on your device from anywhere in the world. Sort of like when you’re on the phone with tech support and you allow them to take over your computer to troubleshoot for you… Only this is way less helpful and without the consent.
In fact, rootkits can be especially damaging since they are extremely difficult to detect. Because rootkits can take complete control of an infected device they have the ability to turn off or hijack security software that may otherwise protect your device or, at least, alert you of the presence of malware.
5. Trojan Horse
This form of malware famously takes its name from Homer’s The Odyssey. The story goes that Greek soldiers infiltrated Troy by hiding in a giant horse—passing it off as an offering to the gods. Much like this titular ploy, a Trojan is a type of malware made to look like unassuming, legitimate software. The only difference is that once it’s installed it starts performing the nefarious actions it’s actually designed to do.
6. Worm
A worm is completely unique in its ability to reproduce or spread completely autonomously. Most forms of malware are triggered by user action or other outside forces. Worms, however, actually have the ability to transfer and copy themselves from device to device without a host file or hijacking a single device’s code.
7. Fileless Malware
Fileless malware is a particularly sneaky form of malware that utilizes genuine software to secretly infect a device. This is another type of malware that is very difficult to detect. Often, typical antivirus software can’t catch fileless malware. Almost all malware requires a user to download a particular file or execute a program, but fileless malware is completely different.
Fileless malware hops along on your device’s memory—where short-term data is temporarily stored—executing various malicious activities while legitimate programs run normally. Because it’s never technically stored, it leaves no footprint, making it almost impossible to recognize. Additionally, because users don’t have to save or download a file to become infected by fileless malware, it’s hard to be accurately aware of your risk of infection let alone trace it back to the source
8. Hybrids
Hybrid malware is a type of malware that combines two or more of the above forms. According to Infosec, the most common combinations are a “Trojan horse or worm with adware or malware attached.”
Because hybrids are simply new combinations of existing malware, many cybersecurity experts are able to defend against them simply by combining different types of protection from the original malware types. However, if they go undetected hybrids can pose a grave risk for infected devices. This is due to their ability to take the “best” functions (best for cyber attackers at least…!) of two different types of malware and use them together in a uniquely powerful combination.
9. Malvertising
Often mixed up with adware, malvertising isn’t technically its own form of malware. Rather, it’s a technique commonly used to distribute malware to unsuspecting users. However, we wanted to draw attention to is on this list as it is one of the most insidious types of cyberattacks.
Malvertising refers to a cyber-attack technique where cybercriminals buy legitimate ad space on otherwise trustworthy sites, but hide malicious code in the ads or redirect users to harmful websites. Malvertising can deploy any type of malware, so you never know what you might get.
The global gaming market is estimated to be worth $256.97 billion by 2025 and, right now, there are more than 2.5 million gamers across the world. With a target that big, it’s no wonder that cybercriminals are so enticed. At C6A, we talk a lot about everyday security risks for users, at work, on your home laptop, and even on your phone wherever you take it with you. But even your leisure activities could be impacted by a cyber attack; your gaming consoles are just as vulnerable as all your other devices.
Think about it, you’re still putting in passwords, payment information, location information, and more just by logging in and buying or playing a game online. Of course, video games weren’t originally dependent on being attached to a network, but now most systems and games definitely are. As online gaming continues to rise in popularity, it’s about time we focus on this significant sector in the cybersecurity world: the gaming industry.
The Gaming Landscape for Cybercriminals
Barely two weeks ago, CapCom revealed that its personal data breach impacted almost 400,000 of its users. In the scope of large data breaches, that may not seem like much. However, the event is a concerning sign that as gaming continues to be a massive source of entertainment for all sorts of people across the globe, those accounts, consoles, and software are also vulnerabilities.
Boris Cipot, a senior sales engineer for Synopsys, says that because gamer accounts often include player payment information it makes them an attractive target for criminal interference: “The gaming industry is a common target for attacks, be it data theft or ransomware attacks,” Cipot says. “An interesting observation within the gaming industry is that player accounts are often high-value assets due to in-app purchases, or rewards from leveling up. In other words, gaming accounts are often seen as items for sale — at least accounts owned by adults spending money.”
