Over the last two decades, organizations have doubled down on cybersecurity investments and it’s no wonder why: From costly data breaches to paralyzing malicious attacks, businesses are racing to keep pace with the evolving complexity and sophistication of cyber threats.
“With every wave of new technology, there’s a new wave of possibilities for adversity,” says Guevara Noubir, director of Northeastern University’s cybersecurity graduate program. “The scale and sophistication of the cyber attacks we see today are increasing and will only continue to increase.”
Below are four emerging trends in the cybersecurity field to be aware of.
4 Emerging Trends in Cybersecurity
1. New Technologies and Devices
The reasons for the rise in cyberattacks—and the focus on protecting against them—is multifold, Noubir says. One factor is the increase in new technologies and new devices. By 2027, Business Insider predicts that more than 41 billion Internet of Things (IoT) devices will be online and connected. The IoT industry has become a prime target for cybercriminals and has sent device makers scrambling to protect their smart plugs, wearable fitness devices, and baby monitors from attacks.
2. Increasing Ransomware Attacks
Monetization is another key factor contributing to the rise in cyber attacks. In the past, Noubir says, it was difficult for cybercriminals to profit from attacks, but that has since changed. Now, cybercriminals have increasingly turned to ransomware attacks, or those in which attackers gain access to and encrypt a victim’s data and demand a ransom.
“Cryptocurrencies and the emergence of ransomware have made it easier for someone to commit a crime and get away with it because they can get paid in untraceable ways,” he says. “There’s also [the anonymous communication software] Tor, which makes it easier to anonymize threats.”
This trend has motivated attackers to commit cybercrimes in pursuit of monetary gain while simultaneously making it more difficult to track and identify these criminals. As a result, the need for skilled cybersecurity professionals who can implement strategies to prevent these attacks continues to rise.
3. Attacks on Cloud Services
In recent years, many businesses have adopted cloud-based computing services that enable users to access software applications, data storage, and other services via an internet connection rather than relying on physical infrastructure. Embracing this technology comes with many benefits such as reduced operational costs and increased efficiency.
Although opting for such systems can be highly beneficial to organizations, they have also become the target of cyberthreats. If these systems are not properly configured or maintained, attackers are more likely to be able to exploit vulnerabilities in the systems’ security and gain access to sensitive information.
4. Outdated and Inefficient Systems
Finally, Noubir notes that businesses increase the risk of an attack or breach by connecting legacy systems. When IT implements patchwork solutions to resolve operational issues, security vulnerabilities can be created inadvertently.
As cyberattacks are becoming increasingly sophisticated alongside rapidly changing technologies, these outdated and inefficient systems become easy targets.
This rapid evolution of cybersecurity threats means professionals in the field—and those eager to join them—need to be up-to-date on the latest skills, strategies, and job opportunities in order to remain competitive.
Download Our Free Guide to Advancing Your Career in Cybersecurity
Learn How to Meet the Growing Demand for Skilled Cybersecurity Professionals.
Essential Skills for Today’s Cybersecurity Professional
Protecting an organization’s information assets and IT systems from internal and external threats is no easy feat. Cybersecurity professionals must know how to plan and implement security strategies to reduce risk and enhance protection; understand legal and ethical issues associated with information security, privacy, and digital rights; and have core knowledge surrounding computer system security and network practices.
A solid foundation of technical skills and contextual understanding of threats are particularly necessary because attacks that cybersecurity professionals encounter today are the result of exploited systems that were designed years ago, Noubir says.
“That means cybercriminals will be exploiting systems tomorrow that we’re designing today—it might be something very subtle, but someone with a strong foundation will be able to understand the potential of this emerging attack and guide a team to mitigation,” he says. “Without this foundation, you might be able to survive on a daily basis, but there’s no guarantee that you’ll be able to respond to an incident.”
It’s also necessary for professionals to have applicable experience; it’s one thing to read about protecting vulnerabilities and responding to security incidents, but it’s another to have hands-on experience dealing with these scenarios, Noubir says. Northeastern’s Master’s in Cybersecurity program is focused on providing students with these critical, hands-on learning opportunities, which sets it apart from other programs across the country, he says.
“If an attack is possible or if a defense is possible, you should have experience practicing with the tools that will address them,” Noubir says. “You need this practice to understand what tools you need to design and evaluate secure systems.”
Beyond a strong foundation and applicable experience, cybersecurity professionals must also have excellent analytical and communication skills, Noubir adds.
“If you think about other fields, you might excel just by observing what someone does and replicating their actions. In cybersecurity, that’s not the case,” he says. “You might have a human adversary who adjusts [his or her] strategy to achieve something malicious, or even a robotic adversary in the future. You need to have strong analytical skills to model and reason what the adversary would do, think about a set of possibilities, and how they might operate and adjust.”
Communication skills are extremely important, too. If, for example, you needed to develop a policy about managing passwords, you need to understand the best way to communicate these policies, why they’re in place, and why they’re important, Noubir says.
A Bright Future for Cybersecurity Jobs
Because cybersecurity is such an in-demand field, professionals choosing this career path have a bright future.
According to the Bureau of Labor Statistics, the cybersecurity industry is expected to grow by 31 percent between 2019 and 2029 compared to the four percent growth rate across all industries. Moreover, according to some estimates, the global cybersecurity workforce will have more than 3.5 million unfilled positions by 2021.
One reason for this talent shortage is organizational neglect from years ago, Noubir says.
“For many years, companies underestimated the potential of cyber attacks. If you’re trying to design secure systems and defend against attacks but you’re not experiencing any attacks, it sounds like cybersecurity is overhead for the company,” he says. “Because of that there was a buildup of vulnerabilities in the system, and now we’re trying to catch up—but there aren’t enough people.”
The demand for these skilled, experienced professionals means a high earning potential, Noubir says. According to BLS, the median pay for an information security analyst is approximately $99,730 per year. Other job titles, such as security directors, information systems security engineers, and chief information security officers, can command more than $200,000, according to staffing data.
As organizations continue to value cybersecurity, and as adversaries continue to challenge the systems and security measures in place to protect them, the cybersecurity industry will continue to need skilled professionals.
“Cybersecurity is an interesting field because it’s challenging. It’s like a game trying to outsmart your adversary,” Noubir says. “Add to that very good compensation, and you have a career that’s fun, intellectually challenging, and financially rewarding.”
Editor’s note: This article was originally published in November 2018. It has since been updated for accuracy and recency.