Over the last two decades, organizations have doubled down on cybersecurity investments and it’s no wonder why: From costly data breaches to paralyzing malicious attacks, businesses are racing to keep pace with the evolving complexity and sophistication of cyber threats.
“With every wave of new technology, there’s a new wave of possibilities for adversity,” says Guevara Noubir, director of Northeastern University’s cybersecurity graduate program. “The scale and sophistication of the cyber attacks we see today are increasing and will only continue to increase.”
In addition to new technology, organizations also face new cybersecurity challenges in the face of the COVID-19 pandemic. According to Cisco’s Future of Secure Remote Work Report, 61 percent of survey respondents reported that their organizations experienced an increase in cyber threats of more than 25 percent since the beginning of the pandemic in March 2020.
To prepare for new cybersecurity threats and stay one step ahead, below are seven emerging trends in the cybersecurity field to be aware of.
7 Important Cybersecurity Trends
1. New Technologies and Devices
The reasons for the rise in cyberattacks—and the focus on protecting against them—is multifold, Noubir says. One factor is the increase in new technologies and new devices. By 2027, Business Insider predicts that more than 41 billion Internet of Things (IoT) devices will be online and connected. The IoT industry has become a prime target for cybercriminals and has sent device makers scrambling to protect their smart plugs, wearable fitness devices, and baby monitors from attacks.
2. Increasing Ransomware Attacks
Monetization is another key factor contributing to the rise in cyber attacks. In the past, Noubir says, it was difficult for cybercriminals to profit from attacks, but that has since changed. Now, cybercriminals have increasingly turned to ransomware attacks, or those in which attackers gain access to and encrypt a victim’s data and demand a ransom.
“Cryptocurrencies and the emergence of ransomware have made it easier for someone to commit a crime and get away with it because they can get paid in untraceable ways,” he says. “There’s also [the anonymous communication software] Tor, which makes it easier to anonymize threats.”
This trend has motivated attackers to commit cybercrimes in pursuit of monetary gain while simultaneously making it more difficult to track and identify these criminals. As a result, the need for skilled cybersecurity professionals who can implement strategies to prevent these attacks continues to rise.
3. Attacks on Cloud Services
In recent years, many businesses have adopted cloud-based computing services that enable users to access software applications, data storage, and other services via an internet connection rather than relying on physical infrastructure. Embracing this technology comes with many benefits such as reduced operational costs and increased efficiency.
Although opting for such systems can be highly beneficial to organizations, they have also become the target of cyberthreats. If these systems are not properly configured or maintained, attackers are more likely to be able to exploit vulnerabilities in the systems’ security and gain access to sensitive information. This is particularly important, seeing that many of today’s organizations rely on cloud services as employees work remotely.
4. Outdated and Inefficient Systems
Finally, Noubir notes that businesses increase the risk of an attack or breach by connecting legacy systems. When IT implements patchwork solutions to resolve operational issues, security vulnerabilities can be created inadvertently.
As cyberattacks are becoming increasingly sophisticated alongside rapidly changing technologies, these outdated and inefficient systems become easy targets.
This rapid evolution of cybersecurity threats means professionals in the field—and those eager to join them—need to be up-to-date on the latest skills, strategies, and job opportunities in order to remain competitive.
Download Our Free Guide to Advancing Your Cybersecurity Career
Learn how to meet the growing demand for skilled cybersecurity professionals.
5. Remote Work Risks
The COVID-19 pandemic has led to a massive increase in remote workers worldwide, and remote work is here to stay. According to an Upwork report, just over 36 million Americans will be working remotely by 2025, which is an 87 percent increase compared to pre-pandemic levels. Unfortunately, this contributes to an increased risk of cyberthreats for many organizations.
In the age of remote work, cybercriminals are taking advantage of misconfigured cloud security measures and insecure home devices and networks. Remote workers are also often the target of phishing attempts by email, voice, text, and third-party applications.
Because of these threats, there is an increasing demand for cybersecurity professionals who can successfully mitigate the risks associated with remote work for organizations.
6. Continued Use of Multi-Factor Authentication
Many companies have combined the use of passwords with multi-factor authentication (MFA) as an additional layer of protection against data breaches and other cyberattacks.
With multi-factor authentication, users need to use two or more devices to confirm their identities. For example, an employee attempting to log into their company’s file share service on their laptop enters their username and password using their laptop. They then receive a text message to the phone on record (or open an authentication app on their phone) that delivers a code. To finish logging in, they will need to enter this code.