Even seemingly “innocent” games are not safe from interference. Around the same time as the recent CapCom breach, it was revealed that Animal Jam—a popular educational kids game for children—had also been hacked. This discovery was made not through finding the breach internally but rather when 7 million records just happened to “turn up” on an underground forum used by malicious agents to buy and sell stolen data. The breach itself was later found to be due to a vendor server being compromised, though Animal Jam would not release the name of the vendor in question.
WildWorks, the parent company of Animal Jam, has been lauded in tech and cybersecurity communities as taking a refreshingly transparent approach to the breach—helping their customers feel reassured of their security and taking actions necessary to lessen the impact of the cyberattack. Thankfully, no information about the children’s names was released and only 0.02% of the data was related to personal address or payment information.
However, this event should definitely raise some red flags for gamers. When it comes to cyberattacks, anyone is fair game, even a children’s game. Thankfully, companies like CapCom and WildWorks are hard at working hiring cybersecurity professionals that can better root out potential vulnerabilities and stop these breaches from occurring before their user’s data ends up for sale to the highest bidder.
What Gamers Have Got To Know
With larger breaches, like the CapCom and WildWorks examples above, we have to trust in the cybersecurity and integrity of these companies to take care of their users in the case of a breach. That said, there are absolutely some methods that can help gamers feel more secure in their online gaming experience.
Cyberattacks on gamers often go one of a few ways. Occasionally, a hacker will personal ransom a user’s account in exchange for payment. This is especially true for games like World of Warcraft where players spend tons of time and money upgrading their character. You can understand why someone might want back access to that at all costs! Other cyberattackers may be more interested in phishing for your payment information (or your password in order to access your payment information). Then there’s always the chance of an attacker trying to get gamers to download potential malware as well.
Suffice to say, there’s plenty of ways to go wrong but just as many ways to protect yourself! The first step is being prepared. The second step is to stop using the same password for all of your accounts! Yes, that genuinely can make a huge difference to your cybersecurity—whether or not you’re a gamer. According to Avast, “55% of gamers reuse passwords across accounts; and the average gamer has experienced almost five cyberattacks.”
The next best thing for a cybersecurity-conscious PC gamer to do is to install anti-virus software. Although some gamers are reluctant to download an application that might slow down their computer’s performance while gaming, there are plenty of options that specifically have a “game mode” that will allow you to keep your computer safe without negatively impacting your playing experience. Performance shouldn’t have to suffer for the sake of cybersecurity!
Above all else, being aware of your cybersecurity risk as a gamer is the most important step of all, so you’re well on your way to a safe and secure gaming experience just by reading this article!
Cybersecurity has been a hot topic for years in the business and political world, but a lot of people still aren’t taking it as seriously as they should be. Even the biggest, most technologically advanced companies in the world can fall victim to cyber attacks! So it’s important for everyone to remain vigilant. That said, it’s hard to protect yourself from something you don’t know a lot about. We’ve already written up some of our favorite cybersecurity tips for everyday users, but we also want to make sure that you have some foundational knowledge as well.
Understanding the foundations of cybersecurity starts with the language. But don’t get too intimidated! You may be surprised to find that you’ve already heard some of these words before and didn’t even realize they could be cybersecurity terms. And if these are all new to you, don’t fret, it’s never too late to learn more about your devices and increase your cybersecurity! Let get started.
1. Software
A program or group of programs designed to make a computer complete an action or perform a function. For example, Microsoft Office or even Spotify!
2. Hardware
In the context of computers, hardware refers to the physical components like your monitor, the keyboard, or your phone itself.
3. Malware “the bad guy”
A type of software that does harm to computers usually at the service of cybercriminals, some examples include trojans, ransomware, or viruses.
4. Domain
A group of computers, printers, and/or devices that connected and governed as a whole. For example, all of the laptops and/or other devices at your job are likely in the same domain.
5. Virtual Private Network (VPN)
A digital tool that masks a user’s location and encrypts their traffic while browsing the internet—essentially allowing someone to remain anonymous online.
6. IP Address
Think of your IP address as your digital home address, it essentially identifies your computer when it connects to a network like a stamp that you were there.
7. Breach
This refers to the act of or moment when a cyber attacker (or hacker) gains access to files and network by exploiting a vulnerability in a device, essentially a digital break-in.
8. Firewall
A digital defense mechanism, that can be either hardware or software-based, meant to keep cyber attacks out.
9. Bot
A type of software that performs certain tasks on command that could allow an attacker to remotely control an affected computer.
10. Encryption
The operation of encoding data to ensure that is only accessible via a specific key and therefore preventing cyber attackers access to it.
Although most people may not think about cybersecurity too much in their day-to-day, it continues to play an increasingly important role in all of our lives. The nature of technology is ever-changing, and from the start, it’s required a lot of human maintenance. Now that technology has become so crucial—personally, professionally, and governmentally—we’re going to need a lot more people to cover our bases.
Think of it this way, how many security professionals do you see or interact with in your everyday life—just walking around? Security guards, military personnel, police officers, private security…the list could go on. Suffice to say, even without technology in the mix we still need our fair share of in-person protection. Just walking around a mall (COVID permitting) you could come across hundreds of these people all within one building.
Consider how infinite the internet is, as opposed to just that one mall. (Note, the internet is technically finite but conceptually it is so enormous as to render it infinite in effect). How many security guards manning the storefronts do we need? Police officers maintaining the perimeter? Private security keeping a close eye on valuable targets? Now imagine how many of those security professionals would be needed to keep a mall as huge as the internet safe. With such a massive amount of data, activities, and people interacting online every single day, it’s startling to think that we don’t need even more cybersecurity professionals!
3.5 Million Job Openings Globally
In 2014, cybersecurity job demand was already at an all-time high with one million openings at the time of reporting. For context, that’s about the entire population of Montana. So even if every single Montanian in 2014 decided to become a cybersecurity expert, we’d only just have been able to fulfill that need. Now, seven years later, we need more than triple that amount. And that need is only going to keep growing.
What does that mean for the current companies trying to protect our data, privacy, and national security? It means longer hours, more responsibilities, and less time for innovation since every one worker is trying to push to do four times their responsibility level.
0% Unemployment
High demand and low unemployment go hand in hand, so it should come as no surprise that cybersecurity also has a 0% unemployment rate given all those job openings. Both in private business and in national defense, cybersecurity professionals are a hot commodity given the ongoing skills gap issue.
The skills gap and the 0% unemployment rating are intimately related in that the biggest barrier to entry of cybersecurity are the certifications—which we can train you for. But once a potential employee has the certifications, they’re suddenly eligible for those 3.5 million job openings! From there, the 0% unemployment rate means that getting hired is as close to a sure thing as you can get!
What does the future hold for cybersecurity?
Although these numbers may appear worrying—especially when considering the growing demand for cybersecurity—there’s hope! Businesses and governments alike are both on high alert to protect their assets and citizens, respectively. Although this demand does mean that those cybersecurity works may be under a bit of extra stress, reinforcements are coming.
It’s never been easier for anyone to become a cybersecurity professional! whether or not they have a background in IT or even a college degree of any sort! Part of what drives us at C6A is knowing that we’re preparing the next generation of workers who will be protecting people everywhere. We know that the demand for cybersecurity is high, and it’s only going to keep getting higher. That’s why we’re hard at work ensuring that the future cybersecurity heroes we need to get the training they need.
Cybersecurity just got personal.
Well, actually, it’s been pretty personal all along! Despite the fact that everyday people don’t think a lot about cybersecurity in their daily lives all that much. However, with technology having been an integral part of our daily lives for quite some time now, it’s past time we all start considering it. We’ve already written up some tips on how anyone can increase their personal cybersecurity here. Now, we also wanted to give some real-life examples of how larger cyberattacks can impact our lives.
Big data breaches are more common than ever today. But it can be hard to really understand the person-to-person impact when all we see are flashy headlines. That’s why we wanted to go a little deeper. Here are five examples of cyber attacks to help contextualize the value of cybersecurity in our everyday lives.
Baltimore Public Schools Attack
Date: November 2020
Impact: 115,000 students
Source
In terms of numbers, this particular attack may not have made waves like some of the ones we’ll discuss below. What’s so shocking about this example is how directly it impacted families across the Baltimore area. Experts first detected the ransomware attack on November 24th, and it ultimately led to all schools closing for three days. Furthermore, students and faculty were unable to use any Windows-based devices. (Most students were still able to access school-linked Google accounts through their Chromebooks, however.)