While MFA is a highly effective way to secure accounts and prevent attacks, cybercriminals might be able to bypass certain types of authentication. In late 2020, Microsoft’s Director of Identity Security, Alex Weinert, urged users to move away from SMS and voice multi-factor authentication and rely on app-based authenticators instead. Weinert explained that SMS and voice MFA are not encrypted, therefore vulnerable to attacks. Google Authenticator is one popular option, as are Okta, Microsoft Authenticator, Twilio Authy, OneSpan Authenticator, and more.
7. Increased Interest in Data Privacy
There have been increasing concerns about data privacy in the world of cybersecurity, both in the context of consumer and company information. There are various federal, state-level, and international data privacy laws that today’s organizations need to comply with, and consumers are also becoming more concerned with how their data is being used.
Data breaches and cyberattacks expose sensitive personal information and put consumers and companies at risk. Today’s organizations need to consider things like data encryption, password protection, and network security to strengthen their data privacy. It’s also important that businesses have a team of highly skilled cybersecurity professionals working to secure their data and protect against potentially devastating data breaches.
Essential Cybersecurity Skills for Today’s Professionals
Protecting an organization’s information assets and IT systems from internal and external threats is no easy feat. Today’s cybersecurity professionals need to possess important cybersecurity skills, the necessary education, and experience in the field.
Some skills that cybersecurity professionals are expected to have include:
- Technical skills and knowledge of key cybersecurity terms and concepts
- An analytical mindset
- Soft skills like communication and management
Cybersecurity professionals must know how to plan and implement security strategies to reduce risk and enhance protection; understand legal and ethical issues associated with information security, privacy, and digital rights; and have core knowledge surrounding computer system security and network practices.
A solid foundation of technical skills and contextual understanding of threats is particularly necessary because attacks that cybersecurity professionals encounter today are the result of exploited systems that were designed years ago, Noubir says.
“That means cybercriminals will be exploiting systems tomorrow that we’re designing today—it might be something very subtle, but someone with a strong foundation will be able to understand the potential of this emerging attack and guide a team to mitigation,” he says. “Without this foundation, you might be able to survive on a daily basis, but there’s no guarantee that you’ll be able to respond to an incident.”
It’s also necessary for professionals to have applicable experience; it’s one thing to read about protecting vulnerabilities and responding to security incidents, but it’s another to have hands-on experience dealing with these scenarios, Noubir says. Northeastern’s Master’s in Cybersecurity program is focused on providing students with these critical, hands-on learning opportunities, which sets it apart from other programs across the country, he says.
“If an attack is possible or if a defense is possible, you should have experience practicing with the tools that will address them,” Noubir says. “You need this practice to understand what tools you need to design and evaluate secure systems.”
Beyond a strong foundation and applicable experience, cybersecurity professionals must also have excellent analytical and communication skills, Noubir adds.
“If you think about other fields, you might excel just by observing what someone does and replicating their actions. In cybersecurity, that’s not the case,” he says. “You might have a human adversary who adjusts [his or her] strategy to achieve something malicious, or even a robotic adversary in the future. You need to have strong analytical skills to model and reason what the adversary would do, think about a set of possibilities, and how they might operate and adjust.”
Communication skills are extremely important, too. If, for example, you needed to develop a policy about managing passwords, you need to understand the best way to communicate these policies, why they’re in place, and why they’re important, Noubir says.
A Bright Future for Cybersecurity Jobs
Because cybersecurity is such an in-demand field, professionals choosing this career path have a bright future.
According to the Bureau of Labor Statistics, the cybersecurity industry is expected to grow by 31 percent between 2019 and 2029 compared to the four percent growth rate across all industries. Moreover, according to some estimates, the global cybersecurity workforce will have more than 3.5 million unfilled positions by 2021.
One reason for this talent shortage is organizational neglect from years ago, Noubir says.
“For many years, companies underestimated the potential of cyberattacks. If you’re trying to design secure systems and defend against attacks but you’re not experiencing any attacks, it sounds like cybersecurity is overhead for the company,” he says. “Because of that there was a buildup of vulnerabilities in the system, and now we’re trying to catch up—but there aren’t enough people.”
The demand for these skilled, experienced professionals means a high earning potential, Noubir says. According to BLS, the median pay for an information security analyst is approximately $103,590 per year. Other job titles, such as security directors, information systems security engineers, and chief information security officers, can command more than $200,000, according to staffing data.
As organizations continue to value cybersecurity, and as adversaries continue to challenge the systems and security measures in place to protect them, the cybersecurity industry will continue to need skilled professionals.
“Cybersecurity is an interesting field because it’s challenging. It’s like a game trying to outsmart your adversary,” Noubir says. “Add to that very good compensation, and you have a career that’s fun, intellectually challenging, and financially rewarding.”
Editor’s note: This article was originally published in November 2018. It has since been updated for recency.