Experts believe that the increase in remote learning is linked to an increase in attacks like this. With everything online, the ability to access documents, secure data, and other digital tools is more important than ever. Therefore, ransomware attacks like this all the more impactful.
Three days without school may not sound like the worst thing in the world, but it is a salient example of how important cybersecurity will continue to be in our lives.
Adult Friend Finder
Date: October 2016
Impact: 412.2 million accounts
Source
If you’re not familiar with this company, you may not understand why this particular data breach was quite so sensitive. The Friend Finder Network encompasses various adult sites including Adult Friend Finder, Cans.com, iCams.com, Penthouse.com, and Stripshow.com. This particular breach of the network resulted in 20 years worth of stolen data across six databases. The information shared included names, email addresses, and some passwords.
This data breach is particularly interesting due to the content of the websites in question. No matter what platform is breached, losing one password can have a ripple effect across a number of other accounts. If, like many people, someone is using all the same password for multiple sites. (Note to self: don’t use the same password for your bank account as you do for adult services.)
Additionally, the sensitive nature of the Friend Finder Network left millions of people at risk of being blackmailed or exploited. However you want to spend your time on the internet, don’t forget that this could happen to you! Without the right precuations, that is. Thankfully, we have some tips to help you out with that.
SolarWinds
Date: December 2020
Impact: Ongoing
Source
You may not recognize the company Solar Winds, but you will definitely recognize the organizations this breach impacted: the US federal government and a number of Fortune 500 companies. This breach is one of the most significant and recent cyberattacks in the US and has been formally linked to Russia.
The full scope of this breach is still unknown. However, the Cybersecurity and Infrastructure Security Agency (CISA) has called it a “grave risk” to both the government and private sector. Although President Trump underplayed the seriousness of this ongoing breach, Senator Romney called this lack of response “extraordinary” and went on to say that, “[The attackers] had the capacity to show that our defense is extraordinarily inadequate; that our cyber warfare readiness is extraordinarily weak.”
Although the ramifications of this event are still unfolding, it is without a doubt one of the most significant cyberattacks in recent history given its high-security nature.
Yahoo
Date: 2013/2014
Impact: 3 billion user accounts
Source
This is, quite literally, the largest data breach in history. The breach took place in 2014 but Yahoo only publicly announced it in November 2016. According to Yahoo, the attackers were “state-sponsored actors” and they compromised names, email addresses, birth dates, and phone numbers of half a billion users.
Only a month after they disclosed this initial breach, Yahoo shared that in 2013 a different attacker had compromised that same information in addition to user’s security question answers from 1 billion accounts. In October of 2017, Yahoo came forward estimating that the true scope of the attack actually included 3 billion user accounts.
This breach literally affected billions of users, but another interesting point to make here is an economic one. At the time of these disclosures, Verizon was in the midst of acquiring Yahoo; these issues reportedly lowered the acquisition price by $350 million. (Good for Verizon, not so good for Yahoo.) That may not be so “close to home” but it is absolutely shocking.
First American Financial Corp.
Date: May 2019
Impact: 885 Million
Source
The First American Financial breach, though not quite as large as some of the above, is particularly disturbing due to the data itself. The digitized records included bank account numbers, tax records, and even Social Security numbers. This event is a sobering reminder that cybersecurity is a crucial factor in protecting our data as private citizens. All it took was a simple “design defect” to cause the breach. Though the company immediately blocked external data access, its impact was still staggering.
All of these cyber attacks are examples of how deeply intertwined cybersecurity really is in our everyday lives whether it be as citizens, students, or “friend finders.”
As rapid technological expansion has continued to make our big world a smaller, more interconnected place, cybersecurity has become an increasingly important concern for everyone. Cybersecurity is a booming industry with millions of people across the globe working to make the world safer. That said, while businesses are on red alert when it comes to fending off cyberattacks, most average people don’t spend a lot of time thinking about their own cybersecurity risk as individuals.
So let’s think about it. How many times a day do you use an electronic device that’s connected to the internet? (If you’re reading this right now, that’s at least once.) For most people, we interact with the internet through our phones, laptops, tablets, TVs, even our cars! Each of those devices is another opening for a cyberattack. Now take it a step further. When you’re using your phone or laptop, how often do you have to input sensitive information? And by sensitive information, we don’t just mean your big family secret… We mean passwords, credit card information, and even personal information like your mom’s maiden name or your first elementary school. Yes, that information could potentially be used to break through your security questions. Even when you start to give it just a little bit of thought, things start to add up, right?
Thankfully, for every potential risk factor, there are plenty of security measures that any everyday user can do to counteract that risk. Yes, you don’t need a fancy degree or any professional cybersecurity training to make yourself safer! (But if you are interested in getting some cybersecurity training, then you’ve definitely come to the right place.) Here are ten things everyday users can do to make their digital life a little more secure.
1. Know what to look for
For digital natives like Gen Z kids and millennials, recognizing scammers can be somewhat second nature. However, as cybercriminals get more and more advanced, it’s important to stay wary of what red flags to keep your eyes peeled for. Some phishing attempts these days may look like they’re coming from reputable companies—they may even use the same logo, similar design styles, or a legitimate-looking email address—but pay attention to the details that may give them away. Has this company used this email to contact you before? Are they asking for your password? (Most companies would never.)
If you’re still unsure of something’s legitimacy, it never hurts to give it a quick google! Look up the email, phone number, or other identifying information of the potential scam and see if anyone else has experienced something similar.
2. Think before you click—every time
Have you ever gotten an oddly out-of-character Facebook message from your third cousin twice removed, said to yourself “Well, that’s weird,” ignored it, and then moved on? If that’s the case, then consider yourself lucky.
Messages like that, phishing emails, scam text messages are all tools that cybercriminals use to try and trick everyday people into clicking an infected link, releasing some personal information, or some other trick geared towards accessing your data or money. If you get an email from an insecure source, a weird message on Facebook, or any other type of message that seems fishy, chances are it probably is. Before you give out any of your information or click any sort of link, take the extra minute to make sure what you’re about to do is really trustworthy.
3. Use multi-factor authentication
Yes, that extra step you always skip when you sign in to your email? Turns out that it actually makes a big difference! (Yes, we already knew that but hopefully, you do now, too!) Having that extra step of security can be just enough to keep a potential cyberattack from affecting you.
Imagine if someone somehow gets access to your Facebook login and is about to start messaging all of your friend’s fraudulent messages or potentially gaining access to your credit card information through Facebook Pay. Without multi-factor verification, you’d be none the wiser until you’re locked out of your account or another friend tells you. With multi-factor verification (most commonly set up using a mobile number but occasionally has other stopgaps) you’d be notified of the unusual login activity and immediately able to take steps to protect your account.
4. Don’t connect to unsecured networks
You’d think that more people would follow this advice, given that these networks are literally labeled “unsecured,” but as discussed most people aren’t thinking about their cybersecurity risk day-to-day. Joining an unsecured network can open you up to a number of cyberattacks, so it’s always best practice to stick with private networks (i.e. your wifi at home) whenever you can but especially when you’re deadline with sensitive information.
5. Keep your software up-to-date
It may seem like software updates are happening all the time, so how important is it really to keep things up-to-date when it seems like nothing really changes? Well, it’s really important! Although the OS may stay the same, what’s happening underneath definitely won’t. Software updates can include vital security updates that will help protect you from cyber-attacks. So when you get that little reminder, don’t just save it for later next time! You never know what you could be protecting yourself from.
6. Vary Your Passwords
There are a ton of different things you can do to help protect your accounts and varying your passwords is a super simple step to start with. We know it’s tempting to just use the same password for everything, but it’s simply too unsafe. Using the same passwords means that as soon as one of your accounts is breached all of your other accounts are vulnerable, too. Start by using a random password generator to make sure that none of your passwords are words, phrases, or combinations that could be easily guessed based on public information.
Additionally, you should change your passwords regularly (roughly every 90 days) to lessen the chance that any old data may come back to haunt you. If this is starting to seem overwhelming, don’t worry too much, you can always use a password manager to help you keep all this together.
7. Consider all of your devices
Don’t just install some anti-virus software on your computer and call it a day! Particularly when it comes to mobile devices, it’s important to ensure that any devices you connect with are secure and that you keep in mind all of the above principles whether you’re on a tablet, a desktop, or anything in between. If you aren’t safe on all of your devices, then you’re not safe on any of them.
8. Don’t save your payment information
Better safe than sorry. As with all data, the less potential attackers have access to, the better! Saving your payment information greatly increases your risk if any of your devices get compromised. In that case, the attacker could have immediate access to your bank account or credit cards. It may seem annoying to put your card information for every single purchase, but it’s a lot better than potentially getting stolen from! (Plus, for any online shoppers, this may even help curb your purchasing habits!)
9. Be aware of your digital footprint
How many accounts do you have floating around out there that you’ve never used twice? It’s important to keep in mind what sites you’re a part of. (Especially if you’re someone who is continually reusing the same password.) Data breaches happen every single day, and they’re often not discovered until months after the fact. Keeping your digital footprint small and being wholly aware of it can mitigate your risk factor significantly.
10. Recognize that cybersecurity attacks can happen to anyone
This is the most important step of all. Whether you take these steps to protect yourself or not, awareness alone is a crucial part of increasing cybersecurity. That awareness may make the split-second difference between you clicking an infected link and staying safe.
Cybersecurity is one of the fastest-growing industries in the world, but it’s also one that changes the quickest. Technology is expanding and evolving at a rapid pace, one that even some of the top cybersecurity firms in the country are still struggling to keep pace with.
We all have the opportunity to make our world a little safe, whether it’s just by shoring up our own personal security or by working towards a career in cybersecurity to help others. That’s why it’s more important than ever to stay up-to-date on what’s going on in the cybersecurity world!
- There is a new cyberattack committed every 39 seconds. (TechJury)
- Human error causes 95% of cybersecurity breaches. (Chief Executive)
- Over 93% of healthcare systems have had their data breached in the last 3 years alone. (Herjavec Group)
- There are approximately 38.4 passwords per person in the world, that’s about 300 billion passwords total. (Cybersecurity Ventures)
- In the first 3 months of 2020 there was a 273% increase of exposed records from the previous year. In that time frame alone approximately 8.4 billion records were exposed. (Security Magazine)
- At least 16 billion records, including credit card numbers, home addresses, phone numbers and other highly sensitive information have been exposed through data breaches since 2019. (Selfkey)
- By 2021, the total cost of global cybercrime will reach $6 trillion. (Cybersecurity Ventures)
- Identity theft costs Americans roughly $15 billion and impacts over 60 million Americans every year. (Life Lock)
- It takes an average of 206 days for companies to identify a breach once it’s already happened. (IBM)
- Data breaches cost an average of $3.92 million in 2019. (Security Intelligence)
- The cybersecurity industry has an unemployment rate is 0%. (CSO Online)
- 30,000 websites are hacked every day across the globe. (Tech Jury)
- Human reasoning and skills are the best defense against phishing attacks. (Comparitech)
- 300,000 new pieces of malware are made every day. (WebARX)
- 64% of all companies have experienced a cyber attack in some form. (Tech Jury)
- Financial gain is the motivation for 86% of data breaches. (Digital Guardian
- On average, each person uses about 191 services that require passwords or other security credentials. (Digital Shadows)
- More than 77% of organizations do not have a plan in place to respond to cyber attacks. (Informational Management)
- The average ransomware payment has increased by 33% up to $111,605 per attack. (Bank Info Security)
- 52% of security breaches were due to hacking, 32-33% due to psychological manipulation or phishing, and 28% were caused by malware. (Verizon)
- Annual security spending doubled between 2012 and 2018. (Gartner)
As technology continues to play a vital role in all of our lives, it’s important to understand what’s happening in the cybersecurity world that may impact both individuals and businesses. Cybersecurity is an industry that’s always growing and evolving, but the experts at the C6A team are hard at work keeping informed to make sure our curriculum is one of the most cutting edge programs available to help protect the world from cybercrime.
When it comes to making the world a safer place, there’s nothing more powerful than knowledge!
- 1
- 2